Fake Microsoft Virus Warning: am I infected?

About two weeks ago, one of my family members were browsing some sites when that classic faux-virus warning popped up. It looks like a Windows error message complete with the yellow exclamation mark. Norton immediately came-up at the same time saying it blocked the intrusion. I used task manager to end all of the Internet Explorer windows and restarted the browser. It asked to recover my previous tabs and I declined. After that, I promptly deleted history, temp files, and cookies. Norton didn't detect anything in a scan, I have had no weird re-directions during surfing, no ads, and no Norton warnings since. However, last week, the same thing happened on a different website. Norton didn't say anything this time! I manually ended the browser and followed the same temp file removal procedure. All was still fine! Now tonight, my mom was looking for hairstyles on Google and the same message came-up yet again! I followed the same cleaning procedure once more and everything looks to be okay. Norton said nothing this time either.

 

Are these signs of an infection? This message has only appeared three times during "random" website surfing. Each page visited apparently had multiple ads embedded within. I know it is fake, but apparently you can still be infected. Also of note; the ads in question have their own URLs as indicated by my history. None of them are the same.

 

Thanks! :)

An intrusion attempt by 76.76.106.29 was blocked.

 

Fake App Attack: Fake AV Scanner Website 2

Attacker URL: antivirusmartrend (I have omitted the extra bits for the safety of the site users.)

 

This has only appeared the first time. The last one (and the one tonight) were not detected by Norton. Site history revealed different attacker URLs for each. None appear to be coming directly from my own computer, and that I.P. is definitely someone else's.

 

I cannot find anything negative as of now or since. Everything appears normal on my end, but that doesn't mean all is right.

About two weeks ago, one of my family members were browsing some sites when that classic faux-virus warning popped up. It looks like a Windows error message complete with the yellow exclamation mark. Norton immediately came-up at the same time saying it blocked the intrusion. I used task manager to end all of the Internet Explorer windows and restarted the browser. It asked to recover my previous tabs and I declined. After that, I promptly deleted history, temp files, and cookies. Norton didn't detect anything in a scan, I have had no weird re-directions during surfing, no ads, and no Norton warnings since. However, last week, the same thing happened on a different website. Norton didn't say anything this time! I manually ended the browser and followed the same temp file removal procedure. All was still fine! Now tonight, my mom was looking for hairstyles on Google and the same message came-up yet again! I followed the same cleaning procedure once more and everything looks to be okay. Norton said nothing this time either.

 

Are these signs of an infection? This message has only appeared three times during "random" website surfing. Each page visited apparently had multiple ads embedded within. I know it is fake, but apparently you can still be infected. Also of note; the ads in question have their own URLs as indicated by my history. None of them are the same.

 

Thanks! :)

Hi kylemcauliffe15,

 

The detection of a Fake App Attack denotes an attempt to install a rogue antivirus program using social engineering to scare you or trick you into initiating the download and installation.  The attack requires user interaction to succeed.  IPS has blocked the attack, and from your description of the actions you took (you did all the right things) your PC should be secure. 

 

Since these rogue applications change almost from minute to minute to avoid detection, it is possible that Norton did not recognize the two subsequent threats.  However, it sounds like you are knowledgeable about how to respond to these threats and have remained secure.  At this point I don't think you need to be too concerned about the possibility of something already on your computer connecting out to these download attempts.  If that were happening IPS should alert you to the outbound connection, just as it did with the inbound Fake App Attack.  You might want to download, update and run the FREE version of Malwarebytes' (blue download button) to get a second opinion scan - Malwarebytes' is very good at detecting rogues.

 

Keep an eye on things, but it sounds like you just managed to get lucky and hit three separate compromised sites, each probably hosting a malicious ad.  One good way to avoid these threats in the future is to use Firefox with the NoScript Add-on, which blocks non-whitelisted sites, such as the ad sites, from running any scripts.  NoScript takes a bit of getting used to, so it's not for everyone, but it is very effective at blocking these attacks from launching in the first place.

 

Let us know if you continue to see any more of these types of attacks in the days ahead.