My sister-in-law sent me an email yesterday saying that she received a pop-up while browsing a mobile rental home website. The popup: "MSE has found viruses, call this 1-800 number immediately". Obviously this is a scam (a phishing attack - though it could also be a drive-by and some crap may have been installed on her PC). She was so alarmed that she hit power off on the computer, so I do not know if she could close the browser (Chrome) or not. She is not computer savvy and the only protection she has installed is MSE. I am a continent away, so helping her is going to be difficult. I immediately thought of Malwarebytes as the best solution, but then she will be uncomfortable with installing a new program, so I thought of MSRT as an alternative as she would have it already installed through windows update. I googled MSRT - Microsoft Malicious Removal Tool as I wanted to know what it actually monitors and removes. Well, I could not get anything specific. Would MSRT remove this specific malware?
This is what MSRT currently detects and removes: https://www.microsoft.com/security/pc-security/malware-families.aspx . It is not designed to be a primary use anti-malware scanner.
Sounds like a simple scam, trying to lure people into calling a shady "support"-center. Had she called the number, they would have talked and talked until she was dizzy. They would have tried to set up a remote session and then she would have been in big trouble, once they had gained access to her PC. Considering that she was using Chrome which is one of the browsers equipped with a healthy sandbox and also running MSE, then I seriously doubt anything malicious happened to her PC. The popup was dead the moment she closed the browser / turned off the PC. Tell her to clear browser cache, update MSE, run a scan and she can relax again.
I also hide MSRT as it's detection is limited to few malware families. I doubt she has anything to worry about, but can scan her system using Malwarebytes or portable Emsisoft Emergancy Kit or Avira PC Cleaner. She can also check her system using HitmanPro.
MSRT is not the issue - this popup is THE issue. get a descent browser and some good ad-blocker. opera/vivald/firefox/(chrome) and uBlock with activated hosts list. a rebuild her security concept!
@itman. (tnx) - MS states that it removes specific, prevalent malicious software families - viruses and worms. The only reviews I found just referred to 'malware'. I think MSRT may not be the right tool to scan for this issue.
I didn't say it was .......... Only posted the link to show what it does scan for. Note my previous statement: "It is not designed to be a primary use anti-malware scanner."
@emmjay This does not sound like a phishing attack to me, and almost certainly nothing would have been downloaded. They are just trying to get you to call the number so they can charge you to remotely access your computer and remove the "infections".
@roger_m I am hoping that it was just a scare message. Just want to make sure. She ran an MSE scan - it was clean. I'd be running a couple of different scans on her PC, if I had access to it. With her being a novice it is difficult to guide her through using programs that we here on Wilders have no problem using (and understanding). I'd like to check her Chrome settings, get an adblocker on her browser and also get MBAM installed. It all has to happen using email, because she lives down-under and I do not - going to be interesting.
@emmjay You could get her to install TeamViewer and use that to access her computer and do the checks.
Installed TeamViewer on both systems last night. No bad guy scripts installed. just an audio file associated with the scam - it made bleeping noises which my sister-in-law said occurred when the 1-800 scam pop-up appeared. MBAM ran clean. Browser cache cleared. Tnx to all.
I just got the popup 3 times while on a porn site. All my scans ran clean after. I am surprised the redirect and popup was not stopped by any of the apps that i run.
