I was looking for the last night boxing results and I found this webpage (see jpeg). I soon as I open it, I've got a message that my computer is at risk and I need to scan, etc. My NOD32 4.0.437.000 (20090726) with default settings, was quiet. I didn't want to take any chance and I terminate the Internet Explorer task thru Task Manager. I am not infected. Than I was curious and I've start my Virtual Machines one by one to try that webpage again.
One machine XP Pro SP3 with Microsoft Security Essentials, gave me warnings and blocked the access to the webpage right away.
The other one with Avira free, didn't do anything, was quiet like NOD32.
I don't want to push it to far and see what could happen on my main machine where I have NOD32 installed and I was curious if somebody has Nod on a Virtual Machine and wants to test it.
Here is the jpeg attachment with the url:

Accessed the web page (in FF using GeSWall with NOD32, 4.0.437 with latest updates) and gave me a fake Windows Explorer image saying my computer was infected, etc. NOD32 never made a peep. I also scanned the link Dr. Web anti-virus link checker and it said Clean.

i scanned the website with no virus thanks and seems most don't recognise it..

~scan results removed per Site Policy (http://www.wilderssecurity.com/showthread.php?t=180057)....Bubba~

So, if NOD32 it's OK with this, I can go ahead further into this page and stay safe?
What will happen if I would click "clean my PC" on that fake antivirus/antispyware page? At some point NOD should start to "scream". It will be too late? Anyways it should be interesting to do a full test of NOD32.
If nobody wants to try it, than Monday after work I will install a trial NOD32 on one of my Virtual Macines and I'll see how it's working.
Jedi_m

Links dead for me.

-{ Quote: "Links dead for me." }-
Hey funkydude, I just checked again and "the evil" is still there
http://....+ last row from highlited url.
I can see that you are using Microsoft Security Essentials and on my test on Virtual PC, as soon as I click the link, MSE jumps with warnings, guns and wistles. Very fast, I was impressed.

-{ Quote: "What will happen if I would click "clean my PC" on that fake antivirus/antispyware page?" }-Simply to have you Run or Save the install file for PersonalAV (http://vil.nai.com/vil/content/v_156042.htm)

210773

-{ Quote: "At some point NOD should start to "scream". " }-Nod doesn't get excited, It just slaps it around a few times if you have the hook deep enough in your cheek and attempt to install the fakeware 8)

210774

-{ Quote: "
I can see that you are using Microsoft Security Essentials and on my test on Virtual PC, as soon as I click the link, MSE jumps with warnings, guns and wistles. Very fast, I was impressed." }-

Should hope so, one of the best against rogues.

I still don't understand what link, the wesley one appears not to work, going to the root page will give a genuine page.

-{ Quote: "the wesley one appears not to work, going to the root page will give a genuine page." }-If one places the above wesley URL("last row from highlited url") in the address bar of browser, it's true it will not show a page but a 500 error. If however one places the same link in Google for instance, it will then re-direct to one of the many ?-virus-scannerv?.com sites.

thanks Bubba, mine worked.

Thanks for the subtle hint, guess I'm half asleep :)

To clarify, no one detects the file itself, MSE does detect the page before you can download the file, though. Sent the file for analysis.

210776


I stupidly did that un-sandboxed (again I guess I'm half asleep) so it's a good thing it was detected.

-{ Quote: "Simply to have you Run or Save the install file for PersonalAV (http://vil.nai.com/vil/content/v_156042.htm)

210773

Nod doesn't get excited, It just slaps it around a few times if you have the hook deep enough in your cheek and attempt to install the fakeware 8)

210774" }-
Thank you all and especially Bubba.
It's nice to get feedback from everybody and when a moderator answers, the confidence level (in this case for NOD32) goes up.

Detected by 5 AV's now (previously 0) including MS and nod32, so you're perfectly safe. :thumb: