Malicious Websites and RDN/YahLover.worm Scam

 

Recently one of my clients was surfing the web and was suddenly presented with the window shown below in their browser.  When you see something like this on your computer, NEVER, NEVER click anywhere on that webpage OR call the phone number shown.  Just don’t do it!

 

 

YIKES!

 

My client could not close the browser window or navigate away from this notice.  He did exactly the right thing.  He called me and asked me to solve this one.

No problem.  I’m in BC and he is in Nova Scotia.  I used my remote access software to ‘zoom’ into his computer and had a look around.

The first thing I did was take a screenshot for future reference.  It turns out I couldn’t close that browser tab normally either.  Right-clicking the browser on the Windows taskbar and selecting ‘close window’ didn’t work either.

I fired up Windows Task Manager, clicked on the ‘processes’ tab, selected the web browser, then clicked on the ‘End task’ button.  That did the trick!  The web browser closed.

 

Windows Task Manager Showing the Chrome Web Browser

 

Next I opened Webroot.  All my clients run Webroot SecureAnywhere Endpoint Protection for Business.   In Webroot under Utilities I clicked on the ‘Optimize Now’ button.  That does a very thorough job removing web browser cached files – which is necessary in case this malicious software left any traces on the computer.

 

Webroot SecureAnywhere Showing the Optimize Now Button

Problem solved.  I initiated a manual Webroot scan, and monitored that computer for a couple days.  Everything was ok!

_
Dennis Strain
Northern Support by Enclave Managed Networks
Box 365, Smithers, BC, Canada V0J 2N0
1-888-779-2833 toll-free
1-250-847-2589 office
dstrain@enclave365.ca