F-secure does not find and hence do not remove virus/trojan- please update virus definition

Hi,

 

Since F-secure is closed in Sweden due to holidays this message is posted here. Saturday night a new explorer page opened itselfe claiming Microsoft Antivirus had found critical activity on my PC and I was suppose to press ok to clean my computer. Of course I did not but what annoyed me was that I had to use the activity manager (not sure of the english name) to close the page. Since then I have updated my virus definitions several times, reinstalled Internet Security and also tried F-secures online web check. Unfourtunately it seems the virus is not known to F-secure or the virus program is not able to find it. To make sure this was actually something on my computer I closed down all internet possibilities and opened explorer, the page was now opened as the start page.... Hence I think I could exlude the possibility of firewall problems.. The page is grey with only a ok- button ant has the link (http://853e4f39.webantiviruspro2042.pl).... do not use this, beware!!!!. I also at one occation g ot a popup from Microsoft Security Essensial Alert related to this.

 

Does anyone else has seen this virus/trojan and F-secure, please update your definitions so I could dare to use my computer again, please!!!

 

/Nanne

Best Answer

  • NanneNanne Posts: 4
    Accepted Answer
    Again, thanks all! I have tried the Microsoft scanner and it did not find my malware. Then I tried F-secure again, no luck so I removed CDburnerXP and the Clock from Microsoft store, named Asparion. Tried Explorer for half an hour without any strange popups. Then a bit annoyed that I forgot to remove the apps one by one I reinstalled Asparion Clock and to my big surprise (since this is downloaded thru the store app in my windows 8) a similar webpage showed up, the same adress but small Changes in the apperance, this time a popup from microsoft essensial with three identified viruses. I removed the app again and have now used Explorer for more than 30 minutes without any problems. Of course, I am not yet 100% sure the Asparion Clock from the store is to blame but much indicates this right now. I will report back tomorrow how things are with my computer. I can also report that F-secure answered my mail. They said this is a common problem and that each time they add one into the virus definition, four more appears on the web. The reccomendation was do do a system backing to a time Before the problem appeared until they have this specific malware in their list... Thanks again!

Answers

  • SimonSimon Posts: 2,582
    Try running a scan with https://www.malwarebytes.org/. Hopefully that will remove any infection, while awaiting a response from F-Secure.
  • vallavalla Posts: 1

    I have got the same , but from 853e4f39webantivirusprow.pl

  • NikKNikK Posts: 931

    This is not a virus or trojan. It's a fake message that will try to trick you into downloading a software to be able to delete these "made up" infections. It might be an Adware or a Toolbar that is causing this.

    As Simon suggested, download, install and run the free version of Malwarebytes Anti-Malware(MBAM). It will find programs called PUP(Potentially Unwanted Programs) which defines a wide range of different unwanted program behaviors. Definition of PUP here 

    I recommend MBAM regardless of what anti-virus product you have.

     

    Additional information

    No anti-virus product can protect you to 100%. I would say that the main risk in getting infected is the user behavior. People designing ads and fake messages are taking advantage of this. So only click on messages you know are genuine.

    When installing products, make sure you uncheck any options for additional toolbars etc.

    To be extra safe, before installing or running new programs I recommend scanning them on VirusTotal which is a multi-engine anti-virus scanner. F-Secure is one of 48 scanners at the moment. VirusTotal also has a multi-engine URL scanner for checking web pages addresses.

    Give Kudos to say "thanks". Click "Accept as Solution" to inform others when your issue's been solved
    Need more help? Submit a Support Request or chat / call F-Secure support
    NanneUkko
  • they still have to find it, as it's one kind of malware...
  • NikKNikK Posts: 931

    Yes, I meant this type is not usually detected by traditional anti-virus products. I believe the specific term for it is "scareware".

    If Malwarebytes Anti-malware doesn't remove it we can suggest other products.

    Ukko
  • NanneNanne Posts: 4

    Many thanks to you all for contributing!!!

     

    I have now tried malwarebytes and did both a quick and a full scan, unfortunately without any results. Recently I have installed a clock from the app store and the CDburnerXP from its home page. Do you think I should remove these apps? Or if this problem continoues, should I even reinstall explorer. It seems chrome is not affected and I guess I am not in great need of explorer.

     

    Does anyone  know for sure this is only a scareware and not a trojan? Is it installed onto explorer or in another folder?

     

    Thanks again!

     

    /Nanne

  • SimonSimon Posts: 2,582

    CDBurnerXP should be fine, providing you didn't allow it to install any toolbars or other 'bundled' software as well.  There's usually a tickbox during the installation which you should have unticked.

     

    I can't comment on the clock from the app store, but do you have any extra toolbars on Internet Explorer now?  If so, try removing these in IE's Add-Ons Manager.

    Nanne
  • NikKNikK Posts: 931

    Nanne, I found a Microsoft article with more information about these fake alerts. It recommends scanning with Microsoft Safety Scanner 

     

    Similar problem and other suggestions here at a Microsoft forum.

     

    If you have installed a program that you're unsure about and not necessarily need it, then remove it.

    Ukko
  • NikKNikK Posts: 931

    Nice work, sounds like you may have found the source. I wonder if any of the other 47 malware scanners at VirusTotal is able to detect this. I don't have Windows 8 so I can't download the Clock app, but maybe you could try? You first download the file, then go to VirusTotal and upload it and wait for the result.

  • NanneNanne Posts: 4

    I have used explorer for three days now without any issues. Best guess for source of the malware is the clock app from the app store. 

     

    NikK, my computer skills are not that great that I dare to install the app again. A good day for me is a day when I manage to find the windows 8 control panel within 5 minutes Smiley Happy I will try to report this to whomever is running this app store.

     

    Take care!

    Ukko
  • NikKNikK Posts: 931

    I see. Thanks for you feedback.

     

    But just as information(to all who reads this): I never meant you should install it, only download it and then scan it on VirusTotal. I would of course do that myself if I could, but with Windows 7 I'm not allowed to download it Smiley Sad

     

    PS. An interesting note on Clock App home page is:

    Upgrade options available as inapp purchase: No Ads

This discussion has been closed.