What are you supposed to do when a virus is trying...

ksbluesfan

Graduate Poster
ksbluesfan
Joined
Jan 13, 2007
Messages
1,376
...to install itself on your computer?

I just clicked a link to an article about Michael Moore's reaction to the killing of Osama bin Laden. I should know better than to care what Michael Moore thinks, but I was bored.

As soon as I clicked the link, a new window opened that looked like my virus scan was running. It claimed that it detected several trojans, worms, etc. There was also a pop-up box over the main window that was prompting me for a response. I know it would have installed one of those fake virus scan software packages that is actually more of a virus than it is anti-virus software.

What is the safest way to handle this? I just clicked the 'X' in the upper-right corner to close the pop-up window, then I closed the browser page. It prompted me again with "are you sure you want to navigate away from this page", to which I clicked the 'X' again. Is there a better way to handle this?

I ran my real virus scan, but it didn't find any problems.
 
Same thing happened to me a few days ago, but I closed Firefox as soon as the "scan" started. Nothing happened since then, virus scan came up negative too.

McHrozni
 
I usually hit alt+F4 in case they've mapped a nasty button onto the GUI but since technically they can map a nasty button to the alt+F4 hotkey as well, if I'm feeling particularly paranoid I pull my network cable/hit my wireless On/Off switch...

As far as I can tell the last virus I got installed itself from some website's banner ad type thing without me clicking anything at all. I'd just left a window open while making dinner and eventually it served up an ad that somehow ran some malicious code. Came back to a desktop full of virus warnings. I just plain shut 'er down but the fox was already in the coop. :/ I run my system lean so I can just reformat the stupid thing instead of wasting time trying to clean it up.
 
If you open up Task Manager (control+alt+delete), you can kill the Firefox process. The damage comes if you click on the thing saying "OMG INSTALL NOW!!!!!!" and then it gets in there.
 
ksbluesfan said:
Next time, I will use Task Manager to stop my browser. Thanks!
Click to expand...


Also, when you restart Firefox after a crash or forced shutdown, its default behavior is to reopen the page(s) you were on before the shutdown. If you Ctrl-Alt-Del to the Task Manager and then "End Process" to close Firefox because you're on a page that presents some risk or doesn't allow you to leave the page, you may find yourself right back there when you restart the browser. There is a way around this.

In the URL bar of the browser, the place where you type the address of a web site you want to visit, type about:config and hit Enter.

That will bring up a window with lots of scary looking settings, most of which you won't want to mess with. But... scroll down to the one named browser.sessionstore.resume_from_crash

The value on that line is probably set to "true". Double click the line to change it to "false". (Or right click on the line and select "Toggle" from the mini-menu.)

Then if you force a shutdown of Firefox to get away from a malicious page, when you restart Firefox it won't take you right back to that page where you don't want to be.
 
Actually, I'm not on Firefox. I use my company's standard -- Internet Explorer. It allows me to start at the last page or my home page.
 
ksbluesfan said:
...to install itself on your computer?

I just clicked a link to an article about Michael Moore's reaction to the killing of Osama bin Laden. I should know better than to care what Michael Moore thinks, but I was bored.

As soon as I clicked the link, a new window opened that looked like my virus scan was running. It claimed that it detected several trojans, worms, etc. There was also a pop-up box over the main window that was prompting me for a response. I know it would have installed one of those fake virus scan software packages that is actually more of a virus than it is anti-virus software.

What is the safest way to handle this? I just clicked the 'X' in the upper-right corner to close the pop-up window, then I closed the browser page. It prompted me again with "are you sure you want to navigate away from this page", to which I clicked the 'X' again. Is there a better way to handle this?

I ran my real virus scan, but it didn't find any problems.
Click to expand...

the best is to save your work and turn the computer off, do not click anything in the popup.

If you are geeky, the press Ctrl,Alt,Delete go to processes and end processes that are iexplorer, firefox, whatever you use. Save your work.Then turn off the machine.

If nothing happen when you boot up, you are probably okay.

ETA: the real problem is that they often drop a new variant of the TDL/TDSS/Aleuron virus, one that TDSSkiller did not catch earlier this week and is a pain to remove, usually immune to rkill as well, some people have had success with root unhooker, then TDSSkiller, but I think I read kaspersky released an update.

the sucker also causes all these IE script errors and audio ads, some variations hide your files as well.
 
Last edited:
GeeMack said:
Also, when you restart Firefox after a crash or forced shutdown, its default behavior is to reopen the page(s) you were on before the shutdown. If you Ctrl-Alt-Del to the Task Manager and then "End Process" to close Firefox because you're on a page that presents some risk or doesn't allow you to leave the page, you may find yourself right back there when you restart the browser. There is a way around this.

In the URL bar of the browser, the place where you type the address of a web site you want to visit, type about:config and hit Enter.

That will bring up a window with lots of scary looking settings, most of which you won't want to mess with. But... scroll down to the one named browser.sessionstore.resume_from_crash

The value on that line is probably set to "true". Double click the line to change it to "false". (Or right click on the line and select "Toggle" from the mini-menu.)

Then if you force a shutdown of Firefox to get away from a malicious page, when you restart Firefox it won't take you right back to that page where you don't want to be.
Click to expand...

Wow, it doesn't ask?
 
Pantaz said:
Yeah. Very annoying. I had to deal with it earlier this week when I encountered one of those fake virus scan scripts. At least Opera asks if you want to reopen tabs after a crash.
Click to expand...

Firefox does too....sometimes.

It's the one thing I don't like about it. Most of the time you will get a "Whoops, firefox crashed, do you want to reopen your tabs?" bit, but sometimes it just opens them, and other times it doesn't let you reload your session at all.
 
ksbluesfan said:
I ran my real virus scan, but it didn't find any problems.
Click to expand...
Usually as long as you don't let it complete its "scan" you're okay. It's scareware, that usually prompts you to download after it "finds infections." As others have said you need to kill the browser because even if you tell it "no" it does its little scan anyway.
 
MarkCorrigan said:
Firefox does too....sometimes.

It's the one thing I don't like about it. Most of the time you will get a "Whoops, firefox crashed, do you want to reopen your tabs?" bit, but sometimes it just opens them, and other times it doesn't let you reload your session at all.
Click to expand...


Session Manager is a FireFox add-on which does an excellent job of handling this sort of problem. Handles tab groups as well. Lets you select from a list of prior sessions, or save different ones as permanent configurations.

Be sure and reset the "save and quit" prompt to 'enabled' if you're using FF 4.**. For some reason the install defaults to having it turned off. This won't work with most crashes, but it does with some.

Tab Mix Plus is worth checking out, too. There's a bit of overlap. It has a session manager of it's own, but will integrate nicely with Session Manager if they are used together.
 
Vermonter said:
If you open up Task Manager (control+alt+delete), you can kill the Firefox process. The damage comes if you click on the thing saying "OMG INSTALL NOW!!!!!!" and then it gets in there.
Click to expand...

Once I have done the Task Manager I will disconnect the internet cable then crash dump the computer. A virus makes it through that, it deserves my attention lol
 
The last time it got me, it deposited something in the temp folders. So as a precaution after cont/alt/del closure I empty the remp and history and reboot!
 
Do what Hans Solo did while they were rescuing Princess Leia from the Deathstar....just shoot your computer with your blaster....works for me everytime.
 
You must log in or register to reply here.

Back
Top Bottom