Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: alicia.rose on December 12, 2018, 03:05:09 PM
-
I just received a full screen fake alert claiming to be from Microsoft, which I couldn't shut down for a while:
Incorrectly claimed the software was pirated. It is not, was activated on the phone by Microsoft.
"This computer is blocked" "Do not close this window and restart your computer" "Your computer's registration key is blocked"
Telling me to call a given number.
XP SP3 / Avast Free Antivirus 18.5.2342 / Virus definitions version: 181210-6 / CryptoPrevent
I plan to run Malwarebytes + Avast scans. Please advise. I cannot update the operating system.
Afraid to turn the computer off in case it doesn't restart!
-
Sounds like one of the typical fake scam alerts that pop up time to time on certain webpages, once they block the browser from closing it's generally easier to use Task Manager to end the Browser process and clean out Browser temp files with CCleaner or similar.
-
I see. Thank you for helping CraigB.
I couldn't shut it down with Task Manager either for a while, but did eventually.
It alarmed me - thought that was the end!
About to run Malwarebytes.
-
Update: Malwarebytes long scan result including rootkits - No malware found.
Wasn't sure what I was dealing with at the time................a friend lost her computer to ransomeware.
-
As CraigB eluded too, the issue would be in your Browser, not your OS.
Try following his instruction in the post and clean up your Browser. :)
-
Thank you for further putting my mind at rest schmidthouse..........I will follow CraigB's instruction and clean up my browser. :)
-
You're welcome. :)
-
Something has been done to the os.
I just had a "The system has recovered from a serious error" notification after turning off and restarting my computer.
Believe it blue screened and restarted while I was out of the room.
-
I wouldn't worry to much if the system is working fine now, there could have been a small incompatibility of Malwarebytes or some other running program.
-
Thanks for answering CraigB
Since the incident the right hand side of the screen / any window I open quivers / moves rapidly left to right? Never seen this before.
Not had a BSOD for a long time - computer was running well.
-
Alicia, if having further issues you may wish to visit the Viruses and Worms board, read through the Logs to assist with cleaning topic at the top of the board and supply the required logs for one of the Malware team to look over for you.
-
Definitely do what CraigB ^ recommends first and do nothing else to try and fix it yourself until someone there helps. But if they find nothing untoward and the trouble persists:-
Do you have a pre-incident restore point? Might be worth trying to see if it fixes the described problem. It can always be undone.
Whether it does fix the trouble or not I'd also put in a restore point and then run System File Checker ie. Run > sfc /scannow. That can fix corrupted systems files which maybe what the symptoms described are being caused by. It should not do any harm and, again, with the restore point you can always go back.
-
As CraigB suggested, FIRST go here and follow instructions and one of our malware experts will assist.
https://forum.avast.com/index.php?topic=194892.0 (https://forum.avast.com/index.php?topic=194892.0)
-
Thank you all, your help is much appreciated. I have already carried out a System Restore back to the 11th December and intended to carry out sfc / scannow, but will seek help first as soon as I have time.
Screen / windows are still shaking slightly.
Written on the malicious screen, along with what I already mentioned...............
"Virus alert"
For several reasons - I do not have Behavio(u)r Shield turned on.......................perhaps that would have stopped it?
-
For several reasons - I do not have Behavio(u)r Shield turned on.......................perhaps that would have stopped it?
No, it is just a FakeAlert on a website
A ton of screenshots here:
https://www.google.com/search?q=microsoft+fake+alert&rlz=1C1JZAP_noNO713NO713&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj7z93R453fAhXisYsKHfDVBhAQ_AUIDigB&biw=1600&bih=758
-
Thank you for answering my question Pondus....................
Wondering why I had the BSOD on reboot and now have a shaking screen??
-
Thank you for answering my question Pondus....................
Wondering why I had the BSOD on reboot and now have a shaking screen??
Follow instructions / link posted by @schmidthouse in reply #12
attach the requested logs and a expert will take a look
-
Hi alicia.rose,
I would like to ask you for MEMORY.DMP to find out which driver caused your BSOD.
Some information from the picture you attached :
Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
Referenced address : 0xe27ac000
Module address: 0xf52625b0
It means that a driver (0xf52625b0) tried to read from memory 0xe27ac000.
1)Locate a dump file :
The default location of the dump file is %SystemRoot%\memory.dmp i.e C:\Windows\memory.dmp if C: is the system drive. Windows can also capture small memory dumps which occupy less space. These dumps are created at %SystemRoot%\Minidump.dmp (C:\Window\Minidump.dump if C: is the system drive)
2) Zip it as alicia_rose_bsod_12_2018.zip
3) Upload the zip file to ftp://ftp.avast.com/incoming
Thank you !
-
Hello kwiq,
Thank you very much for helping me.
I have the Minidump / zip file, but cannot click anywhere on the page you asked me to upload it to other than 'Up to higher level directory'?
Thank you Pondus.
-
Uploading files to the Avast FTP server >> https://support.avast.com/en-ww/article/FTP-file-upload
-
Tried your link Pondus................just a loading circle going round - nothing else showing.
I am using K-Meleon browser. Cannot use Chrome / latest Firefox version - not compatible with my computer.
Tried both links with the Firefox version I have - 1st same as before, 2nd page won't load.
I can ask a friend to do it.
-
HI :
Reset Internet Explorer settings
You can reset Internet Explorer settings to what they were when Internet Explorer was first installed on your PC. This can be useful for troubleshooting problems that may be caused by settings changed after installation. Note that resetting Internet Explorer isn't reversible, and all previous settings are lost after reset.
Close all Internet Explorer windows. Select the Tools button, and then select Internet options.
Select the Advanced tab, and then select Reset.
In the Reset Internet Explorer Settings dialog box, select Reset.
When Internet Explorer finishes applying default settings, select Close, and then select OK. Restart your PC to apply changes.
Beside this,use adwcleaner from https://toolslib.net/downloads/viewdownload/1-adwcleaner/
and then follow this:
To turn off SmartScreen in Internet Explorer 8
In Internet Explorer, select the Safety button, point to SmartScreen Filter, and then click either Turn off SmartScreen Filter or Turn on SmartScreen Filter.
In the Microsoft SmartScreen Filter dialog box, click OK.
Cordially
-
Thank you for helping karimus.
XP - I cannot use IE for browsing at all - pages will not load.
Think it has been blocked for security reasons.
I am emailing a friend (with attachment)............asking them to do it for me.
Might take a few days.
-
Hi,
You can do it from this way for XP :
click Start > Run > Type the command inetcpl.cpl in the Open box > press ENTER.
Advanced tabĀ» Reset in settings of Reset Internet Explorer and apply
restart cpu.
For the other Windows,just click on WIN+R and follow same step.
-
kwiq - Avast team
My friend has just contacted me to let me know he has uploaded the Minidump / zip file (on my behalf), as requested.
The last BSOD on this computer was 5th April 2014.
BlueScreenView did not record a crash on 13th December 2018?
Thank you for the information karimus.
-
Hi alicia.rose,
I found you file but it is password protected archive and I dont know the password.
Can you send it me as private message.
Thank you
-
Hi alicia.rose,
I found you file but it is password protected archive and I dont know the password.
Hi, if she did follow Pondus' advice (Reply #19), the PW is "virus".
-
Hi alicia.rose,
it is a crash in aswStmXP.sys driver.
forwarded to developers
Thank you !
-
kwiq / Avast team
Thank you very much for the information. Really appreciated you analyzing the Minidump for me and all the help I have received here.
Regarding the shaky, moving screen since the BSOD...............
I uninstalled and reinstalled the graphics card driver - issue completely resolved. :)
-
Graphics driver needs to be intact to work properly without corruption.