The virus site blocks the browser and requires payment of a fine by the Ministry of Internal Affairs
We were repeatedly approached by clients complaining that “the virus has blocked the computer and extort money”. After studying the problem, it became clear that in reality the infection of the computer does not occur.
The user is shown a web page disguised as an official document of the SBU or the Ministry of Internal Affairs, requiring payment of money and accusing of viewing pornography, etc. In Chrome-like browsers, a malicious script is launched that prevents the page from being closed.
We decided to try to catch this “virus” and examine its behavior in different browsers.
Your computer is not infected. Do not pay a fine! These are scammers! See solution below.We go to a malicious site
As a rule, infection occurs through a site found using a search engine. For example, the author of this article went to a malicious site for the query “emoticons VK codes”.
Google search results
The first search result leads us to the telegram.rf website:
Telegram.rf website redirecting user to malware
This site in itself looks very doubtful due to the large amount of advertising on the page. But, in addition to harmless advertising, when you click anywhere on the page, an additional window opens:
Malicious site with lock window
Here we observe a web page with a strange address that masquerades as an official document of the Ministry of Internal Affairs of Ukraine. It says that the computer was locked and the files were encrypted and it is required to transfer payment to scammers:
Your computer’s buve of locks with bezpek. All information on your computer is covered. Usi your files are encrypted. With a stretch of 12 years, the criminal justice will be brought to trial.
Using special techniques, malicious code does not allow you to close your browser or go to another page. This may give inexperienced users the impression that the computer is indeed locked.
To close this window in Google Chrome, Opera 20+ or Yandex, click the Refresh Page button and immediately use the keyboard shortcut Ctrl + F4 to close the tab.
Virus site behavior in other browsers
The behavior of the now popular Yandex browser and Opera 20+ is no different from Chrome (which is not surprising, because they all work on the same engine).
Yandex browser with a lock window
Helps to press the Refresh button and a combination of Ctrl + F4.
Opera 12 is not affected by this “disease”. A page with malicious code is constantly reloading and does not prevent closing.
Mozilla Firefox is virtually unaffected.
Mozilla Firefox with a lock window
In Mozilla Firefox, click OK. Then select “Stay on the page.” Close the tab (Ctrl + F4) or the browser.
Underused in our area, the Safari browser is also prone to this “disease”
Safari with a lock window
We did not find the opportunity to close the window, so we had to apply kung fu and remove the process through the “Task Manager” (in Windows using the keyboard shortcut Ctrl + Alt + Del).
Report malware to search engines
After you successfully get rid of the pest, help others avoid this error. It is necessary to inform search engines that this site is malicious. You can see his address in the browser history.
Please inform Google about the malicious site at: www.google.com/safebrowsing/report_badware/
Report Google Malicious Site
Yandex search engine can be notified of a malicious website at: webmaster.yandex.ua/delspam.xml
Report Yandex about malicious site
thank you for message
Done. With a sense of accomplishment, surf the Internet further.