Solved hacked

Judy in Texas · Aug 18, 2025

I must be overlooking the obvious place to find this information. I searched the subject term and everything I found was old. Please move this to the appropriate forum if that is what's needed.

Husband was using his Windows 11 home, Windows Defender protected, Lenovo 9i to search using Chrome for information about truck repair. The screen began flashing multiple colorful overlapping windows with warnings of dire events and a phone number for "Microsoft." Sorry, I did not get a screen image or the phone number.

I have seen news about exploits of home computers, but in searching for help on the internet today I am finding prompts to use Microsoft Learn and news about breaches of major organizations.

Anything I can do? Or take it to the shop?

Bree · Aug 18, 2025

Judy in Texas said:
I must be overlooking the obvious place to find this information. I searched the subject term and everything I found was old....

....Anything I can do? Or take it to the shop?

This type of popup is called Scareware. It's your browser that's showing it. The way to get out of it is to use Ctrl+Alt+Delete, start the Task Manager, then use it to close your browser.

Generally your PC has not been 'hacked' - yet! Scareware is intended to scare you into following its links, that can lead to infection.

What is scareware and how to protect yourself

Learn what scareware is, how it works, and simple ways to protect your devices from deceptive online threats, keeping your data safe.

www.malwarebytes.com

A scan with AdwCleaner may help clean up afterwards.

AdwCleaner 2026 - Free Adware Cleaner & Removal Tool | Malwarebytes

Download Malwarebytes AdwCleaner 2026 for free to remove adware, bloatware, unwanted toolbars, and other potentially unwanted programs (PUPs) from your Windows PC. AdwCleaner destroys adware and restores your PC's performance.

www.malwarebytes.com

Hazel123 · Aug 18, 2025

Do you have Malwarebytes free installed? If so you could run that. If not, then install it and run it. You can also run eset online scanner (that takes a long time). If that doesn't find anything/sort it, then Norton power eraser is free and can be run in safe mode to detect various things better.

I would also suggest completely uninstalling Chrome with Revo installer, and then reinstalling it (ie DON'T keep any existing settings - remove everything, even existing settings (if it asks if you want to keep existing settings) and reinstall. I don't know what you have but when my Dad had something like this, it was a chrome extension that had been hijacked - it was very difficult to get rid of.

Edit - posted at the same time as Bree.

TraderGary · Aug 18, 2025

More than likely it was scareware that was loaded when he visited one of his repair sites. If so, it would only exist in current memory.

To be sure, restart his computer and do a Defender Full Scan.

neemobeer · Aug 18, 2025

It's very likely you were in fact NOT hacked. This was most likely what is known as scareware. Often a malicious ad served that is trying to social engineer you into calling the fake support number. They would likely want to remote into your computer with some free version software. Pretend to fix a non-existent issue and then demand payment. Side risk of them looking for and stealing any documents that look interesting to commit further fraud or extort you for payment.

neemobeer · Aug 18, 2025

Ads can serve javascript, here is a very simple example and anyone non-tech savvy may panic and call whatever number

glasskuter · Aug 18, 2025

Most of these are fake. Tech support scam websites make you believe that you have a problem with your PC. You may be redirected to these websites automatically by malicious ads found in dubious sites, so it would seem your husband might have gone to one of these dubious sites.
Under no circumstances call the number on your screen.
Clear all your browser data, cookies, cache, and history. This USUALLY fixes it

Open Chrome: Launch the Chrome browser on your computer.
Access Clear Browsing Data: Click the three dots (More) in the top-right corner, then select "More tools" and then "Clear browsing data".
Select Data Types: In the "Clear browsing data" window, choose the time range (e.g., "All time") you want to clear.
Check Boxes: Ensure "Cookies and other site data" and "Cached images and files" are checked.
Click Clear Data: Click the "Clear data" button to remove the selected browsing data.

Restart the computer.. Does the page popup again? If so download Malwarebytes and run a scan. Quarantine anything MWB finds.
This program gives a 14 day free trial of live protection and works alongside Windows Defender. Once the trial expires it reverts to the free version that has to be run on demand. You can keep the free version or uninstall it. (If you keep it, you will see occasional popups trying to get you to buy it, but you do not have to. You can still use it to scan on demand. Free Antivirus 2025 | Download Free Antivirus & Virus Scan | 100% Free & Easy Install

If the page still pops up, reset your PC. Reset your PC - Microsoft Support

Judy in Texas · Aug 18, 2025

Thank you to all of you. I turned out to be scareware and I disabled it with Task manager and scanned with MS Defender and also with Adware 2025. Apparently Defender remove anything that might have been there, and Adware said we were clean.

It has been so long since we have had something like that happen. It is a good reminder for me to go over security with husband again.

Judy in Texas · Aug 18, 2025

glasskuter said:
Most of these are fake. Tech support scam websites make you believe that you have a problem with your PC. You may be redirected to these websites automatically by malicious ads found in dubious sites, so it would seem your husband might have gone to one of these dubious sites.
Under no circumstances call the number on your screen.
Clear all your browser data, cookies, cache, and history. This USUALLY fixes it

Open Chrome: Launch the Chrome browser on your computer.

Access Clear Browsing Data: Click the three dots (More) in the top-right corner, then select "More tools" and then "Clear browsing data".

Select Data Types: In the "Clear browsing data" window, choose the time range (e.g., "All time") you want to clear.

Check Boxes: Ensure "Cookies and other site data" and "Cached images and files" are checked.

Click Clear Data: Click the "Clear data" button to remove the selected browsing data.

Restart the computer.. Does the page popup again? If so download Malwarebytes and run a scan. Quarantine anything MWB finds.
This program gives a 14 day free trial of live protection and works alongside Windows Defender. Once the trial expires it reverts to the free version that has to be run on demand. You can keep the free version or uninstall it. (If you keep it, you will see occasional popups trying to get you to buy it, but you do not have to. You can still use it to scan on demand. Free Antivirus 2025 | Download Free Antivirus & Virus Scan | 100% Free & Easy Install

If the page still pops up, reset your PC. Reset your PC - Microsoft Support

Glasskuter, thanks for looking out for me again. I will download Malwarebytes and keep the free version, just download a new one every now and then. I used to run the free version every now and then, but the press reports said there was no longer a free version. I'm glad there is a fix for that...

Judy in Texas · Aug 18, 2025

neemobeer said:
It's very likely you were in fact NOT hacked. This was most likely what is known as scareware. Often a malicious ad served that is trying to social engineer you into calling the fake support number. They would likely want to remote into your computer with some free version software. Pretend to fix a non-existent issue and then demand payment. Side risk of them looking for and stealing any documents that look interesting to commit further fraud or extort you for payment.

neemobeer, thank you. The "Microsoft" nubmer to call was in a big red box.

Judy in Texas · Aug 18, 2025

TraderGary said:
More than likely it was scareware that was loaded when he visited one of his repair sites. If so, it would only exist in current memory.

To be sure, restart his computer and do a Defender Full Scan.

TraderGary, thank you. I didn't know about the Defender full scan, and it isn't even called that on the Defender page any more.

Judy in Texas · Aug 18, 2025

Hazel123 said:
Do you have Malwarebytes free installed? If so you could run that. If not, then install it and run it. You can also run eset online scanner (that takes a long time). If that doesn't find anything/sort it, then Norton power eraser is free and can be run in safe mode to detect various things better.

I would also suggest completely uninstalling Chrome with Revo installer, and then reinstalling it (ie DON'T keep any existing settings - remove everything, even existing settings (if it asks if you want to keep existing settings) and reinstall. I don't know what you have but when my Dad had something like this, it was a chrome extension that had been hijacked - it was very difficult to get rid of.

Edit - posted at the same time as Bree.

Wow, Hazel123, the other suggestions seem to have worked, but as soon as we get back from taking the truck in for service I'll check out his Chrome. He has a couple of existing settings (his startup pages) but should not have any extensions. Probably a good idea to just reinstall it n general principles.

Judy in Texas · Aug 18, 2025

Bree said:
This type of popup is called Scareware. It's your browser that's showing it. The way to get out of it is to use Ctrl+Alt+Delete, start the Task Manager, then use it to close your browser.

...

AdwCleaner 2026 - Free Adware Cleaner & Removal Tool | Malwarebytes

Download Malwarebytes AdwCleaner 2026 for free to remove adware, bloatware, unwanted toolbars, and other potentially unwanted programs (PUPs) from your Windows PC. AdwCleaner destroys adware and restores your PC's performance.

www.malwarebytes.com

Thank you Bree. It was good to get back to thought mode from fight or flight. As you can see below, it was scareware. I have put "review husband on good computer practices" higher on the to do list...

Hazel123 · Aug 18, 2025

You could have a look in Chrome settings (nested settings) and his google account and see if anything is lurking there. That's where we found it - installed itself as an extension and kept coming back even when removed. We did get there eventually.

Just out of curiosity - but time is important too so just completely uninstalling and reinstalling would rule that out as a source for it.

Glad it's sorted now anyway.

TraderGary · Aug 18, 2025

Judy in Texas said:
TraderGary, thank you. I didn't know about the Defender full scan, and it isn't even called that on the Defender page any more.

Under scan options it's still called Full scan. It always has been as far back as I can remember.

Solved hacked

Active member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Stock Market Wizard

My Computers

Well-known member

My Computer

Well-known member

Attachments

My Computer

aka Mama Glass

My Computers

Active member

My Computers

Active member

My Computers

Active member

My Computers

Active member

My Computers

Active member

My Computers

Active member

My Computers

Well-known member

My Computers

Stock Market Wizard

My Computers

Similar threads