- Aug 25, 2001
- 56,570
- 10,200
- 126
A friends computer, keeps popping up "You have a security problem". Clicking on the popup leads to a web site with "Antivirus 2009" on it, and it doesn't want to let the web browser go.
Anyways, I downloaded the newest Malwarebyte's Anti-Malware, and did a full scan. It found "trojan.Agent" and "trojan.FakeAlert". They were all "tmpXX.exe" files in the temp directory. Malwarebytes claimed to remove them.
I then did a Windows Update, found about 12 updates, most of them security updates. (He is running SP2 still)
So after that, I reboot the machine and hand it back over to him. He goes to the WAAF web page, and goes to this slot-machine page that is part of that site. BOOM! "You have a security problem."
So I'm guessing it's something on that site, but why is it getting in if the machine is "fully patched"? (IE7, including latest cumulative update)
Frustrated. I would install Firefox for him if he were more computer literate, but he isn't.
(A different friend of mine, I did sucessfully get to use Firefox. But he still got hit with "Antivirus 2009" a few months ago. He was running his PC without his router hooked up, I assume that's how it got in.)
Both of these friends use "limited accounts".
It's not a problem to manually end task the tmpXX.exe files, he had a whole pile of them in his temp directory.
Can anyone shed some light on this?
Edit: I should note that it looks like he does NOT actually have the "Antivirus 2009" infection itself, just some loaders that generate popups, that direct the user to a web site to supposedly install it. Thank goodness. The system screensaver is still the default one, not the fake blue-screen screensaver that it installs that you can't get out of (unless you CTRL+ALT+DEL).
Anyways, I downloaded the newest Malwarebyte's Anti-Malware, and did a full scan. It found "trojan.Agent" and "trojan.FakeAlert". They were all "tmpXX.exe" files in the temp directory. Malwarebytes claimed to remove them.
I then did a Windows Update, found about 12 updates, most of them security updates. (He is running SP2 still)
So after that, I reboot the machine and hand it back over to him. He goes to the WAAF web page, and goes to this slot-machine page that is part of that site. BOOM! "You have a security problem."
So I'm guessing it's something on that site, but why is it getting in if the machine is "fully patched"? (IE7, including latest cumulative update)
Frustrated. I would install Firefox for him if he were more computer literate, but he isn't.
(A different friend of mine, I did sucessfully get to use Firefox. But he still got hit with "Antivirus 2009" a few months ago. He was running his PC without his router hooked up, I assume that's how it got in.)
Both of these friends use "limited accounts".
It's not a problem to manually end task the tmpXX.exe files, he had a whole pile of them in his temp directory.
Can anyone shed some light on this?
Edit: I should note that it looks like he does NOT actually have the "Antivirus 2009" infection itself, just some loaders that generate popups, that direct the user to a web site to supposedly install it. Thank goodness. The system screensaver is still the default one, not the fake blue-screen screensaver that it installs that you can't get out of (unless you CTRL+ALT+DEL).