I had a friend contact me about a so called security window called "Smart Security" that was popping up on her laptop upon boot trying to tell her she was infected and to click a box to purchase their product. I informed her no legit company does this kind of advertising especially when booting or even when surfing the net.
She uses Vipre AV and Antispy but she has no firewall, which I recommended she get when she got the laptop and I found out she didn't get a software firewall, except for the integrated Windows 7 firewall. I told her to update Malwarebytes and run a deep scan and do the same with Spybot S&D. I also told her to make sure her AV defs were updated and do a deep scan there. She said she did but it didn't fix anything. I told her I would come get the laptop and take a look at it.
I turned on the laptop without it connected to the internet and got a Windows firewall alert about a file trying to access the net. I took note of the file and the path and Googled the file expecting many links about it. It found two. One of those links gave me a start. It appears to be a new infection out there. I removed her HD and connected it to my PC and scanned the drive expecting NIS to find it and remove it. All NIS found were some java files that were identified as bad. These files may have had a part in getting the infection she had on the PC but NIS didn't find the infection. Since I had the path of the files location from the firewall alert, I just ended up deleting the folders. The thing was also, the folders had made themselves hidden system folders that I had to unhide to see them and delete them. I ran the Norton Power Eraser tool before deleting the folders and that did find the main malware executable file but didn't ID the other files in the folders. Maybe those files wouldn't have functioned without the main .exe but I don't know. Anyway, I did get the malware to stop coming up after I reinstalled the HD in the laptop. I opened Malwarebytes and found she hadn't updated the def. like I told her to. I even explained how to do it. I have fixed their PC's so many times and they still don't get it about security. I updated Malwarebytes and ran it and it found some other related files and registry entries related to the "Smart Security" infection.
Here's the thing. I don't know if Norton is working on this infection yet because the links I found with Google seem to show the malware as just popping up last week. I would like to send some info to them if they aren't totally aware of this issue if it would help. Below are some links about the infection she had.
ESET Knowledgebase - Reports of rogue ESET Smart Security malware
ESET Blog showing what the pop up window looks like This link is a real good read.
I'm figuring and hoping Norton is getting this infection added in to their def.'s. I guess my friends wife has picked up on some of what I have told her over the years because she didn't click on the window that was showing up upon boot, but she still probably clicked on some pop up window that downloaded the thing in the first place. I showed her last night how to close IE with the task manager if she ever got a pop up or tried to close a tab or IE and got a message "Are you sure you want to navigate away from this web page?" NEVER CLICK THE ANSWER BOX TO THESE TYPES OF QUESTIONS!!!! Use the task manager to close IE or FF, clean cookies, Temp Int. Files, and start a new browsing session.
I was glad I didn't have to dump and reinstall Windows for her again, like I have in the past. It's getting real tiring. I should make her take it to a pro and let her pay to have them fix her infection problems and pay for it so she knows what it costs to fix the problems that they get because they don't take security seriously. I offered her an extra license I have for NIS 2011 but she is sticking with the lifetime Vipre sub. she bought with the laptop on QVC. She says she'll buy their FW but I doubt she does.
Let me know if I can help by submitting the info.