Debony123 Posted October 1, 2016 ID:1064881 Share Posted October 1, 2016 I am not a computer geek so please bare with me. I have anti malwarebytes and ransomware installed. This computer is only about 2 years old and has had the above since day 1. Lately I have had a very strange thing happen. I was on "wheel of fortune" TV game site. On their pages there was a message saying I had "1 new message". I figured it was from Wheel (maybe saying I had won something) so I clicked on it. It took me to a totally different page with a recording saying my computer was infected with a virus and I needed to call them or they would shut my computer down so as to not infect the network. The only way out of that page (and I did not call them) was to shut my computer down (pulled the plug) and reboot. Then all was o.k. This has happened twice in the last week and I am certain it was due to some message saying "1 new message" on a legitimate site I was visiting(that I clicked on to get the message) Could this be a virus in my computer or just the threat trying to get into it? I have seen where anti malwarebytes has detected something on several occasions lately. Is this how Odin or one of the other viruses work? If you answer to this please advise where to report such a thing as has happened to me lately and what do I send them other than my story to investigate. Thanks. Debony123 Link to post Share on other sites More sharing options...
Aura Posted October 1, 2016 ID:1064893 Share Posted October 1, 2016 Hi @Debony123 These messages are simply ads that impersonates a message. They aren't real and are meant as "bait" to make you click on them. As a result, you were redirecting to a fake error message prompting you to call technical support which would end up scamming you by selling you support you don't need because you weren't infected in the first place. This is known as malvertising and tech support scam. Locky have a variant which appends .odin to the encrypted files. Locky is a Ransomware and not a tech support scam, so it doesn't work the same way (well it does in a way where Ransomware are also delivered via malvertising as it's a big attack vector). If you believe that you are infected, please start a new thread in the Malware Removal section by following the instructions in the thread below. https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/ Thank you! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 1, 2016 Root Admin ID:1064900 Share Posted October 1, 2016 I've moved the topic @Aura if you wish to continue to help. Thanks Link to post Share on other sites More sharing options...
Aura Posted October 1, 2016 ID:1064904 Share Posted October 1, 2016 Will do Ron, thank you Debony, please follow the instructions in the thread I linked in my previous post, and copy/paste the content of the FRST.txt and Addition.txt logs you'll get from running FRST, and we'll get started! Link to post Share on other sites More sharing options...
Aura Posted October 3, 2016 ID:1065203 Share Posted October 3, 2016 Hi Debony, Are you still with me? Can you follow the instructions in my previous post? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 6, 2016 Root Admin ID:1065612 Share Posted October 6, 2016 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts