real or fake?

RudeDawg · 28 Nov 2011

MalwareBytes didn't find anything. I chose the full scan option.

sygnus21 · 28 Nov 2011

A Guy said:

Agreed, I don't use MSE, so have not seen their alerts, the details would help as well. A Guy

A Guy said:

Thanks tw33k, I could find no alert images with that color and the exclamation point. Of course, a MBAM scan is always a good thing :) Hoping we get the details still. A Guy

As one who uses Microsoft Security Essentials I can definitely say that is a legit alert color used by MSE, I've seen it myself. It's basically a warning about the software being out of date, or not having a scan done in a long time.

Now whether that particuliar alert is fake or not I can't say, but that alert color is one used by MSE.

Proof: This is my Vista copy out of date....

And no, the color has nothing to do with the OS version.

Phone Man · 28 Nov 2011

RudeDawg said:

I have Microsoft Security Essentials on my computer. Lately I'm getting a warning popup. Is this actually MSSE or is it malware?

I have not used MSE in a long time. Since the alert said MSE found a threat, can you do a full scan with MSE and see if it actually does find a threat? Does MSE have a Log?

Jim

Sardonicus · 28 Nov 2011

Phone Man said:

RudeDawg said:

I have Microsoft Security Essentials on my computer. Lately I'm getting a warning popup. Is this actually MSSE or is it malware?

I have not used MSE in a long time. Since the alert said MSE found a threat, can you do a full scan with MSE and see if it actually does find a threat? Does MSE have a Log?

Jim

History should show all the detected items.

rubyrubyroo · 28 Nov 2011

I don't really think any visual means of determining a fake from a real pop-up by use of a screen capture should be considered as answers, as a decent fake is often merely a screen capture of the actual window, and they would look identical, esp if sized correctly. Clicking any "details" link, "cancel" button or "X" etc may be the equivalent of a full sized single picture link.

I would either open MSE before touching the other window (assuming it allows this) and as Sardonicus mentioned above, check the history and any logs to verify it's validity. If this is not possible, I would use alt+ctrl+del and select open task manager, then try to locate the app/process that might be clearly identifiable or run encapsulated in a service host. If you can find it close it from tsk mgr apps and/or use close process tree to shut it down, and then you should be able to run a scan or get into the history if it was not allowing you to at first attempt.

Hope you had a positive outcome, or will soon,
Mike :)

RudeDawg · 30 Nov 2011

MBAM scan came up clean.

RudeDawg · 30 Nov 2011

Haven't seen it since though......... weird

carwiz · 30 Nov 2011

This is what a real MSE alert looks like. (Courtesy of Britton30)

rubyrubyroo · 30 Nov 2011

may I ask why would a "decent" fake look any different? no holograms or photo inlays, right? not hard to make a fake that is pixel for pixel identical. pretty much a glorified screen cap.

don't mean to sound snobby about it, just fishing for some enlightenment.:)

Mike

carwiz · 30 Nov 2011

In THIS case, it's evident. Most drive-by attacks aren't sophisticated enough to show a copied alert. Here's both again. Look closely.