Your Computer Has Been Blocked: How the new scam works

47

Some users have reported the appearance of a scam message (error # 0x2328-0x2edf) while browsing the web with various browsers: here’s how to get rid of it.

We have received several reports of a scam whose ultimate goal is to extort money from the unfortunate.

Visiting some websites, both Italian and foreign, you may suddenly see a screen similar to the one shown in the figure with the message ” Your computer has been blocked. Error # 0x2328-0x2edf. This warning may indicate a criticality of your PC. Turning off your computer could cause even more serious malfunctions. All the information saved on your PC could be stolen by malicious people/hackers. All the data saved on your PC could be at risk … “.

Even those with a minimum of experience in the IT field will immediately understand that it is a false message (in this case, it is presented as coming from Microsoft). You are invited to call an Italian landline number.

Contacted by phone, the scammers will try to extort money (usually around 100 euros) to “help” the user solve the problem.

In this case, on this page, on Tellows, are the testimonies of some users who have unfortunately fallen into the clutches of criminals.

This is a further improved version of a type of aggression that has been in vogue for several years now (in English, it is called TSS or technical support scam ).

The scam is not only in vogue in Italy but also in many other countries. In the version in circulation these days, code is used that triggers hundreds of download attempts by blocking the web browser and making it unable to respond to any maneuver by the user (i.e., closing the browser by clicking on the “X,” closing the single tab in which the scam code was loaded, …).

Look, in the following figure, the countless download attempts made by the malicious page that led to the blocking, in this case, of Chrome.

For over a year, scammers have then started using techniques based on Base64 encoding, routines to obfuscate the code, and AES encryption to make scams more difficult to recognize in an automated way.

How to regain control of the browser

The scammer often attempts to install malicious components on victims’ systems, urging them to open-end harmful or exploiting flaws inherent in the web browser.

To avoid problems and not run the risk of having malicious code automatically executed remotely, it is essential to always keep the web browser updated.

Think of this vulnerability recently discovered in Chrome and immediately corrected by Google technicians: Chrome to be updated immediately: vulnerabilities that can be exploited to execute malicious code.

Therefore, regularly installing the latest versions of the browser is an essential step to avoid problems: Chrome update: why do it and what the icons mean.

If the browser is not updated or in any case if you authorize the execution of a malicious component on the local system, you usually incur the theft of personal data (the first information that is retrieved and transmitted on servers managed by the attackers are the access credentials various services and websites, such as those stored in the browser password manager).

To get out of the way if the bogus ” Your computer has been locked ” error message is stuck on the recent tab, we suggest pressing the key combination CTRL + SHIFT + ESC to open the Task Manager window ( Task Manager ) then select the processes used by your browser and clicking activity.

Alternatively, you can open a command prompt window ( Windows + R, cmd ) then type the following depending on your browser:

taskkill / im chrome.exe / f taskkill
/ im firefox.exe / f
taskkill / im opera .exe / f

If you had set your browser in such a way as to reopen the tabs used during the previous work session, the scam code could be automatically reloaded.

In Chrome, just avoid clicking on the button that allows you to restore the previous work session and, therefore, the websites opened previously.

In Firefox, just hold down the SHIFT key while clicking on the browser icon to restart it.

First, you can click Start in Safe Mode: Firefox should avoid loading the last web page viewed.

If that doesn’t fix it, just press the Windows + R key combination, then type % appdata% \ Mozilla \ Firefox \ Profiles. Going to your Firefox user profile folder and deleting (or temporarily copying elsewhere) the session store-backups folder and the file with a name beginning with sessionstore.json should solve the problem by avoiding loading all previously opened tabs.

As a final step, it is advisable to scan the entire system with a tool like Malwarebytes (the download is available at this address ). Unfortunately, if you performed some harmful component conveyed by the scam page, it will be necessary to change the access credentials to the various services after removing the malware.

More information is also on the Microsoft site dedicated to computer fraud and, in particular, to the topic of technical support scams.