Author Topic: Is there a virus/spyware mimicking an Internet Explorer 7 message?  (Read 1636 times)

Offline Toody

  • Newbie
  • *
  • Posts: 7
  • I'm a llama!
    • Personal Message (Offline)
I went to www.familywatchdog.us, I entered an e-mail address to search. Then all of a sudden, a message with Internet Explorer in the blue description box appeared saying that I may have malicious spyware on my computer. Another screen, that looked like one of my drive or folder directories appeared. Bars, like those allowing you to see how your download is progressing, appeared on the white screen, and were filling up.

I didn't give any permission to download anything. And there was no screen that prompted me to save anything, which leads me to be wary of this.

I immediately closed down all my windows/screens, and ran my antispyware. It didn't find anything but cookies. I will try running my Avast virus scan next.

This is the second time that this occurred this week. The first time was with a different site. Avast found nothing then.

What is this and what do I do about it?

I have Windows XP with sp 3. I'm using Avast 4.8, free version and Superantispyware.

Any help will be appreciated.

Offline Pondus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 21651
  • Gender: Male
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #1 on: November 05, 2009, 05:38:54 AM »
I think you have a rogue security program

Have you tried Avast boot scan
http://www.digitalred.com/avast-boot-time.php

And MBAM
http://filehippo.com/download_malwarebytes_anti_malware/
do a quick scan and click "remove selected" if anything is found, this will sendt it to quarantine. Restart and repeat

come back and post scan logs here, then the malware killers here can see if you need more help, depending on what was found and where it was found

Quote
What is this and what do I do about it?
Buy Malwarebytes PRO, the pro version of malwarebytes would probably have stopped it, and it is a one time fee for a lifetime liscense
« Last Edit: November 05, 2009, 05:43:32 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Toody

  • Newbie
  • *
  • Posts: 7
  • I'm a llama!
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #2 on: November 05, 2009, 05:55:08 AM »
Thanks! It's getting late, but I'll try all of those steps and downloads after I get some sleep!


Offline mikaelrask

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1300
  • Gender: Male
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #3 on: November 05, 2009, 05:48:41 PM »
Please make the link unclickable typing like wxw or something not www so other suers don't getting infected if it is a malware.
thanks
new computer
windows 8 Intel core I-3 64 bit
6 gb ram 500 gb hardrive. avast 9 MBAM

Offline Spiritsongs

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1761
  • Ad-aware orientated Support forum(s)
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #4 on: November 05, 2009, 06:04:18 PM »
 :)  Hi all :

 The Site is legitimate, as I just tested with Finjan. However, it MAY have
 become "infected" . Should consider using the alternate
 http://www.registeredoffenderslist.org/familywatchdog.htm .
For the Best in what counts in Life :
www.tacf.org

Offline demonix00

  • Jr. Member
  • **
  • Posts: 35
  • Gender: Male
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #5 on: November 05, 2009, 09:39:20 PM »
You don't have to worry about anything malicious being in your computer as you stopped everything before you would've been prompted to download anything.

Basically that prompt you got was generated by scripts hidden in adverts and no matter what you click in that box you'll be directed to a site that shows a page which seems to be scanning your computer (but it isn't) then after that you'll get results that your computer is infested with viruses and you have to download their software to get rid of them (which is where the REAL malicious package is and what you stopped from happening).

So to sum up your computer is still clear of malicious material but to keep it that way I suggest you install the firefox browser and add the adblock plus and noscript extensions and things like that will be a thing of the past.

Offline Toody

  • Newbie
  • *
  • Posts: 7
  • I'm a llama!
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #6 on: November 06, 2009, 01:53:52 AM »
Many thanks to all of you!!

I performed an Avast boot scan, ran Superantispyware, and installed and ran Malwarebytes (twice). I  also installed and I am using Mozilla Firefox with Adblock Plus. By the way, what are noscript extensions?

Malwarebytes discovered and got rid of two things. Here is the log:

Scan type: Quick Scan
Objects scanned: 100344
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jacqueline\Favorites\Protect Your Privacy on Facebook and Twitter - Page2 -  MSN Tech & Gadgets - Security.url (Rogue.Link) -> Quarantined and deleted successfully.

Any comments on the log?

Thanks again!!

Offline yawetage

  • Jr. Member
  • **
  • Posts: 41
    • Personal Message (Offline)
Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
« Reply #7 on: November 06, 2009, 02:37:01 AM »
Linkscanner found three threats for this site. Here is the Wepawet analysis.
http://wepawet.iseclab.org/view.php?hash=c0b78ca0672a8a72c284845608a7d38d&t=1257478902&type=js

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now