avoiding phony virus warnings? 1

[jlockley]

I got snookered by a phony virus warning on one desktop about three months ago and ended up with a useless drive.
I have locked down all machines since then with Avast or Avira, firewalls, malware programs, non visible wi fi, and the usual basics. While on a different machine a couple of minutes ago (not networked, different location) I saw the same "warning" pop up and clicked on shut (should have gone to task manager..but none the less), which immediately opened their site in a browser, which I shut down while yanking the cable from the router. I think I won this time at whack-a-mole. (One line check shows everything clean).
I imagine this may have been possible this time because the router is disconnected, but I am wondering what I can block to prevent this. Looks like messenger, but that is not running. Running Vista on this unit.

thx.

 

[Noway2]

If you were running a web browser, using a plug-in like noscript will block almost all of this kind of stuff. Unfortunately, it also causes a lot of collateral damage and you will need to work with it to white-list the sites you regularly visit.

If it was not via a browser, this suggests that your router wasn't blocking sufficiently. I would make sure that you do NOT have uPnP enabled and that you don't have any ports forwarded that you don't need and that you haven't placed the machine in a DMZ.

You can also run a software firewall to prevent outbound connections and control which applications can launch.

I would like to ask, what kind of "pop up" appeared. Was it an application or a browser pop up? If it was an application, I think it would be prudent to perform a more thorough investigation than an "online scan". Also what scanning program / site did you use?

 

[jlockley]

I thought that might be the answer. I have a virtual firewall running, but the router is currently not employed due to an issue with ATT. The browser was not running.
I just have to get a new router, I guess.
(This was one of those small grey messenger boxes. Obvioulsy not that, since closing it brought up the web site. )

 

[lb63640]

If all else failes, you can always open task manager and kill the offending process without triggering chaos.

Or, get a Mac, which is always my roommate's classic response.

 

[jlockley]

Task manager was second line of defense, the first being beating down the offending messages. The popup was apparently browser, not program. The first event had the appearance of a messenger style warning..I remember a few of those going around a few years back. The second event was definitely browser related, although again designed to look like a warning from the computer.
The odd issue with the first time around, for which I am still kicking myself, is that the warning came up as AVIRA warning. (it had nothing to do with AVIRA). I used Avira once, but no longer, and the thing took me so by surprise that it didn't set in.
I have the physical firewall back up, which should go a piece in preventing such invasions in future. I've made a mental note just to cold clock the computer and disconnect before restarting in safe mode if it happens again. Not good for the system, but then, neither is a hijack, which at this point I am fairly convinced was a ransom attack gone bad.

 

[jlockley]

Well, what do you know. Here it is.

http://www.infoworld.com/t/malware/...vg-150?source=IFWNLE_nlt_firstlook_2011-02-02

Scareware.

 

[cmeagan656]

That was first mentioned in thread760-1636764 posted on February 2 by 2ffat.

Hope this helps.

Please help us help you. Read Tek-Tips posting polices before posting.
Canadian members check out Tek-Tips in Canada for socializing, networking, and anything non-technical.

 

[jlockley]

Yes. Seems to be the same thing. It's unsettling when it happens.