I got it. I had let my computer idle for nearly an hour, so I was wondering what the heck could have caused it. Now I know.
Jim the ad tech guy spent the morning prowling around the board but encountered nothing out of the ordinary. We need more to go on. Please submit details per:
http://boards.straightdope.com/sdmb/showpost.php?p=11967039&postcount=1
Here is what I just got hit with. MS Security Essentials caught and cleaned it on Windows 7 Ultimate.
Category: Trojan Downloader:JS/Renos
Description: This program displays deceptive product messages.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
containerfile:C:\Users\acct\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6US7WLQ\s2[1].htm
file:C:\Users\acct\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6US7WLQ\s2[1].htm->(SCRIPT0000)
Get more information about this item online.
I got this problem today, on a managed desktop machine at work running XP. I restarted and noticed that adobe 9 updated to the most recent version, so that’s one data point I guess. The machine is running java version 5, though, so who knows.
I just had this happen. I’m using a computer on a University network. I didn’t see what ads were showing so I can’t really help on the thread Ed linked to.
Now, I’ve seen these “fake virus scan” popups before, and in my experience, they don’t actually install anything unless you click on them. I simply close them, and when I’ve scanned afterwards, nothing turned up.
But do these things actually end up installing something even if you don’t click on them?
I use Windows Vista, with Microsoft’s anti-virus thing.
I’ve been hit twice today. Both times I’ve been able to avoid infestation by turning the power off immediately. It may be drastic, but it works.
I may have to stop visiting the SDMB until this problem is fixed.
I refreshed ads on the SDMB every 5 seconds for an hour, for a total of 720 ad views, across all forums, and I did not detect any malware.
I would advise everyone, whether or not you are seeing this issue, to please follow instructions in this thread to safeguard your computer from all Internet malware, while the SD staff tries to investigate this further.
-xash
Administrator
I believe xash has mentioned cutting power to your computer as soon as you see this popup as an appropriate response to prevent the problem from happening. I don’t think it made it into the above-mentioned computer sticky. But it’s what I told my Dad.
You see, he has gotten this malware before (albeit from somewhere else). I have him running as a Limited User (which I think helped), and all I had to do was cut power, reboot in safe mode, and run MalwareBytes AntiMalware (link in the sticky). I even checked the registry entries mentioned above to make sure it was gone.
To avoid having to avoid the SDMB, might I suggest blocking the ad’s IP (as reported in this thread)? If you have adblocking software, you may want to put that IP on the adblocking list. If not, you can try editing your hosts file. It will be at
C:\WINNT\system32\drivers\etc\hosts (for Windows 2000) or
C:\WINDOWS\system32\drivers\etc\hosts (for any other Windows, ME or greater).
Open it in Notepad, and you can add the following line to block this particular ad’s IP:
127.0.0.1 94.23.72.47
ETA: Forgot to mention that, after finding the IP mentioned as being a bad site on Norton, I reported it to Google, which will check and report it to stopbadware.org, which is used by Mozilla to create their blacklist that runs by default in copies of Firefox, keeping its users from going there.
In the last 24 hours:
Now the malad is getting past AVG at work and Norton at home. It only occurs on this site and only intermittantly. Next time I’ll try to get more info.
Hello…I’m pretty new here, but I want to let ya know that this site tried to install one of those fake virus protection programs on my computer a couple of times.
I don’t know if you have any control over that, but I hate when that happens!
Take care, peace, mgL
Thanks to anson2995’s feedback in another thread, the GQ sticky has now been updated with specific instructions on how to clean the fake “anti-virus”:
It tried to get me a couple of times today while I was on the SDMB. Since I immediately turned off the power each time, I can’t provide any better details. Sorry.
I haven’t turned my computer off for days, and no problem yet.
iMac G5, safari, earthlink.
Peace,
mangeorge
Jim had a hunch about a particular ad and shut it off Friday afternoon. Please advise if the phony virus scan thing persists.
It’s Windows malware. You should be fine.
ETA: Forgot to mention: I’ve been saying I ran MalwareBytes, when I really used SUPERAntiSpyware. I got them mixed up.
I saw it as well, but have not seen any more problems. Any quick way to see if it really did install something? Will AVG detect and delete it?
You wouldn’t see any malware anyway, as you are a subscriber, and do not see the ads which are the vector for the malware.
Doubly protected, eh. I feel so warm and fuzzy.
I haven’t seen this particular fake AV, but based on ones I have seen you are far more at risk of damage by killing the power on your pc than you are by a fake AV page who’s instructions you don’t follow.