Without avast! my computer would'a crasht!

[HeavyD25271]

I've had avast! cleanly installed on my computer for less than 1 day and already they stopped an attack.

I was searching Google for "sore throat". I clicked on a link and some fraudulent security tried to take over and do a fake scan. Just about immediately, avast! terminated the threat.

What a relief!

The same kind of attack has just cost me hours, and days, and weeks of my life, but it looks like I've got it all straightened out now with avast!.

Am I safe now, without anything left to do on my part?
Is their any kind of action I should be taking after this attempted attack?
Should I submit the link I clicked on or report any other details somewhere here on the forum?

Thanks for the support, advice, and peace of mind.

[Asyn]

Am I safe now, without anything left to do on my part?

Yes.

[DavidR]

If this is a Web Shield or Network Shield alert, they are in fact blocking access to your system, so the file isn't downloaded to be run, etc.

So you should be good to go, you could if you wish run an avast scan and or an alternative scan with either MBAM or SAS.

Now you have 20 posts you can modify your profile and add a signature, give basic information on your system and what security software you have installed, AV, anti-spyware, firewall, etc. Look at other posts with signatures and use them as a guide. It can help us to help you by giving more detailed information based on your system.

My signature is probably too much as I have listed other useful programs that I use.

[LunarWolf]

Am I safe now, without anything left to do on my part?
Is their any kind of action I should be taking after this attempted attack?
Should I submit the link I clicked on or report any other details somewhere here on the forum?

Yes you are. But you might be the next time. As rogues are popping out everyday like mushrooms after a rain, and ALL antivirus can't keep up, there will be few which even avast will miss.

My recommendation, download Sandboxie free. Run any browser you have in Sandbox (right click > run sandboxed). Set it to delete on closing. That way, if anything by pass avast, you system is still safe as sandbox create a virtual environment and your real system is no9t harmed.

Yes. Please submit the link to avast ONLY after you run your browser in Sandbox. It will help to increase avast detection rate.

For further precaution, you can install Web Of Trust for your browser. Green is usually good to go. Red means danger.

[Nesivos]

Did you have WebRep enabled?

If so it should have shown whether the link you clicked on was good or not in the Google search results.

If you have WebRep enabled could you please do the search again and note what WebRep says about the link that came up as a result of the Google search.  You don't have to click on the link again to see this

Thanks

[Asyn]

If you have WebRep enabled could you please do the search again and note what WebRep says about the link that came up as a result of the Google search.

WR is down atm.

[HeavyD25271]

What he said.

[HeavyD25271]

If this is a Web Shield or Network Shield alert, they are in fact blocking access to your system, so the file isn't downloaded to be run, etc.

So you should be good to go, you could if you wish run an avast scan and or an alternative scan with either MBAM or SAS.

Right now Web Shield displays: 537 Pages scanned / 0 infected, and Network Shield displays: 662 Connections scanned / 0 infected.

I'm not sure were the alert came from, but here is what it said:

"Yes, that was close, but relax... avast! just saved a crash!"

I did do a Boot-time Scan with avast! after this alert.

[DavidR]

Well that is somewhat strange as they are the two main internet facing Shields.

Check the File Systen Shield (as that is a fall back) and see if any detections there, but I rather doubt it will have done so as the web shield really should have got in first.

Since you have done a boot-time scan then any previous shield stats would be zeroed. The network shield log is about as much use as a chocolate ashtray as far as logging information goes. But you could check the actual report files, C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\NetworkShield.txt or the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\WebShield.txt file and see if there is anything reported there.

[HeavyD25271]

WebShield report from actual report files:

 avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Saturday, May 14, 2011 8:24:32 AM
*

5/14/2011 9:13:11 AM   (this used to say http)://2bfefc2c.v7l1(this used to say dot net)/ajtbjehezmnntsnfja.exe|>{gzip} [L] Win32:Spyware-gen [Spy] (0)
(I was afraid link would be the infected link I clicked on)
*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Saturday, May 14, 2011 9:20:03 AM
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Saturday, May 14, 2011 10:10:09 AM
*

[Nesivos]

If WebRep is down and you are not also using something like WOT or McAfee Advisor you should not click on a link in Google Search unless you are sure that the website is clean.   Better yet if WebRep is down and you aren't using WOT or McAfee Advisor you should right click the search result of the link that you want to go to copy the Link Location and paste it in the URL scan area on either the VirusTotal or URLVoid websites to check if the site that you want to go to is clean.

[DavidR]

@ HeavyD25271
Yes, that was intercepted and blocked from your system by the web shield. So it shouldn't have got on to your system.

[DavidR]

If WebRep is down and you are not also using something like WOT or McAfee Advisor you should not click on a link in Google Search unless you are sure that the website is clean.   Better yet if WebRep is down and you aren't using WOT or McAfee Advisor you should right click the search result of the link that you want to go to copy the Link Location and paste it in the URL scan area on either the VirusTotal or URLVoid websites to check if the site that you want to go to is clean.

In all honesty these redirect google search results generally don't point directly at the site, but use a redirect script in the actual url string and WOT or McAfee, etc. won't make a blind bit of difference.

The WebRep is currently worthless as it is a reputation only tool and no indication of if the site is actually infected. As and when this data from the virus labs function gets added then it might be some use in this regard. But again if it is as is becoming common a malformed url string incorporating a script, you really aren't going to know the origin of the site.

You can hover the mouse over the active link and check the full url string, not just what is displayed, but even then this isn't 100% if they use shortened urls. Then you need an add-on to expand them, such as the The LongURL Mobile Expander.

The LongURL Mobile Expander lets you expand shortened URLs on any website, no matter where you go!

[HeavyD25271]

I would like to know if a site is safe before I click on its link.

How does LongURL help me determine if the site is safe?

Unfortunatly, I'm a nOOb.

[Asyn]

Browser..??
Would be nice to add a sig.