Results 1 to 9 of 9

Thread: Ransomware Popups!

  1. #1
    Crazy Diamond
    Tiny's Avatar
    Join Date
    Dec 2010
    Location
    Tasmania
    Age
    58
    Posts
    5,373
    Thanks
    8,827
    Thanked 4,015 Times in 2,102 Posts
    Rep Power
    1476
    Reputation
    60637

    Default Ransomware Popups!

    Today I got a really scary Ransomware Popup that looked like an old Windows system message & was telling me that my computer was being encrypted and that I needed to buy a key to unlock my files, blah blah blah.

    If you get one of these, don't click on anything, just switch off at the power point & don't open the browser you were using, after restart, until you have scanned & removed the unwanted program that has the popup adds in it.

    It was not actually a virus, just Malware that tries to get you to click on a link that will install the virus.

    So I got it whilst passively watching a video from the YouTube Clips thread, the video was at a hosting site called sendvid.
    The ransomware popup got thru malwarebytes antiexploit, locking the popup on screen demanding money for an unlock key, with no way to stop it except off at the power point.
    After restart, windows defender said it had detected & removed it.



    No obvious sign of it now.

    Did a full scan with malwarebytes to make sure; which detected a malware link to Terraclicks (see below).
    Removed it.

    PC is now clean & the redirect is gone. Checked browser history & Terraclicks was the page opened directly after I opened the video, then the redirect to the popup occurred, I manually removed them so they can't be accidentally clicked on in history.
    I did nothing to initiate the Terraclicks link, so it must have automated when playing the video. Be careful!!


    Terraclicks is characterised with creating a large quantity of pop-ups, banners, ad-filled pages. It is even capable of transforming certain words from the text you read into hyperlinks and they will also display an Ad when you hover over them. Ads from Terraclicks may be small and subtle, but more often then not they will be big, shiny and demanding attention. The most annoying ones also come with sound, which will cause a lot of annoyance until you find the correct close button. So yes, the Ads are an annoyance and they will also slow down your computer. Your CPU has to load the Ads in addition to whatever page you are opening and to do that it also needs to download the data needed to display them. Don’t click on the Ads – they don’t mean you good The Ads created by Terraclicks Virus are aggravating for a purpose – they want to attract your attention. It’s a trap. If you begin interacting with the Ads – even if you do it out of curiosity – it puts your computer at risk. Adware applications like Terraclicks Virus are known as “droppers” for other, more dangerous viruses like ransomware, keyloggers, rootkits and others. If the direct approach doesn’t work Terraclicks Virus might try to make you install the virus yourself. This is done through the use of deception and misdirection. Generally first you will be shown an Ad that looks exactly like a system message. It will claim there is some problem – a missing plug-in or require a certain video player or codec installed in order to view media online. You’ll then be provided a link to click on in order to install whatever is missing. There isn’t really any problem and the file you are about to install will contain the virus.
    Cheers, Tiny
    "You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
    The information is out there; you just have to let it in."

  2. The Following 7 Users Say Thank You to Tiny For This Useful Post:

    cmangle (24-10-16),DB44 (24-10-16),joezep (22-12-16),mtv (24-10-16),OSIRUS (22-12-16),Thala Dan (24-10-16),tristen (24-10-16)



Look Here ->
  • #2
    Senior Member
    Philquad's Avatar
    Join Date
    Jan 2008
    Location
    nelson bay
    Age
    49
    Posts
    3,566
    Thanks
    169
    Thanked 1,086 Times in 647 Posts
    Rep Power
    490
    Reputation
    12558

    Default

    glad you didnt get encrypted, its a ### of a thing
    better do a full backup of all pictures & docs just in case
    i might now you made it aware
    why do we need the NBN ? because the copper network is constipated & needs fibre

  • #3
    Crazy Diamond
    Tiny's Avatar
    Join Date
    Dec 2010
    Location
    Tasmania
    Age
    58
    Posts
    5,373
    Thanks
    8,827
    Thanked 4,015 Times in 2,102 Posts
    Rep Power
    1476
    Reputation
    60637

    Default

    yeh, full backups are regular for me Phil, thanks for the reminder anyway.

    I was almost going to post the links to the Malware before I deleted them just for you Phil, but thought the better of putting live malware links on this forum.

    Looks like it's just a random add/malware from the add server for that site, be careful.

    So people; Just don't interact with the false dialogue so as not to install what will be a problem, the scary thing is the audio which is really well designed to scare the crap out of you & because it's a video website you have your audio on.
    Cheers, Tiny
    "You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
    The information is out there; you just have to let it in."

  • #4
    Senior Member
    Philquad's Avatar
    Join Date
    Jan 2008
    Location
    nelson bay
    Age
    49
    Posts
    3,566
    Thanks
    169
    Thanked 1,086 Times in 647 Posts
    Rep Power
    490
    Reputation
    12558

    Default

    was it like this one



    its the call our support team job, with audio, there taking my facebook friends, omg
    & everything else, cant even close firefox, you need to end task it
    why do we need the NBN ? because the copper network is constipated & needs fibre

  • #5
    Crazy Diamond
    Tiny's Avatar
    Join Date
    Dec 2010
    Location
    Tasmania
    Age
    58
    Posts
    5,373
    Thanks
    8,827
    Thanked 4,015 Times in 2,102 Posts
    Rep Power
    1476
    Reputation
    60637

    Default

    Quote Originally Posted by Philquad View Post
    was it like this one
    Not quite; similar, however it was saying that it was taking my passwords & credit card details & at the same time encrypting all my personal files, also asking me contact them to buy a key to unlock my files.

    Knowing now it is just an add/scam, unless I clink on their link, I would have no hesitation to do a screen dump to capture it or I'll PM you the URL for you to play with if it comes around again.
    Cheers, Tiny
    "You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
    The information is out there; you just have to let it in."

  • #6
    Senior Member
    Philquad's Avatar
    Join Date
    Jan 2008
    Location
    nelson bay
    Age
    49
    Posts
    3,566
    Thanks
    169
    Thanked 1,086 Times in 647 Posts
    Rep Power
    490
    Reputation
    12558

    Default

    i trust you ha
    na the 1's i fixed up were from a email with a download link that was then a zip file you had to open
    then you got encrypted
    had to be 4x stupid to actually get encrypted
    why do we need the NBN ? because the copper network is constipated & needs fibre

  • #7
    Premium Member levend's Avatar
    Join Date
    May 2012
    Posts
    353
    Thanks
    112
    Thanked 51 Times in 37 Posts
    Rep Power
    97
    Reputation
    894

    Default

    Lol have to laugh i was just reading this thread when the first page i went to look at i got the block crap. I just went into task bar and closed it is that the right thing to do?

  • #8
    Crazy Diamond
    Tiny's Avatar
    Join Date
    Dec 2010
    Location
    Tasmania
    Age
    58
    Posts
    5,373
    Thanks
    8,827
    Thanked 4,015 Times in 2,102 Posts
    Rep Power
    1476
    Reputation
    60637

    Default

    Quote Originally Posted by levend View Post
    Lol have to laugh i was just reading this thread when the first page i went to look at i got the block crap. I just went into task bar and closed it is that the right thing to do?
    yep & do a full scan including root kits to be sure you are clean with Malwarebytes. Free edition is all you need.
    Cheers, Tiny
    "You can lead a person to knowledge, but you can't make them think? If you're not part of the solution, you're part of the problem.
    The information is out there; you just have to let it in."

  • The Following User Says Thank You to Tiny For This Useful Post:

    levend (22-12-16)

  • #9
    Senior Member
    Philquad's Avatar
    Join Date
    Jan 2008
    Location
    nelson bay
    Age
    49
    Posts
    3,566
    Thanks
    169
    Thanked 1,086 Times in 647 Posts
    Rep Power
    490
    Reputation
    12558

    Default

    everytime im on eztv.ag i get a new page with a voice
    (if the popup stopper is disabled)

    saying, your files are being encrypted, we have your credit card & facebook login. blaa blaa, & you can only ctrl alt del to kill it

    they can have my credit card but dont ### with my facebook (id had a few) so i ring the 1800 number (amazing how they legally have this)

    4 times i rang, but he keep hanging up, was it something i said? lol
    why do we need the NBN ? because the copper network is constipated & needs fibre

  • The Following 2 Users Say Thank You to Philquad For This Useful Post:

    levend (22-12-16),Tiny (22-12-16)

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •