Avast WEBforum

Other => Viruses and worms => Topic started by: Toody on November 05, 2009, 05:23:00 AM

Title: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: Toody on November 05, 2009, 05:23:00 AM

I went to www.familywatchdog.us, I entered an e-mail address to search. Then all of a sudden, a message with Internet Explorer in the blue description box appeared saying that I may have malicious spyware on my computer. Another screen, that looked like one of my drive or folder directories appeared. Bars, like those allowing you to see how your download is progressing, appeared on the white screen, and were filling up.

I didn't give any permission to download anything. And there was no screen that prompted me to save anything, which leads me to be wary of this.

I immediately closed down all my windows/screens, and ran my antispyware. It didn't find anything but cookies. I will try running my Avast virus scan next.

This is the second time that this occurred this week. The first time was with a different site. Avast found nothing then.

What is this and what do I do about it?

I have Windows XP with sp 3. I'm using Avast 4.8, free version and Superantispyware.

Any help will be appreciated.

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: Pondus on November 05, 2009, 07:38:54 AM

I think you have a rogue security program

Have you tried Avast boot scan
http://www.digitalred.com/avast-boot-time.php

And MBAM
http://filehippo.com/download_malwarebytes_anti_malware/
do a quick scan and click "remove selected" if anything is found, this will sendt it to quarantine. Restart and repeat

come back and post scan logs here, then the malware killers here can see if you need more help, depending on what was found and where it was found

Quote

What is this and what do I do about it?

Buy Malwarebytes PRO, the pro version of malwarebytes would probably have stopped it, and it is a one time fee for a lifetime liscense

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: Toody on November 05, 2009, 07:55:08 AM

Thanks! It's getting late, but I'll try all of those steps and downloads after I get some sleep!

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: mikaelrask on November 05, 2009, 07:48:41 PM

Please make the link unclickable typing like wxw or something not www so other suers don't getting infected if it is a malware.
thanks

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: Spiritsongs on November 05, 2009, 08:04:18 PM

 :)  Hi all :

 The Site is legitimate, as I just tested with Finjan. However, it MAY have
 become "infected" . Should consider using the alternate
 http://www.registeredoffenderslist.org/familywatchdog.htm .

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: demonix00 on November 05, 2009, 11:39:20 PM

You don't have to worry about anything malicious being in your computer as you stopped everything before you would've been prompted to download anything.

Basically that prompt you got was generated by scripts hidden in adverts and no matter what you click in that box you'll be directed to a site that shows a page which seems to be scanning your computer (but it isn't) then after that you'll get results that your computer is infested with viruses and you have to download their software to get rid of them (which is where the REAL malicious package is and what you stopped from happening).

So to sum up your computer is still clear of malicious material but to keep it that way I suggest you install the firefox browser and add the adblock plus and noscript extensions and things like that will be a thing of the past.

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: Toody on November 06, 2009, 03:53:52 AM

Many thanks to all of you!!

I performed an Avast boot scan, ran Superantispyware, and installed and ran Malwarebytes (twice). I  also installed and I am using Mozilla Firefox with Adblock Plus. By the way, what are noscript extensions?

Malwarebytes discovered and got rid of two things. Here is the log:

Scan type: Quick Scan
Objects scanned: 100344
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jacqueline\Favorites\Protect Your Privacy on Facebook and Twitter - Page2 -  MSN Tech & Gadgets - Security.url (Rogue.Link) -> Quarantined and deleted successfully.

Any comments on the log?

Thanks again!!

Title: Re: Is there a virus/spyware mimicking an Internet Explorer 7 message?
Post by: yawetage on November 06, 2009, 04:37:01 AM

Linkscanner found three threats for this site. Here is the Wepawet analysis.
http://wepawet.iseclab.org/view.php?hash=c0b78ca0672a8a72c284845608a7d38d&t=1257478902&type=js