Have I just been hacked?

Scott Douglas · Scott Douglas's Garage

I was looking at a web page (I forget which one) and all of a sudden I get a message saying contact Windows Security as Windows Defender has stopped a hack attempt, the computer was frozen and no mouse.
I called the number and the tech gave me instructions to press the Windows key along with another and that got me a dialog box to type in www.ultraviewer.net. I did that and hit the download button and now have a file called ultraviewer_setup_p6.5_en on my drive in the download file.
What should I do?
Delete the file?
How can I find any files it may have already installed?

rwest · rwest's Garage

I think you just broke every rule of internet security. I would turn it off and schedule an appointment with a computer shop or find someone very knowledgeable to clean your computer up.

Good luck.

rwest · rwest's Garage

Googling Ultraviewer and it is software that allows remote access to your computer. Keep that thing turned off. Use another computer to change passwords of important sites.

masraum · 09-08-2022, 12:58 PM

The popup box was fake. Microsoft will never ask you to call them. Never call anyone if a number pops up on your screen. Microsoft would not have asked you to install ultraviewer.

So you downloaded the file? Did you run/double-click the file? I hope that you did NOT double click the file. Ultraviewer itself might not necessarily be a bad thing. I think it's just a remote viewing/controlling app. But who knows where you downloaded it from.

Assuming your downloaded the file, but did not run the file, and aren't still talking to the guy on the phone, you're probably OK.

Do you have windows defender?

masraum · 09-08-2022, 01:03 PM

Quote:

Originally Posted by rwest

I think you just broke every rule of internet security.

absolutely. scamming call center wet dream.

If all he did was download the ultraviewer executable, he's probably OK.

But yes, it wouldn't hurt to have someone knowledgeable check things out.

I don't know what the process would be like on a current windows platform. In days past, I'd recommend checking all running processes and looking for anything weird (which if you aren't knowledgeable might be almost everything), then a deep scan by whatever the current free Windows security software is (defender or whatever it's called), and then I might recommend checking out another software like malwarebytes or something like that.

Tervuren · Tervuren's Garage

It's a scam.
They will use remote viewer to "remove the virus".
Then sell you a monthly security fee.

If you got that far and tick them off, they can change your passwords, and lock you out.

Scott Douglas · Scott Douglas's Garage

I think I'm OK guys.
As soon as I clicked the download button the phone line went dead to dial tone.
I'm running windows defender and that's what the window said stopped the trojan from downloading. That's the only reason I called the number.
I've run two scans now and deleted the file that downloaded. I did not click it to run it as I know an executable file when I see one.
If I did in fact loose mouse control in that situation, how should I have reacted to a non-responsive computer?

GH85Carrera · GH85Carrera's Garage

Yep, you let the hacker in the front door.

Rule one is never ever click a link on any email, unless your are 100% sure it is legitimate.

You best bet is open your browser, and search for the company, and then find the contact information.

A coupe of years ago I got a call and it was supposed to be my credit card company. I asked her name, and she gave it to me. I asked If I call the number on the back of my CC will I be able to ask for her extension. She said yes. I hung up, dialed the number on my card, and spoke to her. I was satisfied she was legit. She asked if I was in Italy buying expensive scuba gear. I assured he I was at home and would never be buying scuba equipment, and my card was in my wallet. She canceled it, and sent me a new card.

KNS · 09-08-2022, 01:23 PM

So in Scott's situation - computer frozen and no mouse - what's the safest next step?

Scott Douglas · Scott Douglas's Garage

And it wasn't a link in an email.
I was just browsing a site, I forget which one now, and all of a sudden this thing happens.

stevej37 · 09-08-2022, 01:30 PM

Quote:

Originally Posted by KNS

So in Scott's situation - computer frozen and no mouse - what's the safest next step?

I would do a hard power off and then restart.

masraum · 09-08-2022, 01:47 PM

I'd probably check some keystrokes.

alt-tab should switch to another "window" in windows. It's possible that by switching to another app, the mouse might have started working again. It may have just been disabled/locked up by the popup.
ctrl-alt-delete should allow you to bring up task manager. Then you could potentially close the offending window.

If nothing else you would at least know that your computer was still responsive.

If things seemed completely hung, then yes, hold the power button until the machine powers off (~10 secs usually), then power back on.

masraum · 09-08-2022, 01:53 PM

This video was created to sell an anti-malware product "malwarefox" or something like that. I'm NOT RECOMMENDING that software, but the video content seems fairly legit otherwise.

masraum · 09-08-2022, 01:59 PM

This looks/sounds like what you experienced.

stomachmonkey · 09-08-2022, 02:00 PM

Quote:

Originally Posted by rwest

I think you just broke every rule of internet security. I would turn it off and schedule an appointment with a computer shop or find someone very knowledgeable to clean your computer up.

Good luck.

This.

Scott Douglas · Scott Douglas's Garage

Quote:

Originally Posted by masraum

This looks/sounds like what you experienced.

That's exactly what I experienced.

masraum · 09-08-2022, 02:47 PM

Quote:

Originally Posted by Scott Douglas

That's exactly what I experienced.

Based on what you've said, you are probably fine.

A930Rocket · 09-08-2022, 05:52 PM

Mrs Rocket is computer/technology impaired. She recently got something that popped up on her screen. She called the number and when they were asking for financial information, she hung up. 😵*💫

When I talked to her, I said don’t try anything, turn it off, and take it to the nearest computer shop to get fixed.

stomachmonkey · 09-08-2022, 07:58 PM

Quote:

Originally Posted by KNS

So in Scott's situation - computer frozen and no mouse - what's the safest next step?

CTRL+ALT+DELETE

Kill the browser process.

stealthn · 09-09-2022, 05:49 AM

Sorry to hear, you need to clean your PC and change all passwords for sites you save the passwords to in your browser (banking, etc.), if you do.

Either take the PC to a professional, or if you are so inclined, create a couple of USB boot drives on another PC with AV programs like BitDefender/Malwarebytes, and boot the PC and switch to USB boot drive and run the programs to scan your PC. I prefer to use at least 2 AV boot drives.

Even with this, if they were skilled (doesn’t sound like it), some dll’s could have been replaced. A full re-install of windows would be another layer of protection, I know, I know…

Good luck