So I had this weird page show up on my computer with badges and and police info stating illegal activity on my computer (if arguing with fellow gamers is a crime then I suppose accurate). I scrolled down the page and I think it had some super neon green text about paying a fine of $300 dollars via a MoneyPack card to unlock my computer. When this site popped up, avast chimed in and told me it blocked something. Well my computer wasn’t locked and is working completely fine and I had simply closed out of the site without incident. What happened?
Under the “Last pop-up message” tab in Avast it has this as the URL: insert the http nonsense here…alert.secutity3-80000193.com/LEND/US/close.ph…
And below it is says Infection: JS:Ransomware-C [Trj]
So to reiterate, what just happened? Should I be worried?
Sorry about that, didn’t realize it would create an actual link. Besides I re-visted the link in the site and it just says that the site is temporarily down and to try again later.
I have no idea what please attach logs and that link are supposed to mean.
My initial estimate is that Avast blocked it and you are safe, obviously the site was hacked. For peace of mind I can check your system using the logs at Eddy’s link
OTL is a log that will show your system files/drivers/services/web data and other registry entries that could be malicious. As I say if Avast blocked it then your a probably safe
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs
It was indeed a ransomware website.
Luckily for you avast blocked it.
But do attach the requested logs.
Let’s make sure everything is ok on your system.
It is still doing whatever it is that it is doing, half of the stuff I copy pasted disappeared after it created a system restore point? and it unchecked the box for Scan All Users…is that what it is supposed to do?
Alright, it just finished. Attach the 2 notepad files to the next post?
Practice makes them easy and fast to read. Logs are clear, there are none of the usual markers. If you are happy with the way it is running. Then I will remove the OTL programme, delfix self deletes
I am happy indeed, also very relieved. Thanks. The whole arbitrary FBI warning thing was a bit random and unpleasant, didn’t seem very legit to me. Now I just wish I had taken a picture of the site with my phone or something.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe File not found
O4 - HKCU..\Run: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.exe" -autostart File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1168638.exe" -Update File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
Well I appreciate it. I assume that the purpose of that website and malware thing was to lock my computer up but Avast stopped it before it could do it.
That was the intention as a download was initiated at the same time (avast blocked that bit) The orphan entries on the system are of no real import Eddy and will not affect the systems running in any way