I think I just got hit with ransomware in my browser this morning.
I use Firefox in a five-months-old laptop running Windows 10. I clicked on a link in a Google search (and I honestly can't remember what it was now but it was to do with Excel VBA coding) and I get a new tab in my browser which was headed 'Microsoft Security Essentials'. Almost immediately a computer-voice starts up telling me I have a virus and to phone the number on the screen to 'help' me remove it. The number was a toll-free 0800 number in the USA. I live in the UK. The sneaky thing is that they also placed a dialog box on the window asking for a username and password (for what purpose it did not say) with OK and Cancel buttons. Hitting the Cancel (or the Escape key) just caused the dialog box to reappear. This obviously locked my entire Firefox session and other tabs were inaccessible. None of the normal Close Window options would work so the session was stuck.
In the main page there was what looked (as I subsequently found) to all the world like a real Security Essentials screen with all the right layout and colours etc. I had never actually heard of Security Essentials before and I discovered through using another browser (Chrome, which was not affected) that it doesn't actually run under Windows 10. On further looking at the page it became apparent that the message - much the same as the voiceover - was written by someone whose first language was not English. The implications of the text were that any banking apps on my computer had been compromised.
I'm guessing that if I did call the number from across the Atlantic they would demand money and may or may not 'fix' my computer.
I closed Firefox with Task Manger but on re-starting it the rogue page obviously reappeared as I have it set to re-open the tabs that were open when it was closed. I managed to get rid of it though. From Chrome I started something that required a new tab to be opened in my default browser, which is Firefox. Since FF was closed at the time it got fired up and it opened the requested page. Fortunately FF went into it's 'Well, this is embarrassing' routine and failed to open any of the old tabs, giving the list it thought it had before. I unticked the rogue page, clicked go and everything opened as normal.
What this long-winded introduction is coming to is this: Am I really infected with anything and are my bank and card accounts really compromised? I have run full scans using IOBit's Malware Fighter, AVG and Malwarebytes Anti-Malware and they did not report anything that looked remotely connected (basically just a few cookies and something to do with an Amazon button). I try to keep a clean machine and run Malware Fighter regularly. I downloaded the Malwarebytes specially for this. I am up to date with Windows and other Microsoft updates (e.g. Office). Should I change all my financially-connected passwords? I haven't been into any of them since this episode yet.
I'm sorry I should have thought to take a screen-grab of the dodgy page as it might have been useful for others to see but it didn't occur to me at the time in my panic to get rid of it. However, I took a note of the URL and it is (preceded by https://)
z13xx03-virus.com/en/?id=MDgwMCAwODYgOTgyOA. I provide this just in case anyone recognises it - ON NO ACCOUNT OPEN IT!!
I hope someone can advise.