• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

This hit my laptop last night; completely controlled it

Norton let this into my laptop last night.

I was reading an article and all of a sudden a 'booming' voice started telling me that my computer has a virus and if I shut it down 'my hard drive would be completely erases'.  It said to call a phone number to get help.

I could not 'X' out of any tab and the laptop was frozen except for flashing lights and the booming voice.

I was able to use the 'shut down' feature in the lower left of the screen.

While it was shutting down, lots of updates started occurring; not sure if this was supposed to happen or whether it was the virus.

Afterwards, all my Norton security features 'were turned off'.....and I didn't turn them off.

I copied these items below from 'the history' feature on Chrome...... 

Is my laptop safe or is there now 'something hidden' within my hard drive? 

    • 9:03 PM

      or Hard Drive Safety Delete

      kaalbagh . online

    • 9:03 PM

      http:// secure . bidverdrd . com/performance/bdv_rd . dbm?enparms2=7367,1744488,2264075,7318,7322,12617,7528,0,0,7322,0,1743905,418784,17640,112363260489,207759974,nlx.llln&ioa=0&ncm=1&bd_ref_v=www . bidvertiser . com&TREF=1&WIN_NAME=&Category=7&ownid=604364&u_agnt=&skter=ivmgilsh%2Bpmro&skwdb=ooz_wvvu&djsrl=1&djsli=1&PRN=7425060739

      secure . bidverdrd . com

    • 9:03 PM

      Redirecting...

      secure . bidverdrd . com

    • 9:03 PM

      data:text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD52YXIgZXBvY2ggPSBuZXcgRGF0ZSgpLmdldFRpbWUoKTt2YXIgX2Vwb2NoRnJvbVdpbmRvd05hbWUgPSB3aW5kb3cubmFtZS5zcGxpdCgnXycpWzNdO2lmKGVwb2NoIC0gX2Vwb2NoRnJvbVdpbmRvd05hbWUgPCAyNTApe3dpbmRvdy5sb2NhdGlvbj0nJzt9PC9zY3JpcHQ+PC9ib2R5PjwvaHRtbD4=

      data:

Replies

Kudos0

Re: This hit my laptop last night; completely controlled it

Karen

I was reading an article

It could help others to help you to know, unless it's private to you, whether this was an article in a newspaper or magazine on line that you went to deliberately or whether knowledge of the article came from some kind of a popup or other "frame" that could have been a trigger to activating the "warning" which as you sensed could be a scam or malware.

What version of the Norton programs are you using and what version of Windows?

Does your computer restart and that is what you are using or have you had to use another computer to access us.

If you can run your computer apparently normally can you tell us the Version ID of your Norton product which you should be able to see via Help / About where it is in the format nn.nn.nn.nnn where n is a number.

Hopefully you are running normally and the warning was a scam designed to get you  to click on something that would authorize the scammer trying to sell you a new copy of Norton or another product  or would start some actual malware.

If you have any doubts about your computer and are not running it leave it alone and continue your messaging here since if it is malware there are free websites we can point you to that can help cure it but need as little done to the computer as possible before the work with you one to one to fix it.

Hugh
Kudos0

Re: This hit my laptop last night; completely controlled it

Have you done a full scan with NS?

You know that the initial event was a scam since your hardrive was not erased after a shut-down. But that does not mean that your system is not infected with malware of some type. It posssible that it is since the initial attack was sophisticated enough to be able to take control of your PC (or at least your browser) and apparently to disable NS. NS has good self-protection. NS's Firewall has excellent self-protection.

If NS finds nothing try a free trial of a second opinion on-demand scanner such as HitMan Pro from Surf Right or Malwarebytes Anti Malware. If you use Malwarebytes, DO NOT accept the option of trying The Premium Version, as that is an on-access, real time program that could conflict with NS and render both of them less effective. Note, even if NS doesn't find malware that is present on your system during a scan , it can also block malware when it is executed or attempts to do it's dirty work.

Rootkits are notorious for taking control of a PC. There are numerous programs specifically designed to do a deeep scan for rootkits since they are hard to detect. A rootkit is deeply imbedded malware that uses other malware to prevent it from being detected. Direct disk access is the best way to scan for Rootkits. I don't know if NS scans that way because a scan with direct disk access is very slow.

If I had an experience such as the one you describe I would scan my PC every which way but loose. But that's just me.

Kudos0

Re: This hit my laptop last night; completely controlled it

Hello karensflowers

I would recommend that you take your computer to one of the free malware removal sites which we recommend. They can check out your computer to see if you were infected or not. If you are infected, they will work with you on a 1 to 1 basis to help you to clean up your computer. I do hope you have a full image of your computer just in case. Please don't try any quick fixes.

Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users who unfortunately has passed away. That site is still being run by a good expert who happens to be one of the other Gurus.  The new site is listed first in this link.

https://community.norton.com/en/forums/malware-removal-forum-recommendations

Thanks.




 

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: This hit my laptop last night; completely controlled it

@karensflowers:

I am reproducing the issue you met (Norton 360 installed). Apparently, this is just another TECH SCAMMER on the web. Meantime, please use Firefox and/or Chrome as the default web tool for better computer & internet security; @floplot, this domain@ http:// kaalbagh. online / (IP: 97.74.229.150) should be blocked & flagged as soon as possible.

Allowed FF to display those blocked pages, then blank pages were detected. I heard annoying noise when visiting that URL. Seems that "booming voice" had been removed.

That action should be considered as a new form of Scareware.

My VM ran into its "Full Screen" mode when I hit "Leave Page"; then I chose to close all open FF windows, and then, the annoying noise was gone.

Chrome: I had to use WTM to force the page to shut down, then I got the following error log re "AppHangB1".

Now, performed the full scan using Norton 360, found nothing.

Closing words: I am also curious what the website you visited was, e.g., Harry Potter and the Sorcerer's Stone @ goodreads.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: This hit my laptop last night; completely controlled it

Update: MBAM, detected nothing as well.

  • Version: 2.2.1.1043
  • Malware Database: v2016.06.27.02
  • Rootkit Database: v2016.05.27.01 

HitManPro 3.7.14; found 'nothing'; detected the embedded ask search engine for Chrome as "AskBar" instead.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: This hit my laptop last night; completely controlled it

HitManPro 3.7.14; found 'nothing'; flagged Norton Identity Safe (1.0.5) and/or Norton Security (2015.5.6.94) for Chrome as "AskBar", the option "Delete" has been enabled by default. Or, Symantec should contact SurfRight ASAP.

AskBar flag after Chrome version update.  Delete has no affect on my Norton. 

Kudos0

Re: This hit my laptop last night; completely controlled it

@bjim_ I just made correction to my comment above.

@karensflowers: I was unable to re-create this situation "all my Norton security features 'were turned off'"; then you can contact the official Norton Support for more information, directly.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: This hit my laptop last night; completely controlled it

https://www.virustotal.com/en/url/2fa4caf671f0723f550e976c50dc8bc99f957b...

Confirmed -- The site itself CURRENTLY does not appear to drop malware.

I just visited the sight-got the buzzer but no malware. So it's currently not a malicious site that drops malware, merely a clever scam site that uses a loud buzzer as a form of social engineering to scare the pants/skirt off of someone, leading them to call the number and get charged x$ for giving someone access to their PC to steal whatever info, and probably insert malware.

Didn't trigger any alerts from

EMIS 11

HitMan Pro Alert

Watchdog (Zemana) AntiMalware Premium Real Time enabled

Malwarebytes Anti-Exploit

Ad Guard Pro (That among other things blocks access to sites known to have or currently contain malware or phishing sites)

Nevertheless I will be doing a deep scan with EMIS, Root Kit Scan with EMIS with direct disc access enabled, HitMnan Pro, and Watchdog (Zemana) Antimalware :-) LOL   hok<-------- A FOOL for tempting the gods by visiting the site.

NB: Posting a potentially malicious link/site is generally considered a NO-NO so that morons like hok won't be tempted to try it. PM to a Guru would be the proper form. Mods ALWAYS delete such links from security forums because the site could turn malicious at any time.

Kudos0

Re: This hit my laptop last night; completely controlled it

Kudos1 Stats

Re: This hit my laptop last night; completely controlled it

Hi All

We have manually analyzed 'kaalbagh.online' and found it to be malicious. So the rating of this site has been changed to red in safeweb.norton.com.

https://safeweb.norton.com/report/show?url=kaalbagh.online

Cops

Kudos0

Re: This hit my laptop last night; completely controlled it

Console_Ops:

Hi All

We have manually analyzed 'kaalbagh.online' and found it to be malicious. So the rating of this site has been changed to red in safeweb.norton.com.

https://safeweb.norton.com/report/show?url=kaalbagh.online

Cops

What  have you found that is malicious? I visited the site to check it out after seeing that dozens of AVs listed in Virus Total say it is not malicious. Yeah I got a loud buzzer and a scareware page.

Afterwards I deep scanned my PC with Emisoft IS 11, did a deep rootkit scan using EMIS in direct disc access mode, did a deep scan with Watchdog Anti Malware (re branded Zemana Anti-Malware) and HitMan Pro and came up empty on malware.

How does Norton define "malicious. Typically malicious refers to malware dropped/injected into your system that will act maliciously by data mining, installing a bot,damging or perverting your system, etc.

If Norton includes scareware pages into its URL blocking thats great. But did Norton find anything malicous beyond scareware?

Kudos0

Re: This hit my laptop last night; completely controlled it

hok:  What  have you found that is malicious?
Threat Name:  Scam Website
Kudos0

Re: This hit my laptop last night; completely controlled it

hok:

What  have you found that is malicious? I visited the site to check it out after seeing that dozens of AVs listed in Virus Total say it is not malicious. Yeah I got a loud buzzer and a scareware page.

How does Norton define "malicious. Typically malicious refers to malware dropped/injected into your system that will act maliciously by data mining, installing a bot,damging or perverting your system, etc.

If Norton includes scareware pages into its URL blocking thats great. But did Norton find anything malicous beyond scareware?

A drive-by download is only one way of installing malware. Social engineering is another method; therefore a scareware page is no less malicious.

Users can be silently infected just by visiting a web site with attacks known as drive-by downloads or social engineering attacks where misleading applications can attempt to trick users into installing fake antivirus solutions or fake video players....

Misleading applications intentionally misrepresent the security status of a computer. Misleading applications attempt to convince the user that he or she must remove potentially malware or security risks (usually nonexistent or fake) from the computer. The application will hold the user hostage by refusing to allow him or her to remove or fix the phantom problems until the 'required' software is purchased and installed. Misleading applications often look convincing - the programs may look like legitimate security programs and often have corresponding websites with user testimonials, lists of features, etc.
 

Malicious Site: Malicious Web Site, Domain, or URL (1)

Kudos0

Re: This hit my laptop last night; completely controlled it

IDK, ....SafeWeb is not reporting Intrusion Signature > Malicious Site: Malicious Web Site, Domain, or URL (1)
I'm seeing > Threat Name:  Scam Website

Kudos0

Re: This hit my laptop last night; completely controlled it

I posted the Malicious Site description to help answer the question about whether Norton considers social engineering sites to be malicious.  They do.

Kudos0

Re: This hit my laptop last night; completely controlled it

I didn't expand the description by using the arrow to see the full description.

Only the paranoid survive :-)

Kudos0

Re: This hit my laptop last night; completely controlled it

So... just to summarise it, this particular website other than displaying messages about infection and risk of local disc being wiped clean, it is actually fully harmless and it did not download any program/malware to the user computer? That is the definition of a scareware?

Questions...

Q1: So this is far from being a ransomware, right?
Q2: Disc being wiped clean is not even real, right?
Q3: The way to deal with it is to just terminate the browser and never visit the site again?

Thank you for your time.

cheers!
Kudos0

Re: This hit my laptop last night; completely controlled it

@tancheeping:

Q1: So this is far from being a ransomware, right?

Yes. Or your computer should have been blocked COMPLETELY.

Ransomeware is also considered as Trojan Horse. See more info here.

Misleading applications: - Misleading applications misguide you about the security status of your computer...

Moreover, avoid visiting compromised websites and/or using some risky apps like the Windows version of MyPC Backup, Reimage Repair and other so-called driver manager.

Q2: Disc being wiped clean is not even real, right?

Yes. They are totally misleading & FAKE junk.

Q3: The way to deal with it is to just terminate the browser and never visit the site again?

Block, and report that IP.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)

This thread is closed from further comment. Please visit the forum to start a new thread.