RansomWare – Support.com-techsupport513.com

Background

Playing around with Chrome earlier today and ran into this RansomWare.

Chrome

Textual:


** STOP: 0x0000007E (0xFFFFFFFFFC000000047, 0xFFFFFF800002EB5B48)
Serious security threats have been detected on your computer. Your personal photos, credit card information and passwords may be compromised.

It is highly recommended you do NOT continue using your computer until you've contacted an official technician. Your IP 10.0.1.4 may be under attack.

Please call this number as soon as possible.
CALL 855-464-6657 (PRESS 1)
An official technician will help you remove any adware/spyware on your computer.

Image:

supportCropped

 

 

Firefox

The same error appears in Mozilla Firefox, but it is not nearly as imposing as the dialog box is not modal and one can close the tab.

 

Site

The URL of the site that was menacing me is support.com-techsupport513.com

 

Immediate Help

Chrome

Chrome Task Manager

Here is how to close the RansomWare Tab.

  1. In Chrome, try to access Chrome’s Task Manager by clicking the Shift-Esc key combination
  2. In our case, that key combination is already in-use by the “Intel Management and Security Software”.  More later on configuring the Intel Tool to use an alternate key combination
  3. If by chance, you are able to bring up Chrome’s task manager it might not be visible or quickly overlaid by the Ransomware.  If so, please re-arrange your windows and look for it
  4. Another way of accessing Chrome’s Task Manager is to try launching a new Chrome Application\Window altogether and accessing the Task Manager from that window.
    • One of the many good things about Chrome is that it’s Task Manager lists all opened Tabs, not just the ones in the current application
    • But, the chances of you being able to launch a new Chrome Application is a bit slim, as the message box is quite modal for all Chrome Apps
  5. If you are able to access the Task Manager
    • Select the “Tab:Security Warning” row
    • Once the troubling tab is selected, Click the “End Process” button

 

Task Manager – Google Chrome

taskmanager-SecurityWarning

 

Brute Force Kill

If you are on unable to access Google Task Manager and close the specific Tab, I will suggest that you use Windows Task Manager and kill your Chrome’s processes.

Though one can use Microsoft Spy++ to identify the Windows handle and convert the App’s Process ID from Hex to Decimal and attempt to close of a singular process, it seems all Google’s processes are often terminated.

 

Workaround

Network

One possible work-around for malfeasance web sites is to null them out via your local hosts file.

To your C:\Windows\System32\drivers\etc\hosts file, add support.com-techsupport513.com and set the IP Address to 127.0.0.1.

hosts

 

Thankfully some routers and Wireless Access Points allow one to generalize this for all hosts using that gateway.

 

Chrome

Only Allow Pop-Ups for specific Web Sites

It is a good practice to return your Chrome Settings to only allowing Pop-ups from specific web sites.

Advanced Setting

  1. In Chrome, access Advanced Settings/Content Page ( chrome://settings/content )
  2. In the Pop-ups group-box, select the “Do not allow any site to show pop-ups (recommended )
  3. Explicitly add sites that you will like to permit pop-ups by clicking the “Manage exceptions…” button

 

Pop-ups

ContentSettings-Popups-After

 

Pop-ups Exceptions

PopUpException

 

KeyStroke Combination Struggle

Unfortunately, identical KeyStroke combinations can be preferred by various Vendors and Applications.

Google Chrome wanted to register Shift-Esc.

keyStrokeCombinationShiftEscCropped

But, “Intel Management and Security Status” launched prior to Google Chrome, and it already requested and registered that key combination.

Our options included preventing the Intel’s tool from auto-starting or changing it’s hotkey.

The default hotkey is shown below:

WhatIsIntelAMT

 

We changed it to Shift-F10.

ShiftF10.20151230.0729PM

One thought on “RansomWare – Support.com-techsupport513.com

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s