Mark Berry April 21, 2013
Tonight my mom was browsing her local utility’s web site when she got a popup “Message from webpage” that Microsoft Antivirus had found critical activity A “Microsoft Security Essentials Alert” was behind that.
My smart mom put down the mouse, picked up the phone, and called me. When I connected remotely, I found this screen:
Since she does run Microsoft Security Essentials (MSE), it was very tempting to click on the Clean computer button. But that “Message from webpage” popup concerned me—that is basically saying that the web page is telling the browser to display a message—not the way MSE would present an alert. (Now that I read the “Message from webpage” more carefully, I see that there is a grammatical error as well. The next day I realized there is also a grammatical error and a misspelling in the “Microsoft Security Essentials Alert” as well.)
The other clue was that the web site shown in the status bar referred to consumption of alcoholic beverages—not exactly the public utility. (In fairness to the utility, I was unable to duplicate the phony messages when I visited their site, so the messages might have come from another site she had visited previously.)
I started a Safe Mode reboot via LogMeIn. When that didn’t “take” after a couple minutes, I did a hard reboot using another remote control tool. You could accomplish the same thing by unplugging your computer and plugging it back in.
I logged in to Safe Mode with Networking, started Microsoft Security Essentials and checked its History. Sure enough, no viruses found today, so the message above was fake. Virus signatures had been updated earlier today. I started a full system scan.
If in Doubt, Cut the Power
The hardest part about phony virus messages is noticing that they are “off” in some way before you click on them. Obviously, if you get a message purportedly from AVG but you run MSE, it’s phony. In this case, the fake message matched the real anti-virus program, so it was less obvious.
If you’re not sure where a message comes from, don’t click anywhere on the web page. You might be safe closing the entire browser, but I would recommend just cutting power to your computer, getting into Safe Mode, and running a virus scan. Or call someone to check it for you.
Good job, mom!