Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


avoiding phony virus warnings?

avoiding phony virus warnings?

avoiding phony virus warnings?

I got snookered by a phony virus warning on one desktop about three months ago and ended up with a useless drive.
I have locked down all machines since then with Avast or Avira, firewalls, malware programs, non visible wi fi, and the usual basics. While on a different machine a couple of minutes ago (not networked, different location) I saw the same "warning" pop up and clicked on shut (should have gone to task manager..but none the less), which immediately opened their site in a browser, which I shut down while yanking the cable from the router. I think I won this time at whack-a-mole. (One line check shows everything clean).
I imagine this may have been possible this time because the router is disconnected, but I am wondering what I can block to prevent this. Looks like messenger, but that is not running.  Running Vista on this unit.


RE: avoiding phony virus warnings?

If you were running a web browser, using a plug-in like noscript will block almost all of this kind of stuff.  Unfortunately, it also causes a lot of collateral damage and you will need to work with it to white-list the sites you regularly visit.

If it was not via a browser, this suggests that your router wasn't blocking sufficiently.  I would make sure that you do NOT have uPnP enabled and that you don't have any ports forwarded that you don't need and that you haven't placed the machine in a DMZ.

You can also run a software firewall to prevent outbound connections and control which applications can launch.  

I would like to ask, what kind of "pop  up" appeared.  Was it an application or a browser pop up?  If it was an application, I think it would be prudent to perform a more thorough investigation than an "online scan".  Also what scanning program / site did you use?


RE: avoiding phony virus warnings?

I thought that might be the answer. I have a virtual firewall running, but the router is currently not employed due to an issue with ATT.  The browser was not running.
I just have to get a new router, I guess.
(This was one of those small grey messenger boxes. Obvioulsy not that, since closing it brought  up the web site. )

RE: avoiding phony virus warnings?

If all else failes, you can always open task manager and kill the offending process without triggering chaos.

Or, get a Mac, which is always my roommate's classic response.

RE: avoiding phony virus warnings?

Task manager was second line of defense, the first being beating down the offending messages. The popup was apparently browser, not program. The first event had the appearance of a messenger style warning..I remember a few of those going around a few years back. The second event was definitely browser related, although again designed to look like a warning from the computer.
The odd issue with the first time around, for which I am still kicking myself, is that the warning came up as AVIRA warning. (it had nothing to do with AVIRA). I used Avira once, but no longer, and the thing took me so by surprise that it didn't set in.
I have the physical firewall back up, which should go a piece in preventing such invasions in future. I've made a mental note just to cold clock the computer and disconnect before restarting in safe mode if it happens again. Not good for the system, but then, neither is a hijack, which at this point I am fairly convinced was a ransom attack gone bad.  

RE: avoiding phony virus warnings?

Yes. Seems to be the same thing. It's unsettling when it happens.  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close