Warning: Use of undefined constant user_level - assumed 'user_level' (this will throw an Error in a future version of PHP) in /homepages/13/d121821522/htdocs/mvt/wp-content/plugins/ultimate-google-analytics/ultimate_ga.php on line 524
Problem: Had a client that had their IE session hijacked by some program. The session was stuck on a page saying “IE Warning” and a pop up with the following error:
“ IE – Alert Suspicious Activity Might Have been Detected. Browser: IE 10.0 OS: Windows
To fix this please call Support for Windows.
1-877-219-1558 (TOLL FREE) as soon as possible”
First of all, don’t call this number. It is a scam and Microsoft will not initiate support like this. Most likely, you’ll get in touch with a person who will try to charge you an arm and a leg to fix this issue. The other annoying part of this error is that when you click “OK” the pop up keeps appearing. No way to exit out of Internet Explorer either. My client felt pretty stuck.
Solution: I was able to remedy the problem using the following steps:
- I went into task manager and forced Internet Explorer to shut down. Took a few tries but was finally able to shut it down.
- I then went into control panel and checked Programs and Features to make sure that there wasn’t any malware installed. It was clean so I then figured it had to be an add-in. That is usually the case with Chrome.
- I stayed in control panel and went to Internet Options and reset IE to defaults.
- Opened up Internet Explorer and went to the “manage add-ons” part of the settings and checked toolbars and search providers. I noticed that search conduit was had about three different entries within there. I removed all the instances.
- Went into MSCONFIG and checked what services were running. Found Optimizer Pro and Updater Server were set to run. I disabled the services and deleted their directories in Program Files
- Rebooted the computer and we were back in business. Checked Chrome but it wasn’t affected this time. Usually, it does get infected through extensions but luckily I was spared.
What are some of the tricks you use to disable this malware? Seems like each instance has a different solution. Sometimes we have to get real creative.