Fake/Rogue AV pop up question

Discussion in 'malware problems & news' started by tookerjeff, May 12, 2011.

Thread Status:
Not open for further replies.
  1. tookerjeff

    tookerjeff Registered Member

    Joined:
    Aug 30, 2010
    Posts:
    90
    Hello all,

    I had a question regarding some of the blocking/quarantining methods used by some AV’s in regard to the pop up fake av pages…

    Why is it that some stand alone AV’s (and even security suites) will detect, block, and/or quarantine fake/rogue AV pop ups, and even the ones that have started to download themselves, but then they do not “kill” the web page/connection if you will in order for the user to then proceed away from the offending flashing screen, if that makes any sense? It seems the user is then still left with a web page that won’t close as you know (and some users are even left with the "are you sure you still want to navigate away from this page" clicking it over and over)

    An example of an AV that seems to do this is Webroot when even though it detects and quarantines the fake alert, it still doesn’t kill the page or somehow redirect the user away from it which is very annoying. Others AV’s do this also so then one isn’t quite sure if it completely blocked everything or not.

    I usually end up just using Process Explorer to force the page to end as the AV doesn’t do this. Anyway, forgive me if I’m not very “security speak” regarding this! :)

    Thanks all,

    -Tookerjeff
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Depends on the AV, but I know for sure Avast will block the connection (if you have Network and/or Web Shield installed). Other AVs with similar features will probably do the same.
    As long as the threat is eliminated before infection, I think the AV did its job.
     
    Last edited: May 12, 2011
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yea that's how it is, and how it works. :thumb:
     
Loading...
Thread Status:
Not open for further replies.