Resolved Question

Got Hijack/ransom malware trying to read Yahoo news story

Jan 14, 2018 3:50PM PST

Thursday afternoon my laptop got the usual "your computer is infected, call this number, supposedly from Microsoft" when I tried to click on a Yahoo news story about the upcoming NE storm. Machine was locked, couldn't do anything. Took it to expert computer friend who removed it. He removed Google Chrome as well, appeared to have rootkit stuck to it. Not sure yet if its OK or if it will have to be wiped. Its a Win 10.
Using desktop with Firefox, Win 7, put Malware Bytes on it, free premium trial. Today also went to Yahoo news and clicked on article, popup from Malware Bytes that they blocked suspicious activity.
Has anyone else had this experience with Yahoo news articles or have the hackers just decided to continue attacking my IP address?
My devices are NOT networked just in case such an event were to occur.

Discussion is locked

drjudithvolpe has chosen the best answer to their question. View answer
Follow
Reply to: Got Hijack/ransom malware trying to read Yahoo news story
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Got Hijack/ransom malware trying to read Yahoo news story
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Clarification Request
Where is this hijack?
Jan 14, 2018 3:56PM PST

Web sites, ad feeds can show that "your computer is infected" so to get infected, YOU HAVE TO DO SOMETHING. Unless you are running an out of date browser on say XP I have yet to see a drive by infection.

The rest of your post reads as if the owner installed the bad things.

Have you ever heard of NINITE.COM?

- Collapse -
Response to R. Proffitt
Jan 14, 2018 4:18PM PST

I am a doctor, not a computer person. So by hijack I mean my machine was locked, frozen by the malware. That has never happened to me before. I didn't install anything bad. I haven't installed any programs on that laptop for months. That morning I did attend a medical webinar on that laptop but that's limited and they close down the connection when the webinar ends, I attend a number of professional events that way. I am sure the malware was installed but not with my knowledge. Ads sometimes open automatically and I have to click the close symbol. But it came on when I tried to read the Yahoo news story.

- Collapse -
The way malware works today...
Jan 14, 2018 4:24PM PST

when ads/popups happen, clicking on the x out can install the malware. better to use ALTf4 to get out of it. That said, Yahoo is well known for exploits.
Dafydd.

- Collapse -
Malware without popups
Jan 16, 2018 12:13PM PST

Tried to read a yahoo news article today. No popups. MalewareBytes blocked it, saying a suspicious IP address was trying to put malware on my computer. This is a new device, not networked with the one that was infected. No more yahoo news for me.

- Collapse -
check modem logs
Feb 14, 2018 5:05PM PST

or have your provider check the logs. if modem over year old replace.
this yahoo stuff goes after the modem/router. even after you clean computer there can be back ground virus, links and modem hijack.
check the modem, delete everything yahoo on your computer EVERYTHING. programs search toolbar and any short cuts/links.
you can clean everything and click on a link in your bookmarks week later and bam infected again. or if they hijack the modem/router they can come and go as they please forever and its not low level addware. it goes after everything.
tobe safe change all your passwords asap on a different computer, say a computer at work you know is safe and secure i did.

- Collapse -
Problem redux
Mar 16, 2018 8:40PM PDT

I set up a new desktop given to me as a gift, it was sealed in box, and just loaded Firefox as a browser, it came with Internet Explorer, its Win 7 pro unit. Used it 2 months, no problems. Just didn't click on any Yahoo news articles. None of my computers are networked, but they do share the same cable box and Vonage router. My browsers are very slow but intuition told me not to load Chrome.
Brain-addled friend with severe ADD loaded Chrome without asking me. The second time he used it the original "your computer is infected, call Microsoft popped up". This time I did a hard shutdown, reopened, deleted Google Chrome, no problems for a few days.
However I am not skilled enough to go into the registry and remove the last traces of Chrome. Somehow this infection is linked to Chrome, the malware seems capable of re-directing Chrome to it.
I will screen the unit with programs from bleepingcomputer.com and see what they say. Where do you think the infection is originating? Are they monitoring my IP address, did they put the malware in the cable box? Could not get cable box logs, I own the box, and Motorola does not "support" that model anymore. Changing IP address easy enough.

- Collapse -
This is why a lot of folk move to
Jan 14, 2018 4:38PM PST

Either a Chromebook, some big Android tablet, Apple or other. Microsoft hasn't yet refined Windows to the point we can avoid knowing a lot more or having support. It's all too easy for users to get a Windows PC infected today no matter what Security Suite they use.

As to the lockup, I know about the old Javascript Bombs. I have not revisited that issue for a few years as everytime I check, there's always a way to lock up a browser or possibly a PC with bad code from a web page. This is not a sign it's infected.

As to Yahoo I found that Opera's Adblocker (which you have to turn on) or adding an AdBlocker to Chrome, Firefox or other is another line of defense. The web sites like CNET hate it but as long as it remains a possible infection vector I keep using blockers.

As to NINITE.COM, that's my go to site to get Chrome and other titles without add ons or "things I don't want." There are articles about this on the web. Here's one for light reading.

https://www.howtogeek.com/201354/ninite-is-the-only-safe-place-to-get-windows-freeware/

While I think it's fine to get Chrome from Google, there are sites that add on to what you download and many folk fall for "Increase your PC Performance Now" Adverts. As a doctor I'm sure you have encountered folk that fell for some sort of enhancer products.

Best Answer

- Collapse -
yahoo malware problem
Feb 14, 2018 4:49PM PST

yahoo diffinitrly has a malware problem.
i am not a computer expert so people need excuse my verbage.
the malware is embedded in some of yahoo content (YOU DO NOT HAVE TO DOWNLOAD ANYTHING) it will load and infect when you click on the news link. i dont know how it works but some of it is aggressive and difficult. all my stuff was upto date except the comcast modem was almost two years old.
when a comcast rep. dialed into modem log he said modem under extreme attack, i replaced modem/router combo 40 min. latter. cleaned computer and setup new modem.
this am i was reading yahoo 3mins. news story and computer came under attack again. thats when i realized yahoo was the problem when malware stopped it and new modem and firewall must have helped, when i had the major attack weeks ago it was 1-3 days after using yahoo fiance.
google it yahoo has had major issue for years and i guess is too desperate for add money to clamp down and fix?? i used yahoo from the early days always liked certain aspects. shame how bad and how many times the top brass has screwed up a once perfectly good web site, well that was the straw that broke the camels back, i ran a search and deleted every program and short cut related to yahoo and as of today no more yahoo ever. i know most here are experienced users but this yahoo **** is bad it got into my amazon acct. in under an hour. and i have random 20 character user names and passwords on everything. maybe a good modem and separate router will protect?? but i am a low skills computer user so yahoo isnt much good for much anymore so why take a chance delete yahoo and anything associated with it.

- Collapse -
Answer
Things to look at if this happens
Feb 18, 2018 9:05AM PST

First, lets secure your network..

Ok most of the hytron modem/router/wifi has their login screen exposed to the internet. Please set a password that is not a dictionary word, with number and symbols. at least 10 characters. There should be no ports forwarded in the router either for the average consumer.

Second, lets clean the machine up:

remove back door Trojans and malware using at least three different scanning software (I use spybot S&D, malwarebytes, and trend micro's housecall.) Since you are using windows 10 I would recommend securing your privacy. There are several guides to this.

Alternatively , you can get rid of Microsoft and install a Linux operating system (CentOS, Fedora, Xubuntu) as most of the internet runs bug free on those operating systems. This is a better fix for PC computers as linux has the correct access permissions architecture. MacOs was built off of linux architecture and was pretty bug free until they partnered up with Microsoft and changed some of the internet's direct hard drive access in the macOS so Microsoft DRM sites like Amazon Video and Netflix
would run (which is why those sites don't work in Linux because its doesn't allow access from unknown sources)

- Collapse -
You're Wrong (About The Deletion)
May 29, 2018 2:52PM PDT

as i heard,windows 10 is really linux.

CNET Forums

Forum Info