Have I just been hacked?
 

I was looking at a web page (I forget which one) and all of a sudden I get a message saying contact Windows Security as Windows Defender has stopped a hack attempt, the computer was frozen and no mouse.
I called the number and the tech gave me instructions to press the Windows key along with another and that got me a dialog box to type in www.ultraviewer.net. I did that and hit the download button and now have a file called ultraviewer_setup_p6.5_en on my drive in the download file.
What should I do?
Delete the file?
How can I find any files it may have already installed?

I think you just broke every rule of internet security. I would turn it off and schedule an appointment with a computer shop or find someone very knowledgeable to clean your computer up.

Good luck.

Googling Ultraviewer and it is software that allows remote access to your computer. Keep that thing turned off. Use another computer to change passwords of important sites.

The popup box was fake. Microsoft will never ask you to call them. Never call anyone if a number pops up on your screen. Microsoft would not have asked you to install ultraviewer.

So you downloaded the file? Did you run/double-click the file? I hope that you did NOT double click the file. Ultraviewer itself might not necessarily be a bad thing. I think it's just a remote viewing/controlling app. But who knows where you downloaded it from.

Assuming your downloaded the file, but did not run the file, and aren't still talking to the guy on the phone, you're probably OK.

Do you have windows defender?

absolutely. scamming call center wet dream.



If all he did was download the ultraviewer executable, he's probably OK.

But yes, it wouldn't hurt to have someone knowledgeable check things out.

I don't know what the process would be like on a current windows platform. In days past, I'd recommend checking all running processes and looking for anything weird (which if you aren't knowledgeable might be almost everything), then a deep scan by whatever the current free Windows security software is (defender or whatever it's called), and then I might recommend checking out another software like malwarebytes or something like that.

It's a scam.
They will use remote viewer to "remove the virus".
Then sell you a monthly security fee.

If you got that far and tick them off, they can change your passwords, and lock you out.

I think I'm OK guys.
As soon as I clicked the download button the phone line went dead to dial tone.
I'm running windows defender and that's what the window said stopped the trojan from downloading. That's the only reason I called the number.
I've run two scans now and deleted the file that downloaded. I did not click it to run it as I know an executable file when I see one.
If I did in fact loose mouse control in that situation, how should I have reacted to a non-responsive computer?

Yep, you let the hacker in the front door.

Rule one is never ever click a link on any email, unless your are 100% sure it is legitimate.

You best bet is open your browser, and search for the company, and then find the contact information.

A coupe of years ago I got a call and it was supposed to be my credit card company. I asked her name, and she gave it to me. I asked If I call the number on the back of my CC will I be able to ask for her extension. She said yes. I hung up, dialed the number on my card, and spoke to her. I was satisfied she was legit. She asked if I was in Italy buying expensive scuba gear. I assured he I was at home and would never be buying scuba equipment, and my card was in my wallet. She canceled it, and sent me a new card.

So in Scott's situation - computer frozen and no mouse - what's the safest next step?

And it wasn't a link in an email.
I was just browsing a site, I forget which one now, and all of a sudden this thing happens.

I would do a hard power off and then restart.

I'd probably check some keystrokes.

alt-tab should switch to another "window" in windows. It's possible that by switching to another app, the mouse might have started working again. It may have just been disabled/locked up by the popup.
ctrl-alt-delete should allow you to bring up task manager. Then you could potentially close the offending window.

If nothing else you would at least know that your computer was still responsive.

If things seemed completely hung, then yes, hold the power button until the machine powers off (~10 secs usually), then power back on.

This video was created to sell an anti-malware product "malwarefox" or something like that. I'm NOT RECOMMENDING that software, but the video content seems fairly legit otherwise.

<iframe width="560" height="315" src="https://www.youtube.com/embed/KMuiP1HzjQY" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

This looks/sounds like what you experienced.

<iframe width="560" height="315" src="https://www.youtube.com/embed/heJq8hMgtME" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

This.

That's exactly what I experienced.

Based on what you've said, you are probably fine.

Mrs Rocket is computer/technology impaired. She recently got something that popped up on her screen. She called the number and when they were asking for financial information, she hung up. 😵*💫

When I talked to her, I said don’t try anything, turn it off, and take it to the nearest computer shop to get fixed.

CTRL+ALT+DELETE

Kill the browser process.

Sorry to hear, you need to clean your PC and change all passwords for sites you save the passwords to in your browser (banking, etc.), if you do.

Either take the PC to a professional, or if you are so inclined, create a couple of USB boot drives on another PC with AV programs like BitDefender/Malwarebytes, and boot the PC and switch to USB boot drive and run the programs to scan your PC. I prefer to use at least 2 AV boot drives.

Even with this, if they were skilled (doesn’t sound like it), some dll’s could have been replaced. A full re-install of windows would be another layer of protection, I know, I know…

Good luck

Take the above guidance seriously. Get the PC scanned by a service/pro please - and change your email passwords NOW. That is the first thing a hacker is after - with that - they can take over any accounts you access by requesting a PWD reset be sent to the email address.

I appreciate all the advice given.
I've downloaded Malwarebytes and this is all a scan found:
http://forums.pelicanparts.com/uploa...1662734627.JPG
I don't think I got any infection from my foray into that site.
I will be more cautious in the future. Brain fade on my part yesterday as I'm usually very leery of everything that goes on with my computer.
I think the tell tale that they were/are amateurs was the quick disconnect of the phone line. The number I had called wasn't the same as what is shown in the video linked above.
I don't do any banking on this computer, that happens on my wife's as she is the banker in the family. If they did get any password info from mine the list would be so short they probably wouldn't bother looking as it would indicate I live under a rock.
Thanks again for the help, and next time it'll be cntrl/alt/delete for me.

I use CCleaner which checks .dlls, finds and updates drivers (better than Windows), and shows running and/or installed processes (which for some reason Windows does not always do).


https://support.microsoft.com/en-us/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e
At the command prompt, type the following command, and then press ENTER:
sfc /scannow

I am little late to the game for advice, but there are two better/faster options in windows to close programs.

ALT+F4 will close the active window/program.

CTRL+Shift+ESC will bring up the task manager for you to kill the process/app.

Better late than never works for me Shifter. Thanks!

yes you were hacked.

Should probably consider the pc suspect
best to hand it over to somebody who knows what he's doing, and who can reinstall the OS
and hopefully clear your data before it gets corrupted or deleted.

Folks, based on his description of events, he wasn't actually hacked.

He got a popup (those can happen without doing anything to the computer). He called the number and downloaded a "legit" software from a "legit" site. If he had performed the next step (install said software and then give the guy on the phone access) he'd have been screwed. Fortunately, he stopped just in time.

It's good to scan things.

If the popup was because his computer had been compromised (bad software installed), then they likely wouldn't have needed him to download the remote control software because that capability would have been included in the original bad software.

Still, better to thoroughly check things out and be sure.

Well I would assume he was since his PC frooze and he got a popup from a criminal source.
Till further notice I would not use the pc, if it wer emine i'de power off straight away and scan from a boot disk that is known to be ok

I assume the worst till proof of contrary

His PC didn't freeze because he hit Windows+R and got the "Run" box.

But, like I said better to thoroughly check things out and be sure.

I think since he never installed the remote access program, but only downloaded it, should be fine.

However to be safe, change your most important passwords using a different PC or your tablet or phone. Reboot, keep scanning until you are satisfied no Trojans were installed.

I agree. They were trying to get him to install remote access, but he never did.