Hi
Yesterday I went onto a site via Google which I have used before to download a particular printer service manual. A message popped up to say that AVG had found virus like activity. But first of all I haven't got AVG on that computer and it wasn't the norm AVG message just a plain windows dialogue box. Being curious I clicked on the message and the page came up with an Explorer like window showing Hard drives DVD roms etc. and the bottom of the page showing virus's which it had supposedly found. Eventually another box came up showing these virus's and with a button saying Remove All. At this point I closed Internet Explorer. I ran Malware Bytes and MS Security essentials which both scanned OK. As I suspected this was how my clients were getting these Fake Antivirus programs, I plugged in a second hand computer and proceeded to go through the same procedure. This time I went further and clicking Remove All took me to a save or run dialogue. I went through the same procedure with Firefox and it gave the same results. I then went a stage further and saved and ran the executable and sure enough on restarting the computer the Fake Antivirus Program was well and truly embedded. I went into safe mode. Installed Malware bytes from a pen drive and it successfully removed the Virus. This weekend if I have time I intend to see if it does the same with Google Chrome. I will also reinstall windows on the second hand machine just in case. Incidentally I tried the link to the printer manual and found that it linked to the virus pages randomly approximately 1 in 30 clicks. If anyone is interested in looking at the sites. Then these are the links to the Virus pages. Alternatively send me an email with your email address I will send some pictures of the dialogues and pages. Link to Printer Manual. http://www.google.co.uk/url?sa=t <http://www.google.co.uk/url?sa=t&source=web&cd=19&ved=0CFsQFjAIOAo&url=http %3A%2F%2Fwww.scribd.com%2Fdoc%2F37852023%2FSM-C5650-5750-5850-5950&ei=LNl4Te rkF9SChQfJ_ODeBg&usg=AFQjCNHJvhDz18kvTAZ2kMmJO5SGeg3Iow> &source=web&cd=19&ved=0CFsQFjAIOAo&url=http%3A%2F%2Fwww.scribd.com%2Fdoc%2F3 7852023%2FSM-C5650-5750-5850-5950&ei=LNl4TerkF9SChQfJ_ODeBg&usg=AFQjCNHJvhDz 18kvTAZ2kMmJO5SGeg3Iow In history was a link to: http://174.127.70.195/8545/4544 Which took me to: http://8f0518.nevilguard2.com/defender/?f87076745a=wgwabl <http://8f0518.nevilguard2.com/defender/?f87076745a=wgwabl&3cf21=mgalawmafm&; bb7=mwxxshqhgq&a7de3d5=3> &3cf21=mgalawmafm&bb7=mwxxshqhgq&a7de3d5=3 Today I was taken to a different URL: http://antivirussites.com/index.php?06abQDU3QUbGX2+t/3A33ZKtKmtoMHU6Lg4OcHah UVwAMpByRy/XftY62VQphMxXHnE=#sfgh20hfgGFYUHJtfgyuhjgHUIJ Which wanted me to download a file called AntiSpyWareSetup.exe Cheers Peter Hart Peter Hart Computers --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
