We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Fake Virus=System Restore=Odd Scan history?


buel

Likes # 0

Hi, My friend rang me up today to say that he had been surfing a tattoo website when he had a virus warning pop up stating that he had 16 (or so) viruses...unfortunately he clicked on it (to get rid of it, NOT to 'complete a full scan', 'Pay to upgrade' or any of the other options you are given by these fake scans) and then noticed his PC slowed down.

Nest he shut his PC down and rang me. I advised him to perform a system restore to a week ago, he did this and everything seemed to be ok but his AVG was saying that it didn't recognise his licence number (he has the free version) and to input the code again.

I told him to leave this and, firstly, to update his SuperAntiSpayware and run that scan, he said that his PC was saying that it was unable to go online....!

Just out of interest, i asked him to read out to me the date of the last scan of SuperAntiSpayware, it said the last scan was 17/3/2011......now i had previously banged on and on about the need to update and scan his PC with AVG, SAS, Malwarebytes and Spybot.....he maintained that he had run his scans as he was advised (once per week minimum)

so i said to turn it off and leave it until i was able to get some help.

Two questions, if i may: 1, Shouldn't a system restore be ok to restore it pre-virus? 2, Is it a sign that it is infected that it wont go online to update SAS? 3, Surely the fact that SAS says the last scan was 17/3/2011 MEANS that that was when the last scan was run??

Please advise if you can- B

Like this post
Fruit Bat /\0/\

Likes # 0

Shouldn't a system restore be ok to restore it pre-virus?

No, as viruses can hide in restore points to avoid scans

Is it a sign that it is infected that it wont go online to update SAS?

Probably

Surely the fact that SAS says the last scan was 17/3/2011 MEANS that that was when the last scan was run??

Yes But if its been restored to a previous date then when was that date? A week after the 17/3?

Like this post
buel

Likes # 0

Thank you Fruit Bat!

Yes But if its been restored to a previous date then when was that date? A week after the 17/3?

The date it was restored to was end of May...so that confuses me why it would say 17/3/2011? (Actually think i hadn't put SAS on the PC at that point?)

Also, this fake virus banner came up on a tatto (not porn) website, is there ANYTHING anyone can do to prevent these?

Like this post
Fruit Bat /\0/\

Likes # 0

is there ANYTHING anyone can do to prevent these?

not entirely but programs like SpywareBlaster help

Like this post
buel

Likes # 0

Thank you, would you suggest i use that program to repair the computer in question?

Like this post
rdave13

Likes # 0

No as it's a blocking program like Spybot S&D. Suggest you boot up to safemode with networking. Open IE and go to tools. Select Internet Options - Connections tab - Lan settings and untick the box for a proxy server. If already untick then update SAS and run a full scan and delete all it finds.

Do the same with MalwareBytesAntimalware.

Reboot and see if you can scan with MBAM in normal mode.

Like this post
Secret-Squirrel

Likes # 0

" he had been surfing a tattoo website when he had a virus warning pop up stating that he had 16 (or so) viruses...unfortunately he clicked on it (to get rid of it, NOT to 'complete a full scan', 'Pay to upgrade' or any of the other options you are given by these fake scans) "

From what you've described, I'm not convinced that your friend was actually infected with anything. It's very commonplace nowadays for users to get a craftily constructed webpage pop-up that looks like an anti-virus scanner, the Windows Security Center, a Windows Explorer window, or even their AVG interface alerting them to multiple "infections". However, because it's just a webpage, simply closing all browser windows is usually all that's required to fix the issue. If your friend had downloaded and installed something then that's something completely different and he would have become infected with a scareware infection.

It's possible that the PC's slowdown was simply a coincidence perhaps caused by his PC installing new updates or starting a scheduled daily AVG scan.

Sometimes a System Restore can give unexpected results and the odd program may misbehave - especially if you use a restore point that's a lot older than necessary. If you're going to visit him then I'd be inclined to undo that restore and see how things are and run a Malwarebytes' scan. You'd soon notice a genuine scareware infection because the PC would be virtually unusable with multiple virus alerts and various Windows features not working etc. If you're not going to see him though then perhaps it'll be safer to leave the restore in place.

If it happens to your friend again then get him to close all open browser windows, do a reboot, and not visit that site again. If on restart things are clearly not right then you can start assuming he's infected.

"1, Shouldn't a system restore be ok to restore it pre-virus?"

Apart from one scareware infection that I've dealt with, using System Restore has completely deactivated the infection and returned the PC to normality. I then run Malwarebytes to mop-up any leftover files (although it rarely finds any).

"is there ANYTHING anyone can do to prevent these?"

A good start is to make sure the browser's pop-up blocker is enabled.

Like this post
buel

Likes # 0

Thank you for that brilliant comprehensive answer!!!

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

How to watch Samsung Galaxy Note 4 launch live: Unpacked 2014 Episode 2 at IFA

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Miranda July's Somebody app offers a very unusual take on messaging

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...