'Windows Is Resetting Itself' Pop-Ups
The 'Windows Is Resetting Itself' pop-ups are generated on insecure pages and phishing domains. The 'Windows Is Resetting Itself' alerts are utilized by con artists who invite users to buy a computer support package for hundreds of dollars and pay for repair services via iTunes Gift Card codes. The 'Windows Is Resetting Itself' pop-up windows are reported to originate from the format557-info[.]ml domain and sites registered to the 104.31.70.172 and the 104.31.71.172 IP addresses. Computer security experts warn that the 'Windows Is Resetting Itself' pop-up windows include logos of trusted software developers and play a disturbing audio message to lure users into downloading a remote desktop client and calling the 800-269-5942 toll-free phone line.
Microsoft does not recommend users make calls to the 800-269-5942 technical support line. The 'Windows Is Resetting Itself' Tech Support tactic is reported to feature a version for mobile devices and interfere with all Chromium-based browsers. PC and Mobile users who stumble on 'Windows Is Resetting Itself'-enabled pages are unable to switch tabs and may have trouble accessing third-party applications. The 'Windows Is Resetting Itself' pop-up windows may show the following text on your screen:
- Sample 1:
- Sample 2:
'A username and a password are being requested by https://formant557-info.ml. The site says:
Suspicious activity detected on your IP address die to harmful virus installed on your computer. Call Toll Free +1-800-269-5942 for any assistance...'
'Due to repeated malware attack, windows is resetting itself.
You may lose your personal files on this computer.
Your system data has been compromised
Hackers may track your financial activities and get access to your personal files on this system
Please report this activity to +1-800-269-5942
AV manufacturers and Web browser vendors insist that users take advantage of the "Report a page" feature and make sure insecure pages are reported to cybersecurity authorities. Con artists tend to register dozens of domains per day for their operations so that feedback from Web surfers is valuable in limiting exposure to computer support tactics. You should cancel automatic downloads that may occur while you are on pages related to the 'Windows Is Resetting Itself' campaign. AV instruments are likely to display alerts related to 'Windows Is Resetting Itself'-enabled page, which feature the following detection names:
- Gen:Variant.Razy.6869
- HEUR:Trojan.Script.Generic
- HTML.Trojan-Ransom.TechSupportScam.R
- HTML/Infected.WebPage.Gen2
- HTML:Phishing-SF [Phish]
- JS/FakeAlert.LY!tr
- JS:Trojan.Cryxos.1294
- SupportScam:JS/TechBrolo.AA
- TROJ_GEN.R047C0DDC17
- Trojan.Script.AgtLocker.enkjdo
- a variant of MSIL/Kryptik.EAN
- malicious_confidence_100% (D)
