e-set or eset 'will now scan your computer' popup? Avast did not detect!

i was browsing merrily on a forum i regularly use, and up pops a box that says i’m infeceted and my computer will now be scanned. I couldn’t close the background window so clicked the ‘X’ on the top right of the popup and quickly closed the browser down, i’d noticed that i’d been redirected to a website that had a circle in the middle, like a progress bar.

the message on the pop-up read something along the lines of “e-set will now scan your computer”… sorry so vague but i just quickly closed it all down to stop anything from happening. i’m now using microsoft IE, was using chrome when it happened. not sure if the security issue is with chrome, avast or the website itself…

has anyone else seen or heard of this scareware?

is there anyway to tell if i’ve been infected and is there a way to stop this happening again (short of not visiting the website in question)?

i’m doing a full scan and going to run windows defender as well after. never ever had an issue on this machine with virus’ so hopefully i’m clean?

Yes looks like a drive by attack (possibly the site has been hacked) of a rogue/fake AV scam/scumware.

Personally I would continue using Chrome (or firefox with the NoScript add-on) rather than IE.

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

[li]1. MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

The forum you use has probably been hacked, or you clicked a link to a hacked/malicious site.

It is a page that pretends to scan your machine (when in fact it is just images and popups) and then offers a download of a scanner. This is in fact a rogue.

Followed the advice given and ran that scanner, here are the results

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org

Database version: 6281

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

05/04/2011 22:51:10
mbam-log-2011-04-05 (22-51-10).txt

Scan type: Full scan (C:|D:|)
Objects scanned: 259640
Time elapsed: 29 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

looks like i’m clear?

is there anywayi can export the proceses running in the task manager in text format so you guys can just check that the stuff running is legit?

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log )

Essexboy will check the log when he is back tomorrow
usually in here from 8:00pm to 11:59pm UK time

right, downloaded the OTS program and ran it. Please find the results attached.

I checked the options listed in the guide you posted, is there any reason all of the boxes and options are not meant to be ticked, thus giving a deeper more thorough scan?

Also would I be right in assuming browsing in Google Chrome, especially with ‘Incognito’ activated is going to be better than using Microsofts IE? The only extension I’m using is a biometric fingerprint reader .crx that allows me to swipe fingers rather than entering passwords. Surely just running this in Chrome or IE is ok?

Thanks for looking into this guys :slight_smile:

The options that you ticked for this run were the normal Hijack points - generally I use the other sections for trouble shooting, although OTS is flexible enough for me to look at anything

Nothing apparent there, so by not clicking the page but closing it saved you some grief.

To be on the safe side I will clear all your temp folders, when you run OTS you will lose your desktop as all processes will be killed, that is normal. Are you experiencing any problems ?

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1525230003-2920389635-2581488842-1000\] > -> HKEY_USERS\S-1-5-21-1525230003-2920389635-2581488842-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

done that but all i got was a box saying ‘a reboot is needed to complete’ when i click ‘ok’ nothning happens… and there was no notepad popping up?

what to do next?

Reboot manually please

ahhh, no need. this time it rebooted as soon as i clicked ‘yes’, has there been an update to the program (as i had to ok changes to the comp when i opened OTS this time around)?

anyway, please see results attached .

thanks essexboy

No the programme has not been updated - but it does remove items at boot so windows wil ask if this is OK…

What problems do you have at the moment ?

none.

i was worried i had some key logger or similar added when the popup presented itself. do you think it’s okay to browse as normal now?

Run a check with MBAM (update - run - post the log) - but I can see no apparent malware

attached :slight_smile:

thanks

Looks good - you dodged it. If you had clicked anywhere on the scan box it may have started downloading

thanks essexboy, you’ve put my mind to rest :slight_smile:

one last thing… google chrome or microsoft IE… which to use, safety and security wise?

Ah the answer is - how long is a bit of string

you will get a variety of answers to this, myself I use IE9 and am happy and infection free ;D