Fake "Windows Security Alert" Virus and avast!

[MrSpaceman]

Forgive me if this has been covered before; I just got hit with this fake "Windows Security Alert" virus this morning, and I think avast! blocked it and saved my from actually being infected.

I was surfing the web and did a search on Google, then clicked on one of the search results it returned. Immediately, an extremely offical looking pop up appeared titled "Windows Secuity Alert" saying my computer was infected with a virus and a list of files appeared in red. The two options were "remove all" or "cancel". Meanwhile, there was another window in the background with what looked like the Windows "My Documents" box, showing the "My Documents" folder had 7 viruses found, the "My Pictures" had 5 viruses found, etc.

While all this was happening, avast! popped up with the red alert box saying "MALWARE BLOCKED". It was all happening so fast I just closed the avast! dialog box and went back to trying to click the "remove all" on the original dialog box (I know now this was the wrong thing to do!). The good news is that nothing ever happened after that - in the research I have done since, it appears that if the virus did download, the next thing that would have happened was I would have gotten another dialog wanting me to purchase software.

So, I am thinking I dodged a bullet, thanks to avast! My question is this: after it was over, I opened avast! and looked in the virus chest, but there was no recent activity listed there. If avast! had indeed blocked this virus, wouldn't I see it in the chest? I just want to make sure the virus didn't somehow download without my knowing it.

I just performed the latest free upgrade to avast! a couple of days ago.

Thank you to anyone for your help!

[Zyndstoff (aka Steven Gail)]

No, not if it was blocked. Avast prevented it from being downloaded, so why put it in  the chest?

You are fine, Avast did the job - and I hope you learned something too.

Have a nice day! 

[MrSpaceman]

What a relief! Thanks for the quick reply, too.

And you're right - I learned a VERY important lesson today!

Thanks again!

[Zyndstoff (aka Steven Gail)]

What a relief! Thanks for the quick reply, too.

And you're right - I learned a VERY important lesson today!

Thanks again!

My pleasure.

If you want to doublecheck: download MBAM (free) by clicking on MBAM in my signature, install, start it, update it via it's GUI and run a quick scan. If need be, post log here.

[MrSpaceman]

I will do that as soon as I get home.
Vielen Dank!

[Dieselman]

Are you using IE? Switch to a more secure browser such as Firefox or Chrome. Also add a secure DNS server such as ClearCloud.

[MrSpaceman]

Yes, Dieselman, I am using IE. I had never heard of ClearCloud, but I will check into it. Thanks for the tip!

[Pondus]

The good news is that nothing ever happened after that - in the research I have done since, it appears that if the virus did download, the next thing that would have happened was I would have gotten another dialog wanting me to purchase software.

Usually you need to run the .exe file downloaded first......something you should NOT do

if it was downloaded and not blocked you should send it to virus @ avast.com in a password protected zip.file
Password: infected
Subject: undetected sample

and then you delete the file from your comp

[MrSpaceman]

Pondus - any suggestions on where I should look for the .exe file? I didn't look closely enough at the avast! pop up when it blocked it to see what the file name was.

[Pondus]

when you download something.......what folder is it saved to?

In your case i dont think it happend, bc there should have been a windows box asking you if you want to run or save the file to...

but this was blocked by avast

[MrSpaceman]

Usually "Documents" under "My Documents"...I will check there. Since it never asked me if I wanted to Run or Save a file, I didn't think it would download on its own into those folders.
Thank you!