Event Viewer shows tons of "errors" anyway, that's normal. As you suspected, whoever you were talking to was trying to scam you.
The screenshot you posted is very low resolution but it looks like it's just a dodgy website tricking you into thinking somethings wrong when it isn't (the pop-up is just a browser pop-up not a real Windows error message). It's hard to tell if you accidentally clicked on a link to a compromised website or dodgy ad banner or if there's really something wrong with your machine (eg something that's redirecting your browser to that dodgy site).
posted by EndsOfInvention at 6:38 AM on June 8, 2016

Assume you have whatever malware/virus scanner that Windows comes with (not sure what it's called on Win10) - update that and run a full scan.
posted by EndsOfInvention at 6:39 AM on June 8, 2016

Check my profile for the link to my site with the instructions of things to do. I'd run a MalwareBytes scan, and a follow up with Hitman Pro.
posted by deezil at 6:42 AM on June 8, 2016 [16 favorites]

How did you get from the screenshot you posted to communicating with the scammer on LogMeIn? Did you call the phone number and install LogMeIn at their request? Was LogMeIn installed without your permission?
posted by Busy Old Fool at 7:59 AM on June 8, 2016 [2 favorites]

The way this scam works is that a pop-up appears in your browser that pretends to be an error from Windows, complete with links to follow to 'solve' the problem. If you follow the links and talk to an operative they get you to look at the windows logs on your computer in order to convince you that your computer has a problem (which it doesn’t, but the windows logs are always full of benign errors, so it’s easy to convince people that theses errors are serious ones if they’re not already alert to this scam). Then they ask you to install some kind of desktop sharing application (logmein is a favourite, but there are others) so they can 'fix' the problem.

The benign ones will take your money, wipe the logs & tell you to have a nice day. These guys are scummy, but not actually doing anything illegal. The not so benign ones will leave you with a bunch of malware on your computer that might snoop your banking passwords and logins ad empty your bank accounts sometime in the future if you do any online banking. Or else perhaps use your computer as a means to send spam emails until your ISP cuts you off.

Did you install logmein & give this bunch of no-gooders access to your computer?
posted by pharm at 8:34 AM on June 8, 2016 [1 favorite]

Scam scam scam scam scam scam scam. Good for you for not giving them any money. No further interactions. Delete Logmein (if you need it for something else later you can always reinstall).

Assuming you're in the U.S., please file a report with the FTC and your state attorney general. It usually comes to nothing, but occasionally they go after one.
posted by praemunire at 8:42 AM on June 8, 2016 [2 favorites]

A Microsoft Windows BSOD ("Blue Screen of Death") would never actually title itself 'BSOD'. It also wouldn't appear inside a browser window.
posted by JoeZydeco at 8:46 AM on June 8, 2016 [4 favorites]

This is definitely a thing - it's what we in the business call "scareware". (I work for a company who helps sites discover this sort of crap coming from their advertising base, and helps advertisers filter it out of their ads.) Others have a done an excellent job of explaining it.

It's doubtful that it left any long-term badness on your PC, there are some varieties of this that drop pieces of a larger exploit kit than can infect your PC with a rootkit, but if you've run malwarebytes and/or ccleaner and nothing was detected this -probably- wasn't one of them. Those sort of things tend to be a little more stealthy than the scareware stuff.

I find that running an adblocker (I like uBlock Plus) tends to prevent most of this stuff from ever getting to you, because bad ads tend to be the vector for this stuff. I -am- a little curious that you say wikipedia was what you had open, since wikipedia doesn't have ads. If you feel like discussing this more hit me up in memail.
posted by jferg at 9:31 AM on June 8, 2016

Whilst the attack itself is simple web-based scareware and not evidence of infection there are two remaining questions:

- How did you install LogMeIn? Are you sure it was from the official vendor and not an attacker-supplied address? If the LogMeIn download was dodgy or, after logging in, the attacker had any opportunity to run anything or execute any command without you watching closely, you should consider the machine compromised.

- How were you seeing adverts on Wikipedia in the first place? Wiki doesn't run ads, so either you were browsing something else that had a malvertisement on it, or this is a red flag that you were already infected to begin with. Unless you've definitively identified and removed the malware responsible, you should consider the machine compromised.

The only really reliable approach to a compromised machine is to reinstall the OS. AV hasn't been a reliable way to remove malware (or evem detect it, really) for a long time now. :-(
posted by BobInce at 4:56 AM on June 9, 2016 [1 favorite]

Please read the above advice carefully again.!


- How were you seeing adverts on Wikipedia in the first place? Wiki doesn't run ads, so either you were browsing something else that had a malvertisement on it, or this is a red flag that you were already infected to begin with. Unless you've definitively identified and removed the malware responsible, you should consider the machine compromised.
posted by lalochezia at 7:10 AM on June 9, 2016

This thread is closed to new comments.