Recently I assisted an elderly friend with his computer. He called me up saying he had a virus on his computer.
Here’s what I found:
- Once he signed into his laptop this is what showed up:
The timemachine and disk messages are real. Everything else on the screen is rendered in a single webpage which I thought was quite creative. (It’s hilarious though that it’s a mac site but it says access to your PC has been blocked) - Swiping up with multiple fingers revealed the full screened browser window:
- It then threw another error (still in the same window):
After closing out the site and running malwarebytes I gave a little speel about being careful about clicking on links etc. I then called it a day and went home.
Shortly thereafter he called me up again and said that he had the same issue on his iMac. I made it out Christmas Eve and found the same type of site also in full screen so as to appear to be multiple programs. This one however had an actual URL (which I lost) and was also windows specfic.
This time as before I tried to locate which processid spawned the safari window that the site was showing up in. This time however I tried navigating back and found https://refdesk.com/. This is a site that both he and his wife uses as their home page. I ran the site through virus total (https://www.virustotal.com/gui/url/51d9e12513d8d980049eaba02925dede005496f914778a365ec4fee98821f388) and my current theory is that an advertizement on this site was malicious and linked to both of these two pages.
Both times I ran malwarebytes and both times it came back with nothing. I believe since he did a great job not clicking on anything once the pages opened. Based on that I’m comfortable leaving them as is.
Unfortunatly the IP address is no longer loading a site and I misplaced the URL I’m not able to assess further any specific payloads that the sites were setup to deliver.
To solve this I installed an adblocker on both of his Macs and he hasn’t reported any issues since.
TLDR: Don’t wait weeks to investigate malicious actors ;) Also, friends are great :)