Windows security alert fake virus popup

Discussion in 'ESET Smart Security' started by DonVa, Apr 26, 2011.

Thread Status:
Not open for further replies.
  1. DonVa

    DonVa Registered Member

    Joined:
    May 11, 2008
    Posts:
    30
    Hello,

    Several times recently I have visited a site to have a windows security alert popup saying my computer may be infected and to do a scan. It presents itself as fake explorer windows and then does a fake scan to tell me I have so many infections.

    If I click anything I cannot leave the page it just pops back up.
    If I close the browser windows it just comes back.

    I know this is a fake anti virus but I can't leave the page.

    What I do to kill it is open task manager and then end task on that browser application which eventually does it.

    I then delete my browsers temporary files in case it downloaded anything there.

    I don't think I am infected as there is nothing in my startup locations that I am unfamiliar with.

    However, typically in a few days I will visit a site and it happens all over again.

    Does anyone know the cause of this?
    Are this malicious scripts embedded in the pages I visit (some of the pages seem standard enough sites so it's not that I am visiting weird sites etc).

    If so can't ESET protect me from these?

    Or is it being initiated from my PC which I believe is clean.

    thanks
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You've encountered a rogue application that pretends to be effective by finding actually non-existing threats and thus luring you into purchasing a full version which allegedly enables cleaning of the found "threats".
    There are dozens of types of these rogue applications and their authors generate several new variants on a daily basis and release them after being tested usually against the most famous antivirus programs.
    Rogue applications are one of the things that ESET pays a lot of attention to and adds detection for variants that are not recognized proactively. If you encounter a new variant not recognized with the latest version of the signature database, please submit it to ESET as per the instructions here. If you're unable to locate the suspicious file, generate a SysInspector log and submit it along with a short description of the issue.
     
  3. DonVa

    DonVa Registered Member

    Joined:
    May 11, 2008
    Posts:
    30
    Ok thanks.

    Does the pop up itself actually mean I am already infected then, or just that I have visited an infected site that is attempting to run a malicious script (which I then ignore)?

    If the former I will try track down the file(s).
    (I had the impression that by clsoing the task I made it go away but a few days later it happens again so I am not sure if that means I already have the virus or I am visiting another infected site?)

    I will post the sites or files (if I track them down) depending on the answer...so Eset can stop this happening..

    thanks

    D
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's quite easy for malware to get to your computer by visiting a legit website that has been hacked or the server got infected but there are also other means, such as plugging in an infected usb stick, running cracks, etc.

    I'd suggest that you generate a SysInspector log and submit it to ESET as per the instructions in the appropriate KB article. We'll check it out to make sure that your computer is clean or provide you with further instructions if it turns out that the malware is still active on your computer.
     
Thread Status:
Not open for further replies.