New
#11
MalwareBytes didn't find anything. I chose the full scan option.
MalwareBytes didn't find anything. I chose the full scan option.
As one who uses Microsoft Security Essentials I can definitely say that is a legit alert color used by MSE, I've seen it myself. It's basically a warning about the software being out of date, or not having a scan done in a long time.
Now whether that particuliar alert is fake or not I can't say, but that alert color is one used by MSE.
Proof: This is my Vista copy out of date....
And no, the color has nothing to do with the OS version.
Last edited by sygnus21; 28 Nov 2011 at 12:31.
I don't really think any visual means of determining a fake from a real pop-up by use of a screen capture should be considered as answers, as a decent fake is often merely a screen capture of the actual window, and they would look identical, esp if sized correctly. Clicking any "details" link, "cancel" button or "X" etc may be the equivalent of a full sized single picture link.
I would either open MSE before touching the other window (assuming it allows this) and as Sardonicus mentioned above, check the history and any logs to verify it's validity. If this is not possible, I would use alt+ctrl+del and select open task manager, then try to locate the app/process that might be clearly identifiable or run encapsulated in a service host. If you can find it close it from tsk mgr apps and/or use close process tree to shut it down, and then you should be able to run a scan or get into the history if it was not allowing you to at first attempt.
Hope you had a positive outcome, or will soon,
Mike :)
MBAM scan came up clean.
Haven't seen it since though......... weird
This is what a real MSE alert looks like. (Courtesy of Britton30)
may I ask why would a "decent" fake look any different? no holograms or photo inlays, right? not hard to make a fake that is pixel for pixel identical. pretty much a glorified screen cap.
don't mean to sound snobby about it, just fishing for some enlightenment.:)
Mike
In THIS case, it's evident. Most drive-by attacks aren't sophisticated enough to show a copied alert. Here's both again. Look closely.