I am using NOD32 v3.0.650.0, OS is WinXP professional SP3.
I am not too knowledgable so this may seem like a dumb question to
some.
Yesterday while reading an article on the wikipedia website (the article
was on gang violence) I clicked on a link for reference material and then
immediately got a pop up window saying my computer was at risk for
malware and prompting me to download some antispyware software.
Of course I did not click on this pop up window, but a second later
another pop up window came up telling me that my computer was now
infected with several trojan horse programs. I was not able to close
any of these windows by clicking on the "close" button on the upper
right corner so I used the Windows task manager to close out the
browser. I then did a full scan with NOD32 that came up clean.
I also ran HiJackThis and saw nothing out of the ordinary.
I looked through the registry for any strange keys under any instances
of software/microsoft/windows/current version/run,runonce,etc. and
saw none. I also looked under taskmaster/processes for any strange
processes running and saw none.
I'm not sure if my system actually got infected or some website was
using some phony window to mimic a virus warning. NOD32 scans
report nothing and there a no logs indicating an infection. Is there
anything else I should look at?
Thank You

It sounds like you just hit some nasty popups that were running some javascript to keep them from closing. You can run netstat.exe at a command line to see where your computer is establishing network connections to and that may give you a hint to if something is running and being remotely controlled on your system. Bear in mind that rootkits being installed on the system can trick any of the tools you run to mask their presence, and the only sure-fire way to get around that is to turn off the system, pull the hard drive out, and mount it on a different trusted machine and scan from there or stick a packet sniffer between the suspect machine and the router to watch for malicious traffic.

I doubt you need to go through such elaborate steps in this case, though.

Hi Williej,
Please send a log from ESET SysInspector (http://download.eset.com/download/sysinspector/32/ENU/SysInspector.exe) to samples[at]eset.com with this thread's url enclosed.

{QUOTE-> Hi Williej,
Please send a log from ESET SysInspector (http://download.eset.com/download/sysinspector/32/ENU/SysInspector.exe) to samples[at]eset.com with this thread's url enclosed. <-QUOTE}


Thanks for the reply.
The log was sent this morning.

{QUOTE-> It sounds like you just hit some nasty popups that were running some javascript to keep them from closing. You can run netstat.exe at a command line to see where your computer is establishing network connections to and that may give you a hint to if something is running and being remotely controlled on your system. Bear in mind that rootkits being installed on the system can trick any of the tools you run to mask their presence, and the only sure-fire way to get around that is to turn off the system, pull the hard drive out, and mount it on a different trusted machine and scan from there or stick a packet sniffer between the suspect machine and the router to watch for malicious traffic.

I doubt you need to go through such elaborate steps in this case, though. <-QUOTE}


Thanks for the reply. I ran a scan with "rootkit revealer" and found
nothing so hopefully there are no rootkits. Unfortunately I have no
other system to try the hard drive on and am unfamiliar with packet
sniffer programs. I do have a program called "TPC view" which I am
running today to see if there is anything out of the ordinary.