Antivirus-online-scan5

[marieandgordon]

A page has appeared as a 'my computer page' but in an internet explorer page antivirus-online-scan5.co and is telling me that I need to dowload some software as I have over 500 trojans and worms - I googled the software (it changes each time the page pops up) and nothing is showing - when I exit off the page it tells me I need to download my personal antvirus software as my computer is at risk.
i have ran a full avast scan, adaware and windows defender - and also hijack this - these detected a couple of malwares in the temp files and have put them in the chest and ran more scans - nothing has been found since but this page keeps popping up.

Is it a scam?? or should I be downloading the software?

Many thanks
Marie

[Pondus]

do not download

But download this and scan http://malwarebytes.org/  and press the button "remove selscted" after the scan

[DavidR]

Yes it is a scam fake alerts to try to get you to visit a site and run a scan, which could well leave you properly infected. Not to mention they would want money to clean your system, add to that the possibility of credit fraud by giving your financial details on-line.

How could they know you have 500 trojans or worms without having performed a scan ?
How could it perform a scan without having been installed ?
Answer it can't so you are right to think it a scam.

This is a fake security alert, a rogue program and the application pondus suggests is a specialist in this rogue removal.

[marieandgordon]

Well that is what I pretty much thought - just glad my daughter had enough sense to phone me at work and ask me what to do and not just run it!!

I have run malawarebytes and it has not detected anything???
Any more suggestions -

[Soure73]

 1-Clean the temporary files of your browsers(IE, Firefox, etc)
 2-Download here SuperAntiSpyware www.superantispyware.com and do a scan
 3-Do a boot scan with Avast

[Maxx_original]

i'm really curious, how she got to the fishy site.. personal antivirus is a known rogue and we're always trying to protect our users (via URL blocking and detecting the binaries), but no one is able to tell us the exact steps made before entering the bad site... this way we can be only (quickly) reactive, but it's difficult to be proactive (it's difficult anyway, because the authors of such malware can register as much domains as they want and change the obfuscator for their binaries anytime)..

[Pondus]

How to clean temp files http://www.pchell.com/support/privacy.shtml or use this program http://www.filehippo.com/download_ccleaner/

How to Avast Bootscan
http://www.digitalred.com/avast-boot-time.php

[Lisandro]

I can't reach www. antivirus-online-scan5.co
I could not ping also.
I'm using avast5, but no message was shown on blocking and it does not seem to be a hosts file blocking.

[Maxx_original]

the URL ends with "com", not "co"... anyway, the domains are available only for limited time period (they are turned off during a day or two)..

[Lisandro]

Google antiphising caught the site...

[marieandgordon]

Right - cleaned my temp files etc, ran the superantispyware (all clean apart from some aware cookies) and did a boot scan.
There i ran into a problem - the scan started and after a couple of mins my whole pc shut down - i thought this was the power lead as that can be dodgy, so I restarted it - it came up eventually with a big black screen saying windows sould not start - tried again - eventully a box came and said it could try and repair to a restore point so i tried that - something must have worked as i am onit again now but dont want to try another scan.
My daughter has no idea what site she was on when this first popped up but looking at the history she only ever uses 2 or 3 and they are the same over and over so we have no idea.
i think we we will just have to wait and see if it comes back again??? And carry on using the spyware things regularly. Also we use zone alarm??

[micky77]

So have the alerts stopped appearing ?

[mau9]

i'm really curious, how she got to the fishy site.. personal antivirus is a known rogue and we're always trying to protect our users (via URL blocking and detecting the binaries), but no one is able to tell us the exact steps made before entering the bad site... this way we can be only (quickly) reactive, but it's difficult to be proactive (it's difficult anyway, because the authors of such malware can register as much domains as they want and change the obfuscator for their binaries anytime)..

I also came across the dodgy website in question, and it was through this link:
zachetka.no-ip.biz/waldo-costum/oeden.html

It was a search result from a google search i carried out. The Mcafee siteadvisor that i have installed on my computer said the website was safe to use, so i clicked on the search result, but was redirected immediately to antivirus-online-scan5.com

[YoKenny]

Welcome mau9

McAfee SiteAdvisor is useless and even rates stites with known malware sites as Green.

Un-install it and get Finjan SecureBrowsing for the browser:
http://securebrowsing.finjan.com

By the way, MalwareBytes Anti-Malware (MBAM) reports zachetka.no-ip.biz is on 89.149.202.106 and is infected and blocked for me.

[mau9]

Thanks for the recommendation YoKenny - i shall give finjan a try.

I carried out a scan using MBAM, which detected and successfully deleted 1 infected registry data item. Is this enough or are there any other precautions I should take to detect anything that may have been installed by antivirus-online-scan5.com?