I’ve seen this several times — you go to a website, probably from a link that turns up from a google or whatever search, maybe even a popular site like The New York Times or Radio Times.  You get a pop-up dialog box that says your computer is infected with a virus and offers to scan it or prompts you to purchase virus software.  This is a scam, geared to get your credit card information!  This scam has several versions: Personal Antivirus, Virus Protector Analysis, Antivirus PC 2009, Desktop Security 2010, and others.

If you try to click the cancel button, nothing happens, and in fact I believe clicking the cancel button installs the malware just the same.  In one case, I was not able to kill the browser window through normal means.  According to malwarehelp.org, only 5% of antivirus packages detect this scam , although there are manual methods to detect and remove the virus.

My recommendation is this:

1. DON’T click either the OK or the Cancel button — I suspect both buttons are crafted to install the malware so either way is bad.

2. DON’T reboot your PC until you’ve verified that the virus has not installed.

3. Unplug the computer from the network, at least until you’ve determined that the virus has not had a chance to install itself.

4. Kill the browser through some other means besides clicking on the browser window.  For Windows users: open a taskmanager window and kill the browser from there.  To open a taskmanager, right-click in blank space in the taskbar (the taskbar is the bar, usually at the bottom of the screen, with the start menu and program icons), and pick taskmanager.  Then click the Processes tab, find your browser (firefox.exe, iexplore.exe or whatever), right click it, and click “end process”.

5. At least for current Firefox users, on restart Firefox may give you the “This is embarrassing” dialog box — make sure you uncheck the site that produced the pop-up, or select “start a new session” otherwise as soon as you restart you’ll get the same issue again.

6. If you happen to remember what site or link produced the pop-up, send us the link or how to navigate to it using the comment form at wizgidget.com and we’ll check it out.

This article is also available at wizgidget.com/pavscam