On Saturday, one of my Fort Wayne computer repair clients called to say their Windows computer was speaking to them. It was telling them they were infected and not to shut down their computer. Something took over their Windows desktop and my client was helpless. They couldn’t close the scareware screen, minimize it and even get to the Windows start button. I urged them to shut down the computer with the power button and don’t use it until I arrive Monday.
When I arrived today, I turned on the computer and was greeted with the same scareware screen which was supposed to be from Microsoft. I got it closed with some fancy keyboard shortcuts and by running the Windows task manager. I felt their security program, Windows Defender wasn’t cutting the mustard and I replaced it in favor of Comodo Internet Security. Once it was installed I ran a full scan and many infections were found and removed.
The scareware screen came from their Firefox web browser so I checked it for malicious extensions and plug-ins. Ten were found with names like Maps Galaxy, Search Encrypt, MyFormsFinder, PDF converter, and DirectionsAce. My client never knowingly installed these so I removed all of them. I found the home page set to a questionable search engine so I changed it to to refdesk.com which is a safe site.
My client tested the computer by visiting his web sites in Firefox and nothing crazy popped up while they was browsing. Needless to say they’re happy now.