Virus Alert: Real or Rogue?

Bob -
Thanks as always.
Much appreciated.

I have had a few of these. I immediately shut my computer down. then I do a clean on it. and change password. Thanks Bob

I recently had a virus/ransomware (whatever you call it). It was connected to Quickbooks desktop. A message would pop up within a few seconds of opening QB and it said my company file was corrupted and needed to call Intuit support. Then it conveniently listed the phone #. I was stupid and called the # and they wanted 3000.00 to clean up my company files. I have 4 different company files and they would clean all 4 for the 3,000.00. They sent me over a CC permission to charge my card. Every part of my body cried FRAUD so I quickly got off the call and did a little research. After many hours of searching, I finally found one reference to this and how to clean it up. I took the easy way out and went back to a totally clean version of Windows 11. My files all stayed in tack but I had to reinstall ALL the software. It was a pain but everything is OK now. I just wish I knew where it came from to avoid it in the future.

This scam is a variation of an old one I haven't seen in awhile where you would receive a telephone call from "Microsoft" informing you that they had detected a virus on your computer. Of course the helpful tech would remove it for you if only you would set up a Remote Desktop session and provide a credit card # so he could clean it up for you. No need to provide the ugly details of what happens next.

Never ever, ever tap or click a link provided in the scammers message (or call the provided phone #). If you have concerns that your Amazon or Netflix account has been locked because of "suspicious activity", go directly to your Amazon or Netflix account web site where you will quickly see that no such "lock" exists.

One minor correction to Bob's always excellent advice: hitting ctrl-alt-delete in Win10 will take you to a blue screen with a few options. You can then select Task Manager (or shut down your computer) from this screen.

Dave M: It was not ctrl-alt-delete that Bob recommended for accessing the Task Manager, but ctrl-shift-escape. That combination, which I hadn't known about and which I find very handy, does immediately open the Task Manager, much quicker than the method I was previously using.

Every time I have wanted to do a System Restore, all it ever did is waste time, nothing was changed.

Thank you Art F - you are absolutely correct. Before I comment again, I think I shall review my reading skills! And I, too, had never heard of that combination. I learn something every day!

I haven't seen one of those 'virus warning' pop-ups in a very long time. When I did (a decade ago, give or take), I knew enough to not click or do anything it wanted me to do. IIRC, it was a struggle to get my web browser closed, but I managed, then I ran a full system virus scan, and I downloaded Malwarebytes and did another scan, just to be sure. I'm happy to report that I found no threats. The whole thing was a scam.

It taught me a few valuable lessons, though. One is to trust nothing that comes from the Internet unless I can confirm for myself that the source of information is trustworthy and accurate. Over the years I have determined that the information I get here (on the Ask Bob website) is both trustworthy and accurate, although I still pick and choose which morsels I'll use/follow :). Another lesson was to never click any hyperlink (either on webpages or in email messages) without checking that the URLL matches the purported destination (the text on the link's label). If they don't match, I don't click.

As for the URL, the first part is what counts, from the 'https://' to the first single slash '/'. For example, the URL for a link purporting to take me to a page on BestBuy should start with 'https://bestbuy.com/' (note that it says 'bestbuy.com between the double-slash '//' and the first single-slash '/'). Everything that follows will be the path to the destination page on the BestBuy website.

There is another type of hyperlink that may be safe, but I still don't trust it. It's a redirection link. For any of a number of reasons (some are valid), a website will create a page to redirect your browser to the destination (an external website) and create a link to it rather than directly to the external site. The reason I don't trust redirection links is that the URL is too difficult to de-code, and therefore too difficult to validate. If I can't de-code the URL, I won't click it, ever.

The single most important thing I can do to protect myself on the Internet is to remain very skeptical about everything at all times. When my boys were young, my wife and I taught them about 'Stranger Danger'. My mother taught me to not trust strangers when I was little too. That training has served me very well throughout my life (over seven decades), and it has kept me safe from many of the horrors I hear about in the news. Stranger-danger is all about being skeptical of strangers. Everyone on the Internet is a stranger because you cannot know that the person you are interacting with is really the person you think they are, unless you can confirm that fact with something you both know, but that nobody else knows. Everything on the Internet is produced by strangers too, so that is why I don't trust anything on the Internet until I can confirm its trustworthiness for myself. The only way to determine which websites you can trust is by using them over time (as I have done with the Ask Bob website). That is also why I check every hyperlink before clicking. It's created by some stranger. Call me paranoid if you will, but I'd rather be safe than sorry.

My2Cents,

Ernie

When I got one of these I could NOT get to shut down. So I held the start/off button until computer shut down, waited overnight and tried starting up again. When that did not work, took to my local computer repair (I trust them) and had them run total virus scan on the computer. Fixed it. I usually can get computer to shut down and restart (sometimes wait til next morning) and all is fine. Now have Malwarebytes Premium.

The easiest way to shut down that seemingly unstoppable nagging web page, which is just a picture that blocks the entire screen but may have links or phone numbers, is do as Bob says via Task Manager but what seems to be missed is an easy quick way to bring up Task Manager, and that is right click the bottom task bar and the TM selection is looking at you. Geoff W.

Geoff W. THANKS for the taskbar trick to open Task Manager!

Actually, these types of scams seem to still happen a lot. There are entire YouTube channels dedicated to people baiting these scammers and trying to damage their operations.

Some of the famous channels are: Jim Browning, Kitboga (hilarious, very entertaining), Scammer Payback, Trilogy Media, Scambaiter.

I tell my users: Imagine you've just parked your car in a parking lot, and someone comes up to you and says: "I need to borrow your keys." Would you fall for that? A computer message is no more valid than a stranger in a parking lot! Or that stranger says: "I'm from AAA and we've detected a problem with your car. Give me your keys so we can fix it." (A common computer scam.)

I would do a computer install from last backup
I back up my puter pretty often!

Ahmad: Thank you for the links!