Helping people with computers... one answer at a time.

A sudden pop-up saying that your computer is infected feels like malware. To be safe, treat your machine as if it is already infected.

I have XP Professional with SP3. I'm certain you've answered this somewhere, but I don't know where. All of a sudden, a message appears on my screen from out of nowhere, telling me that my system is not clean and needs cleaning. If this were in an email, it'd be no problem to block or delete, but I'm absolutely puzzled by just how out of nowhere this message appears on my desktop. Of course, I can cancel it, but how does it get there? Is it related to Skype?

In this excerpt from Answercast #31, I look at a computer that suddenly has a pop-up which seems to be warning the user of an infection. This is a good time for some protection and a good cleaning.

Sudden message

I don't believe it's related to Skype.

There are two paths that I want to investigate here.

  • One is: If you're in your web browser, what you may be seeing is nothing more than a pop-up window from the website that you're visiting.

So, definitely pay attention to whether or not what you're seeing is in a web browser or if it is happening as the result of something you're doing in your web browser.

  • The scarier answer is that you've already got malware... and that malware is basically a little foot in the door that's trying to scare you into buying a specific product to fix a problem that's not really there.

It's a very common technique. Some of the worst malware infections we've seen in recent times have in fact been because this software is so convincing. It looks so real.

It's a trick

The error message seems legitimate. What happens, though, is you end up downloading the recommended solution to this particular problem. My guess is what you're seeing says, "Click here to purchase this product," or "Download a product that will clear up this problem that we're telling you you have."

Chances are when you download that product and install it, that then will install – not necessarily a cleaning product – but a truckload of malware. It's some bad stuff that will probably infect your system even worse.

Do not respond

My recommendation in a situation like this is never, ever download what is recommended in an unexpected pop-up window. Never.

  • Instead, use your own tools.

  • Update your own malware tools, your own anti-spyware, and your anti-virus tools.

  • Run up-to-date scans immediately.

Clean your machine

Consider running an up-to-date scan from the tool out at Malwarebytes.org. It's a free tool for individual use. Run that.

If you need to, run Windows Defender offline, which is a CD that you burn and boot from. It will run a Microsoft Security Essentials equivalent from the CD without Windows running.

Then consider running something, maybe, CCleaner, to further clean up your machine.

Feels like malware

Ultimately, this message feels like malware to me and I believe it needs to be treated as malware. That means treating your machine as if it's already infected and taking the steps necessary to rid it of that malware.

Article C5535 - July 1, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Bob
July 3, 2012 3:41 AM

I have seen friends and colleagues fall for this 'dirty trick' on several occations. The Malware is clever enough to generate the message, but not to truly mess everything up - so it needs you to invite it in.
I tend to use Task Manager (if that still works) to close the message, then scan my machine thorougly.

This scenario is further complicated when the messages for some software are poorly written and/or have no identifiers to tell you where the message originated. Always err on the side of caution, I say.

Snert
July 3, 2012 9:02 PM

I've gotten one that pop-ups with the warning "Your System Is Infected!" or similar. When I clicked the x in the corner to close it this 'scan' started with all sorts of bad stuff showing up. It was pretty darned aggressive. I had to exit my browser to make it stop. I shut down and did a complete malware scan in Safe Mode right after.

Bob
July 4, 2012 1:57 AM

to Snert (and anyone else interested)

Anything on a popup can be 'programmed' to say "yes" - even the X (as Leo has stated in some of his very informative articles).
The only way to be sure is to close the popup without touching it, i.e. terminating through Task Manager.

Dave Markley
July 5, 2012 7:29 AM

I believe I can answer what is happening here: The 'pop-up' you are getting is a version of the Anti-virus 360 virus that was so common in the past. The pop-up itself is not the virus, but by clicking anywhere on it (all the buttons are programmed the same), even the 'x' to turn it off, will download the virus. Malwarebytes and Emsisoft anti-malware are the only two programs I know of that will delete this pop-up. The virus, once installed, must be removed by a professional as no anti-virus made will get rid of it! If the pop-up shows you a list of viruses or problems, DO NOT try to just delete them as they are actually Windows files your PC needs to work.

What to do: 1. Disconnect from the internet immediately. 2. DO NOT click anywhere on the virus, just reboot your computer letting Windows shut it down. 3. This certainly came from the internet, not an email, so open your browser, but do not let the pages load (the last page you were on when it popped up is where it came from) but go to your home page or anywhere else before it can re-download itself. 4. Install Emsisoft AND Malwarebytes (both are free) and run them before you use your PC again. It is also best to change any important passwords afterward because if it did download the virus, your passwords have already been stolen. Good luck.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.