I was just using google and had Avast block a potential rogue AV from downloading, I’m aware I am safe, but just so I know does the forum recommend the links be posted for analysis or technical reasons?
I have written the infected link to where I was directed to, which lead to an IE browser “AV Scan”
You can post it here (not a live link, use hxxp or spaces for that).
the link is
dl.fron tiernet-anti spyware.co.cc/BestAntiVirus2011. exe
There is no http:// at the beginning of the link as I ran the link in sandbox to confirm the address was correct, and inputting http:// did not work.
So instead I broke the link hope this is acceptable.
Personally on the location and name alone, I would say this is a good detection.
Well frontiernet-antispyware.co.cc, almost laughable and best anti virus 2011, indeed ;D
The leading to an IE browser “AV Scan” is a classic rogue AV deception tactic, attempt to have you think you are infected.
Avast! is very good at detecting these websites…
You were lucky that the threat didn’t get thru ‘cause after that the problems begins… fake av’s are very annoying, they don’t let you open taskmgr, malwarebytes’, browser or any other stuff.