Solved How do i stop popup claiming my PC has been infected?

[idahosurge]

I have had this happen in the past week on two different Win7 PC's. I am sure that it is not a virus on either PC because after it happens I can shut the PC off without doing anything else then reboot and I scan with the latest version and updates of Spybot, Malwarebytes and Eset Nod32, all three come back as negative.

With IE8 I can be surfing the web and all the sudden I got a popup that says my PC has been infected and the resulting window looks like the program is scanning the PC. I have had this happen when I am at Yahoo's website so it does not have anything to do with questionable websites. I recall that the popups had a name like Microsoft Security Isentials 2012 or whatever. I believe that I have seen them called by two different names.

A month ago on an XP PC and last night on this PC I tried to shut the popup program down and all that did was get my PC infected. Running Spybot and Malwarebytes got rid of the infection and after that I ran Eset Nod32 and that came back with no infections found.

How can I get this to stop popping up on my PC and running its bogus scan?

 

[indianacarnie]

Thats a infection. NOT from Microsoft ,heres instructions :Remove Win 7 Security 2012 (Uninstall Guide)

 

[Infinite]

Can you provide us with a Screenshot please.

Press Print Screen on your Keyboard, paste it into Paint (CTRL+V), Save it as [imagename].

Upload it to Tinypic

And upload it in your next post: http://www.sevenforums.com/tutorials/9733-screenshots-files-upload-post-seven-forums.html

 

[idahosurge]

Thanks for the links it was useful information. That is what I had, but with Spybot and Malwarebytes I had already gotten rid of it. I downloaded and ran RKill and TDSSKiller, they did not find anything so the previous runs of Spybot and Malwarebytes got rid of it. After running RKill and TSDDKiller I ran Malwarebytes again to be on the safe side and Malwarebytes did not find anything.

My real question is how to I prevent this in the future? Isn't ESET NOD32 suppose to prevent this? I have ran into this twice now on Yahoo's website and I am tired of this! How do I stop it from attacking my PC?

 

[torre]

With IE8 I can be surfing the web

Not to be off-subject, but you prefer IE8 over IE9 ? 9 is said to be more secure.

 

[Borg 386]

If it happens consistently at the same web site, I would suspect the web site. If it happens randomly, then there may be a piece of the malware remaining that didn't get removed.

Norton Power Eraser will remove stubborn malware.

Norton Rescue Tools

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.

If you continue to have the same problem, you might want to try a Bootable AV rescue disk, which will scan the system before the infection has a chance to initialize. Here is a site with a list of disks you can use:

Free Bootable AntiVirus Rescue CDs Download List

(Note, Kaspersky rescue disk has caused problems in the past. If they have remedied that, I do not know so you may wish to try one of the other disks before using that one)

It could also be random "fly by malware". If you are using Firefox, add a program called NoScript, that will stop any malicious scripts from running on a page. There is a similar program for IE, but I'm at a loss to recall what it is. Maybe someone can help me out on the name?

When you get that pop up message, it's best to use the Alt + F4 key to shut the window, since clicking on anything, including the red X can cause a d/l to initiate. Also, if it's convenient, shut down the net connection before shutting the window, to be even more sure something isn't sneaking into your system

 

[C-11]

According to bleepingcomputer.com you were suppose to merge FixNCR.reg first.

Also:

If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

 

[idahosurge]

According to bleepingcomputer.com you were suppose to merge FixNCR.reg first.

Also:

If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

I did run FixNCR.reg before I ran RKill and TDSSKiller.

 

[idahosurge]

With IE8 I can be surfing the web

Not to be off-subject, but you prefer IE8 over IE9 ? 9 is said to be more secure.

I do prefer IE8 because I can not stand the way they changed the search function on IE9, but I may have to consider switching.

 

[idahosurge]

If it happens consistently at the same web site, I would suspect the web site. If it happens randomly, then there may be a piece of the malware remaining that didn't get removed.

Norton Power Eraser will remove stubborn malware.

Norton Rescue Tools

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.

If you continue to have the same problem, you might want to try a Bootable AV rescue disk, which will scan the system before the infection has a chance to initialize. Here is a site with a list of disks you can use:

Free Bootable AntiVirus Rescue CDs Download List

(Note, Kaspersky rescue disk has caused problems in the past. If they have remedied that, I do not know so you may wish to try one of the other disks before using that one)

It could also be random "fly by malware". If you are using Firefox, add a program called NoScript, that will stop any malicious scripts from running on a page. There is a similar program for IE, but I'm at a loss to recall what it is. Maybe someone can help me out on the name?

When you get that pop up message, it's best to use the F4 key to shut the window, since clicking on anything, including the red X can cause a d/l to initiate. Also, if it's convenient, shut down the net connection before shutting the window, to be even more sure something isn't sneaking into your system

Thanks, I will keep this in mind.

Maybe I will try Firefox and NoScript.

 

[idahosurge]

It could also be random "fly by malware". If you are using Firefox, add a program called NoScript, that will stop any malicious scripts from running on a page. There is a similar program for IE, but I'm at a loss to recall what it is. Maybe someone can help me out on the name?

Were you talking about AdBlock IE? With google this is the only thing I can find for IE that mentions anything about NoScript.
Adblock IE

Everyother thing regarding NoScript and IE8 on Goolge says the NoScript function is included.

 

[Corrine]

Hi, idahosurge.

I suggest that you check for vulnerable third-party software on your computer -- Java and Adobe products have had critical security updates due to vulnerabilities. In addition, with Java, you need to check add/remove programs to make sure you don't have any old versions still installed, as didn't get the update process correct for many years.

To check if your system is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

• Detects insecure versions of applications installed
• Verifies that all Microsoft patches are applied
• Assists you in updating your system and applications

In addition, as long as you are not having a problem opening .exe's and desktop shortcuts aren't missing, it wouldn't hurt to do a thorough cleaning of temp files:

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

A month ago on an XP PC and last night on this PC I tried to shut the popup program down and all that did was get my PC infected.

Unfortunately, your attempt at closing the pop-up was actually permission to install. Never click anywhere on the fake A/V pop-up box. Instead, use the keyboard combination Alt + F4 to close it.

 

[idahosurge]

Thanks Corrine, I updated Java to 6.30 and updated Acobat 9 Pro. I had already ran Secunia. I use CCleaner so running TFC was not necessary.

 

[carwiz]

One thing NOT to do is click anywhere on the pop-up. Including the X. Close the tab or IE.

I have had this happen when I am at Yahoo's website so it does not have anything to do with questionable websites.

Sorry to disagree but Yahoo is one of the worst offenders for malware infections. They sell ad space and don't control the contents. Any third-party hack can put what they want in the ad, including scripts, and Yahoo doesn't filter them. It got so bad Yahoo and anything related is blocked on my PCs. Also be sure you have the latest version of Adobe Flash. And don't allow Flash to run on all web pages--Be selective. It's another "open door" to your PC.

 

[idahosurge]

One thing NOT to do is click anywhere on the pop-up. Including the X. Close the tab or IE.

I have had this happen when I am at Yahoo's website so it does not have anything to do with questionable websites.

Sorry to disagree but Yahoo is one of the worst offenders for malware infections. They sell ad space and don't control the contents. Any third-party hack can put what they want in the ad, including scripts, and Yahoo doesn't filter them. It got so bad Yahoo and anything related is blocked on my PCs. Also be sure you have the latest version of Adobe Flash. And don't allow Flash to run on all web pages--Be selective. It's another "open door" to your PC.

Thanks for the information regarding Yahoo, now I know!

Adobe Flash has been upgraded, thanks!

 

[Borg 386]

Any site can be bad, even the supposed "safe" sites. In the past, sites such as Fox News, The New York Times, Time Magazine and other popular sites have all been infiltrated with malicious code and banners.

Firefox offers a nice plug in called QuickJava, which allows you to enable/disable Java, CSS, Silverlight and other functions, all from the status bar quickly without having to dig though settings.

 

[Corrine]

Nicely explained, Borg 386.

 

[LVS]

Hi,

I also got that stupid fake "win 7 antivirus 2012" thing and I got rid of it by using Spybot Search&Destroy software. You can find it here fro free:

http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore-38.html

Try to download it from a good computer and try to run it in admin mode. Good luck.

 

[jekeesl]

As Carwiz said, never click anywhere on one of those popups. That's like inviting a vampire into your home. Without the invitation, they can't enter.

When you see a popup, try to close the browser to clear it. If that option is disabled by the malware, then right-click the Taslbar, open Task Manager, and try to stop the browser under the Applications tab. In some cases, the malware delivery program (popup) just recreates itself. When that happens, try rebooting the computer to avoid infection. If you run across a situation where rebooting is also blocked, just hold in the power button and shut the computer down. The potential for damage is lower with a forced shutdown than it is from the infection.

 

[Corrine]

Another options to close the popup is the keyboard command Alt + F4.