Windows is damaged scam ad on tomshardware.com

[knickle]

I clicked on a link at the bottom of Ryzen 3000 article to read forum comments, and this worked fine. But then suddenly I got a loud tone screaming through my PC speakers (around 1khz) and I noticed that the other browser tab that had the Toms article had changed to Win Erx03. I have the actual link in my browser history, but I don't want to just post it here and have people clicking on it. If an admin would like the link I can send it in a PM.

The pop-up said something about damaged or irrelevant files. I did a quick google search and found what appears to have been the exact same page I got. Here's the link: https://www.bleepingcomputer.com/virus-removal/remove-your-windows-system-is-damaged-scam

This is the second time I've had an issue like this on the main site. The last time was about a month or so ago.

I'm one Windows 10, and I was using Windows Edge browser at the time this happened.

 

[Dark Lord of Tech]

I have contacted a few admins about this , be patient as it's still the weekend.

 

[SHaines]

I clicked on a link at the bottom of Ryzen 3000 article to read forum comments, and this worked fine. But then suddenly I got a loud tone screaming through my PC speakers (around 1khz) and I noticed that the other browser tab that had the Toms article had changed to Win Erx03. I have the actual link in my browser history, but I don't want to just post it here and have people clicking on it. If an admin would like the link I can send it in a PM.

The pop-up said something about damaged or irrelevant files. I did a quick google search and found what appears to have been the exact same page I got. Here's the link: https://www.bleepingcomputer.com/virus-removal/remove-your-windows-system-is-damaged-scam

This is the second time I've had an issue like this on the main site. The last time was about a month or so ago.

I'm one Windows 10, and I was using Windows Edge browser at the time this happened.

Have you run into this issue again recently? I just want to see if the ad still pops up for you.

 

[knickle]

This just happened to me again. Brand new windows install (1903) on a new SSD. Install is less than two days old, so I doubt that this is a malware/virus issue on my end. It happened while visiting the CPU forum. I had not logged in yet, so the page had a lot of ads on it.

I have two links in my browser history with the same timestamp. One is from cloudfront, and the other is from brokerflag.

 

[Snoopdog99]

I just MAY have a solution for you as I've been there. Please report back.
Where I got the malware:
1. POF dating site (sad) did away with "username search" for profile, but Google offered a way (bad news). After trying, I got the message about "Firewall reports windows system is damaged" and 1kHz tone, Erx03, etc. Fortunately, I closed things down.
No doubt they have other dodgey sites.

1. That nasty warning and tone reappeared occasionaly (I had racingpost or pof open at the time).
2. A scan showed perfectly clean on Malwarebytes, Adwcleaner, MS Security Essentials.
3. Control H (history) will reveal the websites you have been passed around to get to the one with warning and tone. The URLs were ultra long, but included buzzcpm.com, basispixel.com, cleardexchange.com, adschip.com (DON'T try them). The basispixel site also had my legit "racingpost.com" in there which was an OPEN TAB AT THE TIME (on firefox). You may have had other tabs open.
4. Using the clean, basic (no extras) CCleaner, I deleted cookies from the 4 sites above, plus racingpost.com and pof.com

6. So far, no re-occurance, so I now believe cookies can indirectly lead to malware if they can change a redirect.

7. Maybe I'm talking c___ but this seememd to work for me.

 

[knickle]

I appreciate the suggestion, but the second time this happened (June 3) was on a fresh install of Windows 10 (1903) and on a brand spanking new hard drive. And when I say fresh, I mean I was still in the process of setting things up. The drive was purchased on June 1. With my surfing habits, there's no way I would have caught a virus or malware from a questionable website. I'm simply not that careless.

If I decide to surf something "questionable", I use a virtual machine running Linux. That's not a guarantee to be safe, but its better than nothing and adds a layer of protection.

 

[Snoopdog99]

Now I'm not an IT pro, but I get by at home.

Clearly it is a web page made to look like a Windows notification.
Could be a legit web site(s) that has been hacked to include and distribute this.

When it happens, close the browser tab it appeared on, and immediately do Conrol H (history). You should see the dodgy sites (as stated, I found 4).
When it happens, you can see the URL address changing as it gets redirected around.

I assume you have already refreshed your browser, and got rid of extensions and plug ins. (This is a Googled solution which did not help me.)

 

[knickle]

When it happens, close the browser tab it appeared on, and immediately do Conrol H (history). You should see the dodgy sites (as stated, I found 4).

If you look at the first couple of posts I made, you will see that I did just that. I did not provide publicly post the link here as I did not want random users clicking on it and exposing themselves to malware. I also had to use Alt-F4 to force the browser to close the page.

I assume you have already refreshed your browser, and got rid of extensions and plug ins. (This is a Googled solution which did not help me.)

I don't use plugins other or extensions with the exception of what may be included by default. On Microsoft Edge, that would be none. For fun, I just checked. It's empty.

My solution to the problem is to just avoid Tom's main site for now. And being logged in on this forum gets rid of ads. So far I haven't had a single re-occurrence with my browser.