My gf was browsing away doing other things and for some reason switched windows and THIS (sendspace link; it’s a JPEG file) was what was going on in another window. It wanted to install something to her computer whilst informing her that she was up to her eyeballs in viruses and trojans.
She didn’t do anything to intentionally invoke that site or start it up to scan her computer.
I had her cancel and close the windows after I took the screen shot.
Is this one of those sites that gets you to install their crapware/spyware/hijacking stuff while screaming “YOUR COMPUTER IS AT RISK AND FULL OF VIRUSES” ? Or is it legitimate? (If it’s legitimate how’d we end up on their site without deliberately going there?)
She has BitDefender and just ran it and it said it found nothing.
Me, I’m Mac-centric and know nothing about PC viruses and virus-scanning and whatnot aside from stuff I overhear.
Rule number one: Anything that pops up in a web browser window claiming your have multiple viruses is an out-and-out fake.
Antivirus software usually only finds one virus at a time. It also doesn’t ask that you download software to clean it.
Your girlfriend should download the EICAR Test file. This is a harmless file that all antivirus vendors have agreed to treat like it’s a real virus. When you download it, she will get a virus warning (if she doesn’t, her antivirus is not working). She can then familiarize herself with what a legitimate virus warning looks like. Anything else is fake.
Nothing to add to your question, but OP you really might consider using an image host to host your images. There’s no good reason I should download that picture to my harddrive and then open it with picture viewer or paint or whatever when all I should really have to do is click a link and see the picture in my browser.
Yes. I found myself asking, “is sendspace.com legitimate site or an evil spyware installer?” After all, why would I have to *download *an image when I should just be able to view it in the browser.
That looks like a classic “malware disguised as antivirus” page. You can usually tell because, for all they try to make it look like a standard Windows window, none of the controls are clickable. And if you have a non-standard colour scheme, it doesn’t match. They always use the default Windows XP Luna theme.
I got an email at work just the other day from our IT guys telling us that if any of us had a screen like that pop up to call them immediately and to not click on any links, etc. It most definitely is some type of malware trying to install a virus.
That was my Mac-centric but Windows-virus-paranoid reaction when she showed me the screen: I smell a rat, let’s close this window and cancel this install operation.
She uses Windows Classic appearance so the [del]Romper Room[/del] Luna appearance was a bit of a tip-off, yes.
But what the heck prompted this in the first place? Is her computer compromised insofar as nowhere she was browsing should have directed her to such a site? Any info on how this exploit gets THAT far, minus already-existent malware hijacking a browser window off to that site?
Meh. It was probably just a popunder. Those don’t really require any sort of infection to happen. But you might want to run a spyware scan just to be sure. If you find a particular type of spyware, it would be easier to tell you how that particular one works.
The above is why I use an adblocker. Not to try and take away money from websites, but to avoid illegitimate ads that contain malware.
It’s possible; it’s also possible that insofar as the rogue advertiser’s ad was carried on the NY Times web page, the same ad was also carried elsewhere.