Dwight Watt - Newspaper Article #449 2/27/2019

Question: My computer has a screen that directs me to call Microsoft because of Trojans, what do I do?


This is a phishing type attack that is done thru some infected web pages and links on other pages. The links could be in legitimate pages but have been added there as advertising which the page owner has no control or the web page could have been attacked and the malware added on it.

In this case the person is working on their computer and suddenly a large page pops up (along with smaller message pages “confirming”) saying that Microsoft has discovered Trojan viruses on your computer and lists several. It says to call Microsoft and gives an 800 number to them to call. Usually the page is in red to scare you more.

The page was not sent by Microsoft (or some other big computer company) and the information on the page is pure fiction. They are not with Microsoft or any legitimate company but malware agents working somewhere in the world. Nothing has discovered the trojans listed on your machine (although your machine could really have malware on it that is unrelated to this) and they do not exist on it or that page does not know. It is a fictitious attack by attack agents typically located in India that wants to separate you and your money, i.e. they get your money. As far as the page you are seeing it knows nothing about your machine.

If you call the number they will tell you they can fix your machine after you pay them some amount of money. The attack I just heard about they wanted $540 to fix the machine. If you did pay them they will then request information form you to get remotely in your machine and then instead of fixing your machine (remember there was nothing wrong with it) they will then plant moré malware on it and really mess it up and steal information they can find including account numbers and passwords.

Do not call them. They are bad news and will damage stuff.

Odds are now with the current versions of this malware you will not be able to close the browser or window by clicking the x in right top corner or right clicking the browser name in the task bar at the bottom of screen and choosing to close the window. You will either need to go to task manager to close the browser or restart the machine. O go to task manager, click crtl+alt+delete (all of them together, which really means easiest press and hold the ctrl key while pressing and holding the alt key and clicking the delete key and letting go. You will get a light blue screen where you can change password, sign out, go to task manger or a couple other things. (If you do by accident just choose cancel and back where you were). Choose task manger. You will see list of tasks (mostly programs) that are running and you will see the name of your browser (Chrome, Edge, Firefox, etc). Click it and then choose end task. You will see it close in background. You can then end task manager.

I would recommend you then run a full scan with your anti-virus program (make sure up to date and signatures up to date) and your anti-spyware program (making sure it is up to date also). My current preferences for free editions of these are Avast and Superantispyware. If you are using Avast I would suggest running a boot scan at this point just to make sure they did not get something on the machine. This will clear anything they may have planted and also clean anything that may already be on your machine so your machine is clean.

Similar to the malware I just discussed is where they will call you and tell you your machine is infected (again claiming to be Microsoft or some other big computer company) and want you to pay and then to give them information to access and they your machine. This is also a scam and they have not been in your machine. Just hang up.