Bad Ad

[TheOutlander]

I keep running into a bad ad on the FO3nexus that changes my window to one of those fake "you have malware on your computer" windows with only cancel or ok as options. It's happened around six times now, and I can never see which ad does it (because the window changes immediately).

 

Sorry I couldn't add more information.

[buddah]

Try to get a screenshot of it so we can try and get it removed by the service..

 

Buddah

[bben46]

Those are some of the worst. When you see those, Assume your computer is infected because whatever you do it installs the virus. The first thing it does is disable your antivirus program. Then if you have a common Antivirus if you do a scan, it runs a fake scan and says no virus found. if you try to update the AV, it will return a message that your AV is up to date.

 

DO NOT send them any money. Their fix just disables the message - it does not remove the virus. They already own your computer. I hope you don't have any unencrypted financial info on it, because they probably have it by now. Don't use that computer for any financial transactions until you are sure it is clean. Don't try to erase your info because that's one of the things they are looking for.

 

Many AV programs can not remove it, and others will remove most of it, but it comes back in a few days. MalwareBytes has a free trial version that has been successful in completely removing these - you have to run it twice to get rid of them completely.

 

Go here for more help in getting rid of it. http://forums.majorgeeks.com/showthread.php?t=35407 Major Geeks is a popular site for computer geeks, and is clean.

 

Another way is to use a linux boot CD with a good Antivirus. The computer will boot in Linux and run the AV program without ever accessing any data from your HD. Because it is running Linux and not Windows, the virus can't do anything. You will need to download and create the CD on another computer first though. Here is a site with a selection of several good ones. I use the AVG rescue CD. It automatically downloads the latest update then runs the scan. It does not put anything on your computer when it scans

 

The scum who made that should be skinned alive, salted down and boiled in oil.

[juderodney]

The scum who made that should be skinned alive, salted down and boiled in oil.

 

And then executed! Last week, my antivirus stopped at least 2 instances of something happening, but just a few minutes ago, I got the ad. I'm assuming this is what my AVG (the program I use) was trying to tell me.

[bben46]

What is known about the fake antivirus virus is that it uses the do not install as a install trigger. It uses the close window (the x in the upper right corner) as an install trigger. It also uses the Ctr+ALt+ Del as an install trigger. The only way to bail out is to kill the power. And I'm not so sure that works either. If you see that message, assume you have been tagged.

 

Immediately go into repair mode. Try your AV. Try to download the latest update. if it immediately comes back with a message that your virus definitions are up to date (it will look real)- WITHOUT going on line to check. That is a good sign it is already in control of your computer.

 

There are several FREE rescue cd's available for download. if you haven't been infected get one now and burn a rescue CD. They actually allow you to boot the computer in Linux, then run a full virus scan without ever going into windows. so the virus cannot block them. If you have been infected, use a different uninfected computer to download and create the rescue CD. Here is a site with several of them available. http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

[TheOutlander]

@ buddah: I don't think I would manage to get a screenshot of the ad, because it jumps straight to resizing the browser window and the crap text. From the speed of it, I don't know whether it even loads it's ad cover...

 

@ bben: It's not as sophisticated as one of those (I know the ones you are talking about), it's just text in a re-sized browser window with their trojan crap linked to what actions you take. As soon as it comes up I open task manager (right click taskbar) and forcibly end my browser processes (so no clicking ok, cancel or even the close window button). Then I comb my AppData local and Temp folders with folder options set to show me everything (that's where 80% of the time they install the *censored* that reinstalls the main trojan if you delete it). I have a lot of experience killing trojans (I also already have malwarebytes).

[bben46]

Malwarebytes has one of the best reputations for actually getting rid of the fake antivirus. We haven't been getting any other reports (yet) so hopefully it is a targeted add that very few members are seeing. With thousands of diferent adds running, target at different demographics and different regions worldwide it can be a bich finding the one causing the problem.

 

IMHO, 20 years at hard labor is too easy on the scum that put out that kind of garbage. Drawing and quartering seems much more appropriate.

[evilneko]

Even if you don't have screenshot software running, the PrintScreen (PrtSc) button on your keyboard will still cap the screen. It's built in to windows. You have to open up Paint (or other graphics editing program) and paste the image into it in order to save it, since it caps to the clipboard.

 

Just out of curiousity what browser were you using at the time and what addons do you have for it? What do you use for pop up blocking?

[TheOutlander]

Internet Explorer 8, and there was nothing to cap. As soon as I knew it was happening the window had already resized and displayed the message (ie so it doesn't act like a pop-up and thus can't be blocked).

[evilneko]

That figures. Look into the IE-SpyAd list for ZonedOut. It places adservers in the Restricted Sites zone for IE, severely locking down what they can do without blocking them entirely. It's pretty easy to use. Unzip both into the same directory (for ease of finding the list), start ZonedOut, click Menu and go to Import -> Import from File, then select the IE-Ads.txt file. Once it finishes loading, you're done. You can add the adult list as well if you want to restrict porn-related stuff.

 

Proper use of the security zones can make even IE a fairly safe browser.