XP Security scam

[astrocan]

I thought that I had switched off the XP Security Center on my PC preferring to use the anti-virus and firewall provided as part of my ISP account.
All of a sudden the PC has been rendered unusable by constant pop ups and service denial by (what appears to be) XP security center warning of viruses, trojans etc. A series of windows give you options that you can choose but all permutations lead to the same window where the choice is pay up ($60<) or stay infected. I tried to update the virus definitions on my anti-virus and get it to run a scan but the process is constantly interrupted by these pop-ups.
Even if I open a browser (Explorer or Firefox) the home page is replaced by a warning about viruses etc. Do I want to scan for viruses or get an update or carry on. Choose carry on and nothing happens, choose either of the other options and I am back to square1.

Fortunately for me I am a tight bugger and have a resistance to this sort of persuasion and the pop-ups look very convincing but I am beginning to wonder if this is quite a sophisticated scam.

I only ask because I am not convinced that even Microsoft wold push this so hard. It is VERY intrusive and there seems to be no way out but to pay up which I suspect would lead to the rapid depletion of my bank account.

Anyone else come across this? I know there have been lots of dodgy phone calls but if this is a scam it is in a different league.

 

[Flying Dodo]

It will be a scam, as something has infected your PC. Try and get a browser window open which lets you go to one of the free checking sites, such as Sophos or AVG.

 

[astrocan]

I would but I can't open a browser.
The home pages have been replaced with options that lead nowhere or to the pay up or die window.

I would emphasise that these pop ups are very convincing, it is only the persistent and unremitting nature of the intrusion that leads me to suspect that is is not from Microsoft.

 

[accountantpete]

I'd try a systems restore to an earlier date.

 

[astrocan]

Gave that a go but no dice.

 

[lilolee]

From Microsoft


Help restore a hijacked browser and boost browser security
The following six tips can help restore your browser's settings:

1. Stop cascading pop-up windows. If endless pop-up windows appear on your screen, you'll probably want to stop them first. To do this in Microsoft Windows 7, Windows Vista, Windows XP, or Windows 2000 while using Internet Explorer:
   • Press CTRL+ALT+DEL, click Task Manager, and then click the Processes tab.
   • Click IEXPLORE.EXE, and then click the End Process button.
   This closes all instances of Internet Explorer. Then you can re-open the program to continue browsing as usual. To help prevent future attacks, you should also have a pop-up blocker turned on. The pop-up blocker is turned on by default.
   
   To confirm that the pop-up blocker is on in Internet Explorer 9 click the gear icon and point to Internet Options. Click thePrivacy tab and make sure the box is checked next to Turn on Pop-up Blocker.
   
   If you still experience the other effects of a hijacked web browser, try the following:
   
2. Install Microsoft Security Essentials or another antivirus and antispyware program. Microsoft Security Essentials is free software that will help protect your computer from malicious software such as viruses or spyware. Many browser hijacking programs can be identified and removed by downloading, installing, and running Microsoft Security Essentials or a similar tool.
3. Run the Malicious Software Removal Tool. This can catch some, but not all, kinds of hijacking software.
4. Reset Internet Explorer settings. If you're using Internet Explorer and your home page has been changed, you can often reset it yourself.
   
   Note If you use Microsoft Security Essentials, Forefront Client Security, Windows Defender, or the Windows Malicious Software Removal Tool and these tools have detected and removed hijacking software from your computer, these tools might change your home page and your search page to help protect against the malicious software.
   
   For more information and step-by-step instructions, see Why is this now your home page? Why are you on this page?.
5. Disable add-ons. Many browser hijackings come from add-ons, also known as ActiveX controls, browser extensions, browser helper objects, or toolbars. These items can improve your experience on a website by providing multimedia or interactive content, such as animations. However, some add-ons can cause your computer to stop responding or display content that you don't want, such as pop-up ads. Internet Explorer 9 warns you in the notification area of your browser if an add-on is slowing your computer down. You can also the add-ons that you already have installed and disable the add-ons that you don't want by clicking the gear icon, and then clicking Manage Add-ons.
   
   To learn how to disable add-ons with Internet Explorer 7 or Internet Explorer 8, read How do browser add-ons affect my computer?

 

[lilolee]

When you gain control try Malwarebytes http://download.cnet.com/Malwarebyt...4572.html?part=dl-10804572&subj=dl&tag=button


or

joining http://www.bleepingcomputer.com/ for advice.

 

[fossyant]

Try safemode and run a full virus check.

Just doing some major work on my SIL's PC - niece/nephew have killed it again - Master boot record destroyed, and the thing is jammed with viruses. They are getting a ban as my SIL needs it for work/photos etc.

 

[ian turner]

As it's a browser hijacking follow the malwarebytes in safe mode suggestion.
I assume you have access to a working PC and you're not posting from your
mobile phone.

 

[The_Wheelhouse]

If the malwarebytes in safe mode doesn't work the best option would be to start again, and reinstall the OS, you will lose all you're files. Once you have reinstalled the OS , then install Microsoft security essentials. It probably isn't worth messing with the processes as you may do more harm than good.

 

[2Loose]

As it's a browser hijacking follow the malwarebytes in safe mode suggestion.
I assume you have access to a working PC and you're not posting from your
mobile phone.

+1

 

[Kestevan]

Its a virus/hijacker which pretends to be a Microsoft security alert. It is indeed a scam.

My daughters PC was infected last week.
It can be surprisingly easy to remove it.

First go to the clock, and set the current date to todays date + 6 days. Save the change and reboot the machine.
On restart, this should allow you to access the internet without the hijack kicking in.
Download and run the malwarebytes virus checker. Make sure you do a full scan, not just the quick scan.

Remove/isolate any reported files, then restart the box and only then update the date.

Worked for me anyway.

 

[astrocan]

The clock shifting trick sounds like it is worth a try. Failing that I will try to run a scan in safe mode.

Thanks for both tips I will let you know how I get on.

 

[astrocan]

Pleased to report that Kestevens clock changing trick seems to have worked.

I changed the date, restarted and was able to run a full scan which (fingers crossed) has identified and dealt with the problem.

Thanks Kes