OT - What Virus is this?

DelCallo wrote on 11/11/2008, 1:58 PM
"Your Computer is Infected!
Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent
data loss. Windows will now download and install the most
up-to-date antispyware for you.

Click here to protect your computer from spyware!"

Text is re-typed here just as it appears including the mispelled 'pervent'.

I don't know how I came down with this bug, but I was able to stop the autoload of the 'latest antispyware' before it could finish. I then ran a scan from AVG that, apparently, rid my machine of the part of this bug that would try to install anything else on my system. But, I have not been able to eliminate this goofy balloon that pops up from my task bar every 30 seconds or so bearing the above message.

It now pops up and disappears on its own, and, other than the annoyance, seems to have no other impact on my machine.

Any help would be most appreciated.

I apologize for the OT post, but know that many knowledgeable eyes peruse and are active in this forum.

Thanks for any advice.

Caruso

Comments

craftech wrote on 11/11/2008, 2:11 PM
It's a fake message by either a hacker or a desperate anti-spyware website trying to trick you into installing their anti-spyware program.

To get rid of the popups download a utility called Hijack This!. Do a scan and look for BHOs (Browser Helper Objects) that sound like something you didn't install. Legit ones like the Google Toolbar you can leave alone. You can also use a Registry Cleaner like Crap Cleaner to get rid of some of this stuff. It may be the one called Spyware Strike. Here are instructions on how to manually remove it if the other methods don't work. It could also be Trojan Downloader:W32/Fake Alert.BG which is more recent. Here is one that sounds exactly like yours including the same misspelled word. It is called Bravax.

John
tcbetka wrote on 11/11/2008, 2:19 PM
It's a dupe--an attempt to get you to buy something you likely do not need. These are simply pop-ups, and I just close them.

I have run Windows since the days of DOS, and have NEVER run an anti-virus software on purpose. There was a time that I wasn't sharp enough to know how to pry Norton anti-virus out of the deep, dark recesses of the OS--but since I figured this out several years ago, you won't find any such crap on my machine. Bloatware, is all this is.

I run Ad-aware, Spybot Search & Destroy, RegScrub and RegCompact. All of these are free (or I use the free versions), and work great. I have been doing this for several years and simply have no problems with any Windows machine--and I have 5 of them.

TB

EDIT: Was writing this when John posted, lol. Great minds...
Chienworks wrote on 11/11/2008, 5:26 PM
I have to ask, are there *any* legit browser helper objects? I've never seen one. I have encountered many people who's computers were as slow as slogging through mud and doing many unexpected and unwanted things all the time. All i did to fix them and get them back to top operating condition was to uninstall the google & yahoo tool bars from MSIE.

I've then shown these folks how to add a link to google & yahoo to their tool bars instead of using the helpers. A single click still gets them exactly where they want to go without their browser being hijacked by these pests. The reaction of those users is generally something along the lines of "so what the #*&@^#*^% were those helper objects supposed to help me do anyway?"
rs170a wrote on 11/11/2008, 5:50 PM
In addition to SpyBot & Ad-Aware, I recently started running Malwarebytes (also free) and was amazed at what it found that the others missed.

Mike
musicvid10 wrote on 11/11/2008, 7:07 PM
These nasties use Windows Messenger. You can turn it off manually or with a little utility from grc.com called "Shoot the Messenger."

SpyBot Search and Destroy "should" take care of your unwanted houseguest.
DelCallo wrote on 11/11/2008, 8:07 PM
I've posted for advice on several other fora, not even a response so far. Post it to you all, and I have an answer in hours, not days.

Thanks so much. You are all the best.

Caruso
farss wrote on 11/11/2008, 8:16 PM
If you've had this happen it might be time to invest in something like Kaspersky. It's caught a few nasties both on this PC and the ones where I work. Some of the latest trojans are very cleverly crafted and difficult to detect. I've had Kaspersky running while capturing video and it's never gotten in the way, I don't normally do that, just had to press every available PC into rendering or capturing.

Bob.
Steve Mann wrote on 11/11/2008, 11:22 PM
This is slightly off-topic, but since adding a ton of known spam sites to my hosts file, I have seen a dramatic drop in ads and virtually all pop-ups. (I do get some "unable to locate..." errors in the frame where the ad would go, but that's a small price to pay.)

This HOSTS file is a free download from http://www.mvps.org/winhelp2002/
DelCallo wrote on 11/12/2008, 1:51 PM
I have shot the messenger. He is now in a permanent vegetative state. Thanks for all the great advice. The annoying red dot is gone, so is the pop.

Weeeeeee!

Caruso

Edit: So is the popup. That's what it is supposed to say.
craftech wrote on 11/13/2008, 5:38 AM
This is slightly off-topic, but since adding a ton of known spam sites to my hosts file, I have seen a dramatic drop in ads and virtually all pop-ups. (I do get some "unable to locate..." errors in the frame where the ad would go, but that's a small price to pay.)

This HOSTS file is a free download from http://www.mvps.org/winhelp2002/
===========
Thanks Steve. I popped that little file in my C:\Windows directory (W98SE) and it stopped almost all ads. Amazing. Of course I have Active X and most scripting disabled in IE as well. Crippled but secure. For the bells and whistles I use Firefox.

John

EDIT: It seems that this file will not allow certain programs like Mailwasher to run. Oh well.
johnmeyer wrote on 11/13/2008, 9:57 AM
This is slightly off-topic, but since adding a ton of known spam sites to my hosts file, I have seen a dramatic drop in ads and virtually all pop-ups. (I do get some "unable to locate..." errors in the frame where the ad would go, but that's a small price to pay.)I second John's recommendation on the HOSTS file. The only other downside is that some sites do "click-throughs" to the site you want to go to (i.e., when you click to go to a site in a sponsored Google search result, that click invisibly first goes to a tracking ad site and then to the site you want to go to). You can either take a moment to remove that ad site from the HOSTS file, or simply just go to the site by typing the URL. This doesn't happen often, but is the other small inconvenience to the HOST file.

However, the ability to not only avoid pop-ups, but also avoid accidentally going to a malware site really improves the security of your PC.
craftech wrote on 11/13/2008, 10:51 AM
However, the ability to not only avoid pop-ups, but also avoid accidentally going to a malware site really improves the security of your PC.
==
So how does one get it to allow a program like Mailwasher to run? It stops the script.

John
craftech wrote on 11/14/2008, 2:58 AM
I have to ask, are there *any* legit browser helper objects?
============
Sure Kelly,

PDF Creator is an incredibly useful tool that uses a BHO.

A lot of people use and like Spybot Search and Destroy to block spyware. It uses a BHO.

John