Jump to content

Change Mode

Message says Computer Blocked


slomerv
 Share

Recommended Posts

Folks,

 

Several times a day, I'll get a message that says my computer is blocked and i need to call some number.

 

To get rid of the message, I usually have to go to the task manager and kill Chrome, which is the browser I typically use.

 

I have run a few additional PC Pitstop scans but it doesn't find a virus.

 

The address line is:

http://virus-alert-99t9rp.pw/virus.dill/?ip=23.120.8.194&isp=Att%20Internet%20Services&0tfn1=888-453-0920&browser=Chrome

 

Obviously, I use AT&T for internet and I mentioned the Chrome browser.

 

When I get the dialog box to close, it looks like I'm on a Microsoft site.

 

Anyone have any advice? It's annoying.

 

Mark

Link to comment
Share on other sites

let's try to run a couple of scans to see if we can locate where this is coming from

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.

    In order to use AdwCleaner, you have to agree the Eula:

  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click A49sxPr.pngScan.
  • Upon completion, click 6cyn5v5.pngLogfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.pngClean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

 

OR from this location Here

  • After the installation IS complete let it update if it asks.
  • Under SETTINGS.....APPLICATIONS leave everything at default
  • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
  • Then go to the Dashboard and click on SCAN NOW
  • When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD
  • Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
  • Then click on POST
  • Exit Malwarebytes
Link to comment
Share on other sites

OK, ran the malwarebytes and the following log was generated after the re-start:

 

I am sorry to say it means about nothing to me.

But thanks Juliet.

 

# AdwCleaner v6.043 - Logfile created 03/02/2017 at 13:18:08
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-03.1 [server]
# Operating System : Windows 10 Home (X64)
# Username : Mark - EARTHLING
# Running from : C:\Users\Mark\Downloads\adwcleaner_6.043.exe
# Mode: Clean
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTBMon]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahaeginbdcckocjkhbciadcafnep
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahlfahldnilidgnlikdckbfehhca
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahlfahldnilidgnlikdckbfehhca
***** [ Web browsers ] *****
[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: aol.com
[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Deleted: ask.com
[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaahaeginbdcckocjkhbciadcafnep
[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaahlfahldnilidgnlikdckbfehhca
[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: madakpajlmcpaodhfbekojajlhbdklol
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5129 Bytes] - [03/02/2017 13:18:08]
C:\AdwCleaner\AdwCleaner[s0].txt - [8010 Bytes] - [02/02/2017 15:20:50]
C:\AdwCleaner\AdwCleaner[s1].txt - [5289 Bytes] - [02/02/2017 15:28:12]
C:\AdwCleaner\AdwCleaner[s2].txt - [5567 Bytes] - [03/02/2017 13:17:36]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5421 Bytes] ##########
Link to comment
Share on other sites

Here's what I got from the mb3 scan:

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/3/17
Scan Time: 1:36 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1064
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: EARTHLING\Mark
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421006
Time Elapsed: 5 min, 30 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 10
PUP.Optional.Zoomify, HKLM\SOFTWARE\CLASSES\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKLM\SOFTWARE\CLASSES\TYPELIB\{99C1EDDE-1A80-48EA-BD58-CEA4B2DFAC81}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{99C1EDDE-1A80-48EA-BD58-CEA4B2DFAC81}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{99C1EDDE-1A80-48EA-BD58-CEA4B2DFAC81}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKU\S-1-5-21-3314935037-2313578529-2019374610-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{72351B45-9636-4F99-820B-7C552D27897D}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.Zoomify, HKU\S-1-5-21-3314935037-2313578529-2019374610-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{72351B45-9636-4F99-820B-7C552D27897D}, No Action By User, [8927], [169061],1.0.1064
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C2D01}, No Action By User, [14843], [245530],1.0.1064
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5354-2D53-5045-A758B70C2D01}, No Action By User, [14843], [245530],1.0.1064
Registry Value: 2
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C2D01}|INSTALLSOURCE, No Action By User, [14843], [245530],1.0.1064
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5354-2D53-5045-A758B70C2D01}|INSTALLSOURCE, No Action By User, [14843], [245530],1.0.1064
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 7
PUP.Optional.MindSpark, C:\USERS\MARK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, No Action By User, [341], [240305],1.0.1064
PUP.Optional.MindSpark, C:\USERS\MARK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, No Action By User, [341], [240305],1.0.1064
PUP.Optional.MindSpark, C:\USERS\MARK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, No Action By User, [341], [240306],1.0.1064
PUP.Optional.MindSpark, C:\USERS\MARK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, No Action By User, [341], [240306],1.0.1064
PUP.Optional.ASK, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\AskToolbarInstaller-ORJ-SPE[1].7z, No Action By User, [646], [358503],1.0.1064
PUP.Optional.ASK, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\AskToolbarInstaller-ORJ-ST-SPE[1].7z, No Action By User, [646], [358503],1.0.1064
PUP.Optional.ASK, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCACHE\IE\AskToolbarInstaller-ORJ-ST-SPE[2].7z, No Action By User, [646], [358503],1.0.1064
Physical Sector: 0
(No malicious items detected)
(end)
Link to comment
Share on other sites

I did turn on the auto quarantine.

Actually, I ran the first scan yesterday but didn't know if the stuff found was good or bad.

I eventually hit "clean" but something went wrong and it stopped.

I think that something was me not running as an admin.

Windows 10 is a bit black box to me and I haven't bothered to find where everything is.

 

Anyway, after ignoring this computer for a while while working on my other computer, I saw the "blocked" message again.

Then I followed your instructions.

 

So we'll see how it's running but I assume well.

Should I do more with the quarantine?

 

I really appreciate your help....I'm not much of a help-asker normally.

 

Mark

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...