|
Post by playtime on Jan 8, 2010 12:21:54 GMT
I've just had an attack attempt, probably through the advert banner (i.e. there's nothing southsix can do about this, so don't pester him), but there is a simple way of getting out of it before any harm occurs.
There is a class of virus (torjan downloader) that appears as an advert for a virus scanner/remover.
It attempts to scare a victim into purchasing their anti-virus software by displaying a fairly convincing windows XP-like screen claiming it has just scanned your PC (in seconds no less) and found several infections.
Yep, the anti-virus software you download IS the virus.
The trouble is it uses a pop-up alert window which has a message along the lines of 'Click here to download our software and remove the infection'. It only has an OK button and no Cancel. It's very tempting for the uninitiated to click on the OK button as it prevents you from closing the IE/Firefox/whatever window.
Simply open your Task Manager (right-click on your task bar at the bottom of your screen and click Start Task Manager). On the Processes tab, find the entry iexplorer.exe (or whatever firefox is), right click on it and click End Process Tree. That'll kill it off all your web browser windows without any harm.
Sorry I can't be any clearer right now but I'm going to be late for an interview.
|
|
|
Post by phantomdriver on Jan 8, 2010 17:01:40 GMT
out of curiosity, i tried to download it- my AV programme detected it and terminated the download.. ;D
|
|
Lonewolf
Moderator
Gods Country
Posts: 2,551
|
Post by Lonewolf on Jan 8, 2010 17:03:55 GMT
Scareware Its firefox.exe
|
|
|
Post by playtime on Jan 8, 2010 19:23:11 GMT
Lonewolf - that's it couldn't remember the name and was in a rush. Obviously, didn't happen a second time either, as I managed to post. It was quite a viscious version in that it closed the original browser window and only had the OK button. I probably wouldn't have bothered posting if I'd had time to check if was occuriing occasionally instead of just the once.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 8, 2010 19:26:21 GMT
Steve, many thanks for posting the advice.
|
|