Thread: Fake Virus Alerts
View Single Post
Old 02-23-2011, 04:47 PM   #6
dsvick
Wizard
dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.dsvick ought to be getting tired of karma fortunes by now.
 
dsvick's Avatar
 
Posts: 2,737
Karma: 635747
Join Date: Nov 2009
Location: Northeast Ohio, USA
Device: PRS-900
Quote:
Originally Posted by BookCat View Post
(Please move if I've put this in the wrong board)

I was browsing the net yesterday, looking for pic.s of hairstyles as I'm having a re-style on thursday, and my pc started going crazy, but not in the manner my normal anti-virus software does when it's not happy.

A pop-up box told me that AVG (which I don't use) had found "suspicious activity on my computer"!! and would take action. "No you won't" thinks me. When I got rid of the pop up, I was shown an image of "my" computer (like the bit you'd see if you click on 'my computer') with lots of red flashing numbers indicating the number of infected agents in each part.

I was suspicious because a) I don't use AVG and b)my instinct as a long time pc user set off bs alarms.

I rang my friendly techie, and while chatting about the issue, pop-up boxes giving me the option to save or cancel insistently popped up. I kept clicking cancel.....and got another one. I was distracted by the conversation and accidentally clicked "save" and looked at my desktop to see if there was anything new. I had a logo which looked like the AVG one but was called 'Avmast'. I thought the spelling interesting. so looked at its properties: an exe file made by someone called drweb. I deleted it from both the desktop and the recycle bin, then ran a virus scan, which was clear.

I could have thumped my techie friend when, after the event he told me the key shortcut for closing down pop-ups

Thought I should let others know. I'm sure you're all savvy enough not to run the program, but virus alerts are scarey.
I can sympathize 100%, you were right, obviously, in being suspicious. The other big give away is the blinking flashing lights and numbers and warnings of impending doom.

I see those at work all the time, often enough that have a disk created specifically for it that has Malware bytes (http://www.malwarebytes.org/) and, for the really stuborn ones, combo-fix (http://www.combofix.org/) on it.

As your first line of defense, run malware bytes repeatedly until it comes back clean. If that does not solve it, I've not met one yet that combofix could not take care. Note that you may have to run them in safe mode since some of the malware will detect it when you run these, and other, recovery tools and virus scanners.
dsvick is offline   Reply With Quote