| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 117168 | 2011-04-05 10:41:00 | Is this a fake virus Alert? It has me worried. | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1192232 | 2011-04-05 10:41:00 | Hi team Was working away on my computer when an alert popped up that Windows Firewall was off. This is nothing new, but a click on the firewall shield to check brought op a very authentic looking "XP Anti-Spyware-Unregistered Version" which ran up a list of infections. It wants registration and payment before it will delete the "infections" which makes me very supiciousThe computer is isolated from the network and the web and I'm on the laptop at present. Malwarebytes wouled not open, but MSE is currently running a full scan. What worries me a little is that the list of "infections" includes a directory called Eicar which used to hold the Eicar test virus that i used to use as a verification that scans were completed but it was long ago deleted by an AV abd all tht is left is the name. I have screen dumps of the various warnings but I'd have to use a USB stick to transfer then and I'm not keen on the idea of nobbling the laptopn if it is for real. XP is reporting that the firewall is off and and that virus protection is off but the MSE AV scan is running normally. I'm still`being nagged to activate XP anti-Spyware. The MSE "Firewall Off" shield is the usual red with white cross, but there is a duplicate coloured version along side that keeps popping up`messages. Current one is "Severe System Damage". MSSE is 75% done.Any ideas? Am I looking at a hoax or should I be worried? It bugs me that MWB wouldn't run but I'd already started MSE at that stage. When I shut the warning screens CGB appears at the bottom with my other iconised programs eg MSSE. Cheers Billy 8-{( PS The only thing out of the ordinary I've done is download the Youtubegrabber and dump it. MSSE finished and reported no threats. If itis not a virus, how do I get rid of the fake warnings? |
Billy T (70) | ||
| 1192233 | 2011-04-05 10:47:00 | there is a duplicate coloured version along side that keeps popping up`messages. Current one is "Severe System Damage". I'd be shutting her down and scanning the HD from another system using Nod32 and Malwarebytes.That warning is the infection. You need to kill her off and clean her out. |
Metla (12) | ||
| 1192234 | 2011-04-05 10:49:00 | Was working away on my computer when an alert popped up that Windows Firewall was off. This is nothing new, but a click on the firewall shield to check brought op a very authentic looking "XP Anti-Spyware-Unregistered Version" which ran up a list of infections. It wants registration and payment before it will delete the "infections" which makes me very supiciousThe computer is isolated from the network and the web and I'm on the laptop at present. Malwarebytes wouled not open, but MSE is currently running a full scan.( Did this occur within the browser as there has been one going around that looks very authentic but occurs within the browser and as long as you haven't clicked on any links you are ok. |
mikebartnz (21) | ||
| 1192235 | 2011-04-05 11:05:00 | Double Post | Billy T (70) | ||
| 1192236 | 2011-04-05 11:07:00 | I don't have the facilities to do that unfortunately but I think you are right. Spybot is now running and advises that the firewall is overridden and the AV as well. I am behind a NAT router and nobody here is networked to me but one computer is sharing the router. Spybot says firewall and AV registry changes have shut them down. The other entry is Fraud.DesktopSecurity2010 What now? You around tomorrow Speedy? I might need your help. Billy |
Billy T (70) | ||
| 1192237 | 2011-04-05 11:15:00 | Did this occur within the browser as there has been one going around that looks very authentic but occurs within the browser and as long as you haven't clicked on any links you are ok. No, I am very cautious about clicking on links, in fact apart from dowloading then dumping the YouTube video graabber I've done nothing risky. Even the junk it installed was pretty much known to me. I chose it from a reputable source as well. I think I was in the browser when it popped up. And the computer has been isolated ever since. That it is looking for money for "registration makes me think it is not repoerting true viruses and the only thing it could find was Eicar. The "cure" if you pay up would probably be to reverse the registry changes so should I let Spybot do that? Billy Can I run MWB off the PCW DvD? What about Spybot? |
Billy T (70) | ||
| 1192238 | 2011-04-05 11:37:00 | www.c2s.co.nz | Chilling_Silence (9) | ||
| 1192239 | 2011-04-05 11:38:00 | Are you sure this is not one of the current crop of fake virus scams currently doing the rounds? If you have not already seen it have a look at a recent thread here - pressf1.co.nz The bit about wanting money to remove the virus "finds" is how they make the scam profitable. It also smacks of other relatively recent rorts whereby someone screws your data by encrypting or stealing it them demands money for its return. My wife got a similar pop-up a few days ago and I told her to blitz it. She did and there were no repercussions (yet, anyway). |
Robin S_ (86) | ||
| 1192240 | 2011-04-05 12:22:00 | No, I am very cautious about clicking on links, in fact apart from dowloading then dumping the YouTube video graabber I've done nothing risky. Even the junk it installed was pretty much known to me. I chose it from a reputable source as well. I think I was in the browser when it popped up. And the computer has been isolated ever since. That it is looking for money for "registration makes me think it is not repoerting true viruses and the only thing it could find was Eicar. The "cure" if you pay up would probably be to reverse the registry changes so should I let Spybot do that? Billy Can I run MWB off the PCW DvD? What about Spybot? Definately sounds like scareware. Usually MWB and Spybot need upgrading so you usually need to be connected. When it so called found the Eicar fake viruses it may just be reading the logs from your anti-virus program. Check out Chills post. |
mikebartnz (21) | ||
| 1192241 | 2011-04-05 12:51:00 | Right, I've got it 95% under control and I'm back on line, that laptop keyboard is murder! I used the PCW DvD to reinstall MWB, ran it and it cleaned out some stuff, then I updated it and ran again, which hit some more. Then I updated Spybot and ran again, cleaned out some more. MSSE was completely AWOL so I uninstalled it, reinstalled from PCW DvD and updated then scanned. AV and Firewall are now up again but automatic updates can't be turned on. The pop-ups and threats are gone, but I'm not sure what to do about the auto updates, however I can do those manually in the meantime. Amazing what you can do when the heat is on and panic is setting in! Advice on any other steps I should take or programs I should run would be much appreciated. It was definitely the fake virus model, but it did shut down MSSE and MWB right from the off. Didn't stop Spybot though, which let me get a toe in the door. Cheers Billy 8-{) :) |
Billy T (70) | ||
| 1 2 3 4 5 | |||||