Was my computer hacked?
June 8, 2016 6:28 AM   Subscribe

While browsing Wikipedia I got a pop-up message on my screen: "Your IP [address redacted] has been blocked. Error message zk3.com". Then this: http://imgur.com/nHhXNub. Then using Logmein I was communicating to a person who showed me on my event viewer that I had 53,,906 admin errors, and to fix these I needed to pay Secureweb LLV $240.00. I said they were holding me to ransom and closed the session.

Computer is a newish Asus All-in-One, running Windows 10 and Chrome browser. I have run free Malwarebytes and Ccleaner and found no errors and seems to be running normally. Event Viewer still shows many warnings but none critical.
Please tell me how "SecureWeb LLC got into my computer and what I should do to prevent this happening again.
posted by lungtaworld to Computers & Internet (14 answers total) 4 users marked this as a favorite
Event Viewer shows tons of "errors" anyway, that's normal. As you suspected, whoever you were talking to was trying to scam you.
The screenshot you posted is very low resolution but it looks like it's just a dodgy website tricking you into thinking somethings wrong when it isn't (the pop-up is just a browser pop-up not a real Windows error message). It's hard to tell if you accidentally clicked on a link to a compromised website or dodgy ad banner or if there's really something wrong with your machine (eg something that's redirecting your browser to that dodgy site).
posted by EndsOfInvention at 6:38 AM on June 8, 2016

Assume you have whatever malware/virus scanner that Windows comes with (not sure what it's called on Win10) - update that and run a full scan.
posted by EndsOfInvention at 6:39 AM on June 8, 2016

Check my profile for the link to my site with the instructions of things to do. I'd run a MalwareBytes scan, and a follow up with Hitman Pro.
posted by deezil at 6:42 AM on June 8, 2016 [16 favorites]

Mod note: Removed the exact IP address, just to be careful!
posted by taz (staff) at 6:48 AM on June 8, 2016

How did you get from the screenshot you posted to communicating with the scammer on LogMeIn? Did you call the phone number and install LogMeIn at their request? Was LogMeIn installed without your permission?
posted by Busy Old Fool at 7:59 AM on June 8, 2016 [2 favorites]

Best answer: That pop-up message was not from your computer; it was from the webpage, and it was a scam caused by adware which, somehow, you got on your computer.

If you look at this page, you will see that the warning looks identical to what you ran into, right down to the “for your safety, closing the Chrome browser…” sentence.

I presume you called the phone number on that page, which connected you to the scammer. They presumably told you to install LogMeIn, which I’m assuming you did (the program itself is valid, but it’s frequently used by scammers), and they said it would cost you $240 to fix the “errors” they showed you in Event Viewer.

All of this is a scam.

(The Event Viewer program is a program that keeps the logs for your computer. It is okay for it to be there.)

You said you ran Malwarebytes and CCleaner, and that may have removed the adware. I would also try Adware Removal Tool for PC.
posted by WCityMike at 8:31 AM on June 8, 2016 [7 favorites]

The way this scam works is that a pop-up appears in your browser that pretends to be an error from Windows, complete with links to follow to 'solve' the problem. If you follow the links and talk to an operative they get you to look at the windows logs on your computer in order to convince you that your computer has a problem (which it doesn’t, but the windows logs are always full of benign errors, so it’s easy to convince people that theses errors are serious ones if they’re not already alert to this scam). Then they ask you to install some kind of desktop sharing application (logmein is a favourite, but there are others) so they can 'fix' the problem.

The benign ones will take your money, wipe the logs & tell you to have a nice day. These guys are scummy, but not actually doing anything illegal. The not so benign ones will leave you with a bunch of malware on your computer that might snoop your banking passwords and logins ad empty your bank accounts sometime in the future if you do any online banking. Or else perhaps use your computer as a means to send spam emails until your ISP cuts you off.

Did you install logmein & give this bunch of no-gooders access to your computer?
posted by pharm at 8:34 AM on June 8, 2016 [1 favorite]

Scam scam scam scam scam scam scam. Good for you for not giving them any money. No further interactions. Delete Logmein (if you need it for something else later you can always reinstall).

Assuming you're in the U.S., please file a report with the FTC and your state attorney general. It usually comes to nothing, but occasionally they go after one.
posted by praemunire at 8:42 AM on June 8, 2016 [2 favorites]

A Microsoft Windows BSOD ("Blue Screen of Death") would never actually title itself 'BSOD'. It also wouldn't appear inside a browser window.
posted by JoeZydeco at 8:46 AM on June 8, 2016 [4 favorites]

This is definitely a thing - it's what we in the business call "scareware". (I work for a company who helps sites discover this sort of crap coming from their advertising base, and helps advertisers filter it out of their ads.) Others have a done an excellent job of explaining it.

It's doubtful that it left any long-term badness on your PC, there are some varieties of this that drop pieces of a larger exploit kit than can infect your PC with a rootkit, but if you've run malwarebytes and/or ccleaner and nothing was detected this -probably- wasn't one of them. Those sort of things tend to be a little more stealthy than the scareware stuff.

I find that running an adblocker (I like uBlock Plus) tends to prevent most of this stuff from ever getting to you, because bad ads tend to be the vector for this stuff. I -am- a little curious that you say wikipedia was what you had open, since wikipedia doesn't have ads. If you feel like discussing this more hit me up in memail.
posted by jferg at 9:31 AM on June 8, 2016

Response by poster: Very many thanks for all your answers, all good and useful ones. Windows Defender found no threats, I ran Bit Defender from WCity Mike which found no unwanted apps, and Hitman Pro from Deezil which found 2 threats (Google cookies). I guess I am very lucky it was just "scareware" this time. I am about to use uBlock Origin extension on Chrome.
posted by lungtaworld at 2:28 PM on June 8, 2016 [2 favorites]

Whilst the attack itself is simple web-based scareware and not evidence of infection there are two remaining questions:

- How did you install LogMeIn? Are you sure it was from the official vendor and not an attacker-supplied address? If the LogMeIn download was dodgy or, after logging in, the attacker had any opportunity to run anything or execute any command without you watching closely, you should consider the machine compromised.

- How were you seeing adverts on Wikipedia in the first place? Wiki doesn't run ads, so either you were browsing something else that had a malvertisement on it, or this is a red flag that you were already infected to begin with. Unless you've definitively identified and removed the malware responsible, you should consider the machine compromised.

The only really reliable approach to a compromised machine is to reinstall the OS. AV hasn't been a reliable way to remove malware (or evem detect it, really) for a long time now. :-(
posted by BobInce at 4:56 AM on June 9, 2016 [1 favorite]

Please read the above advice carefully again.!

- How were you seeing adverts on Wikipedia in the first place? Wiki doesn't run ads, so either you were browsing something else that had a malvertisement on it, or this is a red flag that you were already infected to begin with. Unless you've definitively identified and removed the malware responsible, you should consider the machine compromised.

posted by lalochezia at 7:10 AM on June 9, 2016

Response by poster: Sorry I wasn't clear: there were no ads on Wikipedia so still do not know how my 'incident' happened.
I've been using Chrome on and off all day and so far so good and keeping my fingers crossed.
posted by lungtaworld at 2:42 PM on June 9, 2016

« Older How to stop my laptop from doing its own thing   |   Encouraging people not to vote Newer »
This thread is closed to new comments.