Unknown Scareware

By Alley Cat
in Smart Home, Network & Security

 Share

Recommended Posts

Rising Star

Alley Cat

Posted
Posted

My laptop is crippled at the moment, when I log in, a window takes over 100% of screen real estate, I cannot open or see TASK MANAGER. It is scareware of some kind.

A picture of hand cuffs, threatening me to pay up or you will lose internet access. My guess is that is the newest version of the fake "Antivirus" family, eg: Antivirus 2007, Antivirus 2008, Antivirus XP.

And system restore, fails, of course.

OS: Windows 7 Starter Edition

Link to comment
https://www.neowin.net/forum/topic/1149774-unknown-scareware/
Share on other sites
Veteran

Mystic Mungis

Posted
Posted

As stated above boot into safemode with networking, download Malwarebytes and have a scan with it, should pick up. After that I'd suggest running TDSS Killer, usually gets rid of any remaining traces.

Also you could try googling some of the text from it.

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

This crap usually is located as a single random exe in one of the following locations

c:\users\(username)

c:\users\(username)\appdata\roaming

c:\users\(username)\appdata\local

c:\programdata

Boot into safe mode and unhide system files and hidden files and check those locations for exes. Also do a windows key + R and type msconfig. The nasty is usually listed in there as it starts with the PC. Once you find it in the list it should tell you its location. Go to that location and delete the offending exe file.

Veteran

Mystic Mungis

Posted
Posted

What about those who can't even boot into safe mode ?

You could try Kaspersky's Rescue Disk, boot into it and see if you can remove the infection via it or at least make the OS bootable.

https://support.kaspersky.com/4162

Or as Warwagon suggested grab a Linux distro and try and remove the infection manually.

Enthusiast

CougarDan

Posted
Posted

If you cannot boot into Safe mode (ensure you try Safe mode with COMMAND prompt as this generally does still work), you will need a LiveCD (Linux, Hirens, Vista, 7, etc).

For Vista/7 go to %appdata% for the User account that is infected and delete the Skype.ini and Skype.dat files. Then go to %programdata% and delete any .exe/.sys files from the bottom of the list. If there are .sys files you may need to use "attrib" to remove hidden/system file attributes before you can delete them.

For XP: Check %appdata% in the User account that has the infection coming up for the same files/file types as above. If you do not see any here go up one directory and then Local Settings\Application Data and check there. If nothing is still found you can navigate to All Users and go through Application Data there.

Also if Safe mode Command Prompt works you can use:

net user /add useraccountname mypassword

net localgroup administrators useraccountname /add

to create a new account, which generally gets you into the machine from where you can access the above locations to clean out your infected account

  • Obi-Wan Kenobi
  • Like 1
Rising Star

ShareShiz

Posted
Posted

I was able to use KRT but didn't find anything.

Just tried Hiren's. Damn that iso has changed since v10. was unsuccessful to run any programs. Need to look at that disk again.

I was about to try Windows Defender Offline Boot disk. But I was booted into desktop with the 100% display. After getting to the shutdown the 100% display went away and SOMEHOW was able to stop the shutdown process. I have now just installed Malwarebyetes and am doing a scan. 2% done and 15 infected files found :|

I am doing the scan NOT in safe mode. Does that matter.

... Sorry. I haven't had a virus for a good 5 years. And this one seems to be hardcore. Its my dads computer with a lot of important stuff. If it were my computer I would have formatted and installed Windows 7 about 4 hours ago :p

Grand Master

Mando

Posted
Posted

You could try Kaspersky's Rescue Disk, boot into it and see if you can remove the infection via it or at least make the OS bootable.

https://support.kaspersky.com/4162

Or as Warwagon suggested grab a Linux distro and try and remove the infection manually.

Ive used Kapersky to remove the fake Met police scareware with great success. I use it professionally as its quicker than other methods. Most are a theme on the FBI one.

Trend also do a live rescue cd IIRC failing that avast or Avg do a similar utility.

Burn the iso to disk or even better usb stick and boot from it (via bios boot order) and follow the prompts.

Remember to allow it to update its defs in its live environment if it detects your lan or wifi card

Grand Master

articuno1au

Posted
Posted

Not running in safe mode isn't an issue, that's just to try and get around the screen lock.

After MalwareBytes, I'd run whatever other AV/AM tools you like and just make sure you got everything.

Personally after this kind of infection I always format, I'd just rather not to take the risk. Entirely up to you though >.<

Experienced

wahoospa

Posted
Posted

I don't know about this malware but I have been able to move the malware screen off to one side of the machine (not completely off) and any other windows that pop up I stack them on top of each other. This gives me access to the start button and an open place on the desktop to work from.

Rising Star

ShareShiz

Posted
Posted

Not running in safe mode isn't an issue, that's just to try and get around the screen lock.

After MalwareBytes, I'd run whatever other AV/AM tools you like and just make sure you got everything.

Personally after this kind of infection I always format, I'd just rather not to take the risk. Entirely up to you though >.<

Yeah. My dad should have fixed this himself just to teach him a lesson.

IE8 user, uses random crappy AV and other software, has a TON of files (all of which are located on C: ) .. and hasn't done a Windows update in over a year.

If it were me, I would have formatted C and reinstalled everything. It would have only taken 45mins to do, and I wouldn't have any files lost since everything is stored on my D partition :)

But, it was fun having to deal with a virus for the first time in a few years.

Grand Master

primexx

Posted
Posted

Yeah. My dad should have fixed this himself just to teach him a lesson.

IE8 user, uses random crappy AV and other software, has a TON of files (all of which are located on C: ) .. and hasn't done a Windows update in over a year.

If it were me, I would have formatted C and reinstalled everything. It would have only taken 45mins to do, and I wouldn't have any files lost since everything is stored on my D partition :)

But, it was fun having to deal with a virus for the first time in a few years.

why didn't you just LiveCD and pull all his data off, then nuke it?

Rising Star

Alley Cat

Posted
  • Author
Posted

Is it the FBI virus ?

I am not sure, I never heard of this FBI virus before. Another Scam, isn't it ?

I went into safe mode, I seemed to have cleared out the scareware. One further Attempt to restore to a previous state, resulted in a strange BSOD, that had a countdown timer.

Laptop is running again, no clue though, which SCAREWARE stuck. I bet it was a drive by injection/infection.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft released Windows 11 KB5094149 / KB5095971 / KB5094156 Setup, Recovery updates

      By hellowalkman · Posted

      Microsoft released Windows 11 KB5094149 / KB5095971 / KB5094156 Setup, Recovery updates by Sayan Sen Earlier this week Microsoft released its newest Patch Tuesday updates (KB5094126 / KB5093998 on Windows 11 and KB5094127 on Windows 10). Alongside those, Microsoft also released new dynamic updates. These Dynamic Update packages are meant to be applied to existing Windows images prior to their deployment. Dynamic Updates also help preserve Language Pack (LP) and Features on Demand (FODs) content during the upgrade process. VBScript, for example, is currently an FOD on Windows 11 24H2. This time both recovery and setup updates were released for Windows 11 as well as Windows 10. The company writes: "KB5095185: Safe OS Dynamic Update for Windows 11, version 26H1: June 9, 2026 This update makes improvements to the Windows recovery environment (WinRE). After installing this update, the WinRE version installed on the device should be 10.0.28000.2269. KB5094149: Safe OS Dynamic Update for Windows 11, versions 24H2 and 25H2: June 9, 2026 This update makes improvements to the Windows recovery environment (WinRE). After installing this update, the WinRE version installed on the device should be 10.0.26100.8655 KB5095971: Setup Dynamic Update for Windows 11, version 23H2: June 9, 2026 This update makes improvements to Windows setup binaries or any files that setup uses for feature updates in Windows 11, version 23H2. KB5094156: Safe OS Dynamic Update for Windows 11, version 23H2: June 9, 2026 This update makes improvements to the Windows recovery environment (WinRE). After installing this update, the WinRE version installed on the device should be 10.0.22621.7219 KB5098815: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: June 9, 2026 This update automatically applies Safe OS Dynamic Update (KB5094154) to the Windows Recovery Environment (WinRE) on a running PC. The update installs improvements to Windows recovery features. KB5094154: Safe OS Dynamic Update for Windows 10, versions 21H2 and 22H2: June 9, 2026 This update makes improvements to the Windows recovery environment (WinRE). After installing this update, the WinRE version installed on the device should be 10.0.19041.7417. KB5094153: Safe OS Dynamic Update for Windows 10, version 1809 and Windows Server 2019: June 9, 2026 This update makes improvements to the Windows recovery environment (WinRE). After installing this update, the WinRE version installed on the device should be 10.0.17763.8880. KB5094152: Safe OS Dynamic Update for Windows 10, version 1607 and Windows Server 2016: June 9, 2026 This update makes improvements to the Windows recovery environment (WinRE). After installing this update, the WinRE version installed on the device should be 10.0.14393.9234." Microsoft notes that both the Recovery and Setup updates will be downloaded and installed automatically via the Windows Update channel.
    • Some Quantum Computing News Including Microsoft

      By +TRS-80 · Posted

      Quantum Error Correction Validated in Nature: Microsoft and Quantinuum Log 800-Fold Improvement Two years after the original press-release announcement, independently peer-reviewed results published in Nature on June 10, 2026, have confirmed that Microsoft and Quantinuum achieved an 800-fold reduction in quantum error rates on real trapped-ion hardware — the largest gap between physical and logical error rates ever independently validated.    What Quantum Error Correction Actually Does — and Why Breaking Even Is Hard https://www.techtimes.com/articles/318329/20260613/quantum-error-correction-validated-nature-microsoft-quantinuum-log-800-fold-improvement.htm   Quantum Computing Wiring Bottleneck Cracked by HKU Silicon Carbide Chip at Qubit Temperature Engineers at the University of Hong Kong have built the first cryogenic control chip that operates at the same temperature as superconducting qubits — 10 millikelvin, or just one-hundredth of a degree above absolute zero — without generating the heat that has forced every competing approach to park its electronics hundreds of meters of cable away. https://www.techtimes.com/articles/318325/20260613/quantum-computing-wiring-bottleneck-cracked-hku-silicon-carbide-chip-qubit-temperature.htm  
    • RevPDF 4.5.0

      By Copernic · Posted

      RevPDF 4.5.0 by Razvan Serea RevPDF is a free, fully offline PDF editor for Windows, macOS, and Linux that lets you edit text and images directly inside PDF files — no internet connection, no account, and no cloud uploads required. Unlike bloated alternatives that demand subscriptions and constant connectivity, RevPDF fits in under 60MB on desktop while delivering a complete editing toolkit: annotate, redact, sign, compress, split, merge, convert, and reorganize pages, all processed locally on your device. Smart font matching ensures edited text blends seamlessly with the original, and multi-language support includes RTL scripts such as Arabic and Hebrew. Where most PDF editors force you to choose between features and simplicity, RevPDF manages both. You can build interactive forms from scratch with text fields, checkboxes, and dropdowns, permanently redact sensitive data before sharing, draw freehand on contracts and diagrams, and add custom watermarks — all without a single file leaving your machine. Edit Text and Images Directly Inside PDFs RevPDF supports true inline PDF editing — not just annotation layers on top of a document, but actual modification of existing text and images within the file. A smart font-matching engine identifies the font used in the original document and applies it automatically when you make edits, so changes blend naturally with the surrounding content. You can reposition elements, resize images, and update text across single pages or entire documents. RevPDF 4.5.0 release notes: This is one of the biggest updates to RevPDF yet. A lot of things people have been asking for are finally here. New Features Auto Redaction Permanently redact sensitive text and areas from your PDFs before sharing. Clean, irreversible, and fully offline. Comments, Links & Bookmarks Add comments for review, insert clickable links, and create bookmarks to jump around long documents without scrolling forever. Find & Replace Search across the whole document and replace text in one go. Long overdue. Split Pages Vertically or Horizontally Split any page down the middle, vertically or horizontally. Perfect for scanned books or double-page spreads. New Drawing Tools More tools for freehand drawing and markup, better for annotations, sketches, and detailed notes. Continuous Scrolling in Editor The editor now scrolls continuously through pages instead of jumping between them. Working through long documents is a lot smoother now. PDF Metadata Editor View and edit the metadata stored inside your PDFs, including title, author, subject, and keywords. Better Font Matching Text edits now blend in more naturally by doing a better job of matching the original font. Tabbed PDF Viewer Open multiple PDFs at once in tabs and switch between them without going back to the home screen. Add Links Insert hyperlinks anywhere in your PDF, to external URLs or to other pages within the document. Share & Print Shortcuts Share or print directly from the editing screen, home screen, and viewer. No extra steps. Minor Updates Paste images directly from clipboard into your PDF New image editing tools for more control over images inside documents Bug Fixes Fixed file saving issues on Windows and Linux Everything still works fully offline. No login, no cloud, no account. Your files stay on your device. Download: RevPDF 4.5.0 | 58.0 MB (Open Source) Links: RevPDF Home Page | Github | Screenshots 1 | 2 Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Can't access the forum on mobile

      By RaidenX · Posted

      Interesting. I'm not using a VPN with my phone. I tried though my home internet (Rogers) and my cellular internet (Telus) using their respective DNS servers and both trigger the dialog above.
    • US Government Pulls Anthropic’s Fable 5 Offline: Now Come the Refunds for a Vanished AI

      By +TRS-80 · Posted

      Three days after Anthropic launched Claude Fable 5 as the most capable AI model it had ever released to the public, the United States government ordered it switched off — and now the company is refunding customers who paid to use a product that vanished almost overnight https://www.techtimes.com/articles/318342/20260613/us-government-pulls-anthropics-fable-5-offline-now-come-refunds-vanished-ai.htm  

  • Recent Achievements

    • Week One Done
      agatameier earned a badge
      Week One Done
    • One Month Later
      agatameier earned a badge
      One Month Later
    • Week One Done
      ssd21345 earned a badge
      Week One Done
    • Contributor
      MarkHughes4096 went up a rank
      Contributor
    • Dedicated
      jordanspringer earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      507
    2. 2
      +Edouard
      175
    3. 3
      PsYcHoKiLLa
      139
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!