Vista - Advice on a possible fake virus download

**Peppurr101** · 01-30-2009

Hello,
I hope someone can give me some advice. Yesterday, as I was browsing online (no naughty sites, I promise) I opened a window that appeared to have one of those classic fake antivirus programs.. you know the kind, "Your computer may be infected get a free scan now!!" The green progress bar at the bottom of my IE window started to move across as if something was downloading so I didn't stick around. I tried to close the window by right clicking on the task bar, that didn't work, so I shut down my internet connection. To close the window I shut down my computer. I restarted, and all seemed to be well. I have the Norton fraud monitoring active on IE and it didn't show any errors, but just to be safe, I scanned with both Defender and my Norton (both up to date). Nothing came up. I checked my software explorer with Defender, no new startup programs, no unfamiliar processes. The computer is acting normal. No pop ups, no unusual CPU activity. The one thing that worries me is that when I went looking into the reports and activities section of my Norton software, under 'firewall activities' starting yesterday at around the time this all happened, I saw this message showing up.

30/01/2009 06:08:51,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (24.30.160.130,microsoft-ds(445)).",

I don't know what this means and I have not been able to find out on the web.
Can anyone shed any light? From the way the computer is acting, I'd say I'm safe and if I hadn't looked at this log, I'd probably assume it was. Am I right in assuming that if anything bad managed to download itself yesterday, that my Defender and/or Norton would have screamed a few warnings at me by now?
Please ease my mind..
Thanks
Peppurr

**dk70** · 01-30-2009

A google search does not seem alarming "Default Block Microsoft Windows 2000 SMB" - Google Search

What Norton you run? 2009 version is the way to go if you stick with Norton.

Im asking because you mention Windows Defender. Dont know about old Norton but newer disables Windows Defender and they dont recommend you to enable it after wards. Make sense or just what they have to say, dont know. I know Avira suggest the same except they dont disable during install.

There is a problem with AV products without out much HIPS protection avoiding Defender. Does not take much effort to find some malware which they skip and Defender stops

Is far from useless.

Unless you actually downloaded and installed the "scanner" computer is not infected. Infection do not come from screwing up browser and making you turn off computer. Also how close you were depends on how Vista is set up with UAC, protected mode and what not. Firefox also dont make it that easy to run programs off the net. What site was trying to do by making it hard to get rid of. Use task manager next time, close IE/whatever browser process. The idiots exploits peoples panic and/or lack of knowledge.

If you want some supplement to Norton/Defender try Malwarebytes Anti-Malware Malwarebytes.org Easy to update and dont conflict with anything and if you get infected it is very good at removing.

**Peppurr101** · 01-31-2009

Hi dk70
Thank you for your reply. I am running Morton Internet Security. I think it's 2008? It came with my computer and I will upgrade as soon as my subscription is up.

The Norton I have and Defender seem to play well together. I'll see what happens when I upgrade.

What is HIPS protection?

So you are saying I got off lucky and I'm safe?

I'll look into MalwareBytes..
Thanks
Peppurr

**dk70** · 01-31-2009

HIPS is just another buzzword, host intrusion prevention system. Means Windows Defender keep an eye on certain system settings and prevent unwanted changes. What you see under "real time" in tools, options. Dead simple. Other products are very complicated, locking things down if needed - check this pic

File:Ssm.png - Wikipedia, the free encyclopedia Think the term originates from firewalls, not sure. Definitely one of the things that separate AV products, like an extra layer on top of old fashioned detection of objects. If done right this give 100% protection because all changes will have to be approved. And you will have to be a security freak

Dont know what the deal is with WD vs. AV products. Some dont care, others say they conflict. I would leave it as is if you have not noticed problems. Have the feeling there is some politics involved.

Yes Im sure you are safe - even more if you check with Malwarebytes.

**Peppurr101** · 01-31-2009

Thanks dk70. I appreciate your reply. I feel much better now!
Peppurr

**bruce2** · 02-01-2009

Hi Peppurr101, I would not worry about it unless it is given you problem.

However, if you somehow feel insecure still, you can always restore the system to the restore point before the incident.

More over, if you feel you have to do something about it, you can give this a try:
Download Kaspersky Rescue Disk 8.8.1.18 - A safe way to remove viruses from a computer without the risk of getting infected - Softpedia

One additional comment, the Norton AV Internet 2009 is light and works really well. I was an anti Norton person before I tried it. Consider it when you upgrade.

Hope this helps.

Bruce

01-30-2009	#1 (permalink)
Peppurr101 Vista Home Premium 32 bit now with SP2! 122 posts	Advice on a possible fake virus download Hello, I hope someone can give me some advice. Yesterday, as I was browsing online (no naughty sites, I promise) I opened a window that appeared to have one of those classic fake antivirus programs.. you know the kind, "Your computer may be infected get a free scan now!!" The green progress bar at the bottom of my IE window started to move across as if something was downloading so I didn't stick around. I tried to close the window by right clicking on the task bar, that didn't work, so I shut down my internet connection. To close the window I shut down my computer. I restarted, and all seemed to be well. I have the Norton fraud monitoring active on IE and it didn't show any errors, but just to be safe, I scanned with both Defender and my Norton (both up to date). Nothing came up. I checked my software explorer with Defender, no new startup programs, no unfamiliar processes. The computer is acting normal. No pop ups, no unusual CPU activity. The one thing that worries me is that when I went looking into the reports and activities section of my Norton software, under 'firewall activities' starting yesterday at around the time this all happened, I saw this message showing up. 30/01/2009 06:08:51,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (24.30.160.130,microsoft-ds(445)).", I don't know what this means and I have not been able to find out on the web. Can anyone shed any light? From the way the computer is acting, I'd say I'm safe and if I hadn't looked at this log, I'd probably assume it was. Am I right in assuming that if anything bad managed to download itself yesterday, that my Defender and/or Norton would have screamed a few warnings at me by now? Please ease my mind.. Thanks Peppurr
My System Specs

01-30-2009	#2 (permalink)
dk70 Vista Ultimate x64 SP1 213 posts	Re: Advice on a possible fake virus download A google search does not seem alarming "Default Block Microsoft Windows 2000 SMB" - Google Search What Norton you run? 2009 version is the way to go if you stick with Norton. Im asking because you mention Windows Defender. Dont know about old Norton but newer disables Windows Defender and they dont recommend you to enable it after wards. Make sense or just what they have to say, dont know. I know Avira suggest the same except they dont disable during install. There is a problem with AV products without out much HIPS protection avoiding Defender. Does not take much effort to find some malware which they skip and Defender stops Is far from useless. Unless you actually downloaded and installed the "scanner" computer is not infected. Infection do not come from screwing up browser and making you turn off computer. Also how close you were depends on how Vista is set up with UAC, protected mode and what not. Firefox also dont make it that easy to run programs off the net. What site was trying to do by making it hard to get rid of. Use task manager next time, close IE/whatever browser process. The idiots exploits peoples panic and/or lack of knowledge. If you want some supplement to Norton/Defender try Malwarebytes Anti-Malware Malwarebytes.org Easy to update and dont conflict with anything and if you get infected it is very good at removing.
My System Specs

01-31-2009	#3 (permalink)
Peppurr101 Vista Home Premium 32 bit now with SP2! 122 posts	Re: Advice on a possible fake virus download Hi dk70 Thank you for your reply. I am running Morton Internet Security. I think it's 2008? It came with my computer and I will upgrade as soon as my subscription is up. The Norton I have and Defender seem to play well together. I'll see what happens when I upgrade. What is HIPS protection? So you are saying I got off lucky and I'm safe? I'll look into MalwareBytes.. Thanks Peppurr
My System Specs

01-31-2009	#4 (permalink)
dk70 Vista Ultimate x64 SP1 213 posts	Re: Advice on a possible fake virus download HIPS is just another buzzword, host intrusion prevention system. Means Windows Defender keep an eye on certain system settings and prevent unwanted changes. What you see under "real time" in tools, options. Dead simple. Other products are very complicated, locking things down if needed - check this pic File:Ssm.png - Wikipedia, the free encyclopedia Think the term originates from firewalls, not sure. Definitely one of the things that separate AV products, like an extra layer on top of old fashioned detection of objects. If done right this give 100% protection because all changes will have to be approved. And you will have to be a security freak Dont know what the deal is with WD vs. AV products. Some dont care, others say they conflict. I would leave it as is if you have not noticed problems. Have the feeling there is some politics involved. Yes Im sure you are safe - even more if you check with Malwarebytes.
My System Specs

01-31-2009	#5 (permalink)
Peppurr101 Vista Home Premium 32 bit now with SP2! 122 posts	Re: Advice on a possible fake virus download Thanks dk70. I appreciate your reply. I feel much better now! Peppurr
My System Specs

02-01-2009	#6 (permalink)
bruce2 Vista Ultimate 64 bit 584 posts	Re: Advice on a possible fake virus download Hi Peppurr101, I would not worry about it unless it is given you problem. However, if you somehow feel insecure still, you can always restore the system to the restore point before the incident. More over, if you feel you have to do something about it, you can give this a try: Download Kaspersky Rescue Disk 8.8.1.18 - A safe way to remove viruses from a computer without the risk of getting infected - Softpedia One additional comment, the Norton AV Internet 2009 is light and works really well. I was an anti Norton person before I tried it. Consider it when you upgrade. Hope this helps. Bruce
My System Specs

Similar Threads
Thread	Forum
Fake AV Generates Own Fake Malware.	Security News
Swayze death exploited to serve up fake anti-virus.	Security News
Watch out for fake virus alerts	Security News
Fake anti-virus has taken over my vista pc	System Security
Icon Download; Advice PLS.	Vista General