Odd screen message

Forums › Desktop computing › Odd screen message

Rickles

3107 posts

Uber Geek
+1 received by user: 445

Trusted

#208241 2-Feb-2017 15:39

A colleague recently got the following showing up on his browser. It froze the screen and had to use Task Manager to close the browser (Edge), and then also clear caches to restore the browser to usefulness.

He also tried Chrome, but same result .... appeared when going to Project Free TV web site, which before this was perfectly fine.

Anyone shed light on what is happening please?

I don't think he was game to ring the telephone number.

1 | 2

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#1714531 2-Feb-2017 15:40

Just ring the number. Looks pretty custom.

xpd

Geek of Coastguard
14116 posts

Uber Geek
+1 received by user: 4578

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#1714532 2-Feb-2017 15:41

Has some malware Id say. Check the Internet Options in control panel for any proxy settings.

Download MalwareBytes on a clean PC and put on a USB stick and copy to the PC with issues and run it.

XPD / Gavin

LinkTree

gzt

18682 posts

Uber Geek
+1 received by user: 7821

Lifetime subscriber

#1714534 2-Feb-2017 15:46

No idea. Could be an attempt to steal domain user authentication passwords.

Rickles

3107 posts

Uber Geek
+1 received by user: 445

Trusted

#1714535 2-Feb-2017 15:54

We ran Malware Bytes, then SpyBot, then a full AV scan ... nothing untoward there at all

Hammerer

2480 posts

Uber Geek
+1 received by user: 802

Lifetime subscriber

#1714537 2-Feb-2017 15:59

If it is malware then it is much better than the usual message. For example, the phone number looks like one from a block used for corporates and it is in a New Zealand number.

Calling the number will tend to confirm what it really is.

Rickles

3107 posts

Uber Geek
+1 received by user: 445

Trusted

#1714538 2-Feb-2017 16:07

A brief search with Mr Google indicates that many nefarious scammers are using Amazon's "cloudfront" service to redirect local calls to elsewhere ... anyone in Wellington willing to try the number?

What makes me concerned is that when using Chrome, we got a message along the screen bottom with something like "hard disk will delete in 5 minutes" ... a count-down timer was also shown but didn't move.

Freaky!!

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

Peppery

919 posts

Ultimate Geek
+1 received by user: 188

Trusted

#1714540 2-Feb-2017 16:13

Pretty standard "scare" ads. Seen plenty of them that force themselves full screen to get you to call them. Cloudfront is part of Amazon's AWS services so nothing off there. I would just close and go on with your life!

ubergeeknz

3344 posts

Uber Geek
+1 received by user: 1041

Trusted

Vocus

#1714541 2-Feb-2017 16:15

Check the router and PC DNS settings.

yitz

2239 posts

Uber Geek
+1 received by user: 594

#1714542 2-Feb-2017 16:21

As above it's just one of those nefarious popup ad networks all too common on those sorts of sites.

As long as you haven't accidentally typed in your internet banking user and password you should be fine. Just close the window.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1714620 2-Feb-2017 18:25

I scambaited them...

Fired up a very broken version of Windows 7 Professional that had been totally nuked by a previous scambait and allowed the guy to connect to it. The first thing he did was ran syskey and bought up event viewer and started saying I was infected, ran a fake virus scan etc - just your standard tech support scam from India.

He then quoted me $490 to fix and that is when I dropped the bombshell on this guy and asked why he was scamming people. He did the standard "I am not a scammer I am helping people" and that is when I said this VM has been running for less than 3 hours and it is already destroyed by you scammers. He then swore at me in hindi and ended the call. I called back again and got standard "your mother...." type things.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

gzt

18682 posts

Uber Geek
+1 received by user: 7821

Lifetime subscriber

#1714622 2-Feb-2017 18:31

michaelmurfy:
I scambaited them...

Fired up a very broken version of Windows 7 Professional that had been totally nuked by a previous scambait and allowed the guy to connect to it. The first thing he did was ran syskey and bought up event viewer and started saying I was infected, ran a fake virus scan etc - just your standard tech support scam from India.

He then quoted me $490 to fix and that is when I dropped the bombshell on this guy and asked why he was scamming people. He did the standard "I am not a scammer I am helping people" and that is when I said this VM has been running for less than 3 hours and it is already destroyed by you scammers. He then swore at me in hindi and ended the call. I called back again and got standard "your mother...." type things.

Did you input local credentials into that box and the scammer used them?

Dyson

Shop now for Dyson appliances (affiliate link).

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1714624 2-Feb-2017 18:38

gzt:
Did you input local credentials into that box and the scammer used them?

Nah just acted like I saw the message. I know what this Javascript crap is - it is a template that these companies buy and put their numbers on it. He connected me via the Citrix Quick-support application.

Just tried calling them back off a private number and it appears they've now blocked private numbers which is good since this prevents quite a few people from contacting them. Have reported them too. I did have a screen recording but it appears my computer decided to muck up the audio so just trashed it as people know what kind of scam they're running anyway.