Computer Virus?

[TheMastr13]

SO,

A few weeks ago, my grandpa was on his computer, and he clicked on a facebook link to a video. When the page popped up, a little pop-up appeared that said "Your computer has a virus. Call this number now.". Well, my grandpa isn't an idiot, and he knew it was fake, so he closed out of it and called me. We talked about it, and I told him it was a scam. But he insisted to take it to the local "computer guru" in his retirement community, as I was unavailable to go and help him. The local guru ran a scan with the installed security sofware (McAfee). The scan came out fine, so he told my grandpa that his computer was fine. And all was fine and dandy

Until...

This morning. He was accessing confidential bank account information in google chrome when a pop-up appeared that read, "Your computer has been exposed. Action needed." 

 

I have no idea what is going on. I don't think pop-ups like that should appear on bank websites (unless it was fake, which it wasn't. He only goes to his bank websites from the links on his bookmark bar, which are legit.). 

 

What should I do next?

 

Thanks,

TheMastr13

[Tim Drake]

Scan through his computer with "adwcleaner" and "Malware Anti-Bytes"

[lx_srs]

SO,

A few weeks ago, my grandpa was on his computer, and he clicked on a facebook link to a video. When the page popped up, a little pop-up appeared that said "Your computer has a virus. Call this number now.". Well, my grandpa isn't an idiot, and he knew it was fake, so he closed out of it and called me. We talked about it, and I told him it was a scam. But he insisted to take it to the local "computer guru" in his retirement community, as I was unavailable to go and help him. The local guru ran a scan with the installed security sofware (McAfee). The scan came out fine, so he told my grandpa that his computer was fine. And all was fine and dandy

Until...

This morning. He was accessing confidential bank account information in google chrome when a pop-up appeared that read, "Your computer has been exposed. Action needed." 

 

I have no idea what is going on. I don't think pop-ups like that should appear on bank websites (unless it was fake, which it wasn't. He only goes to his bank websites from the links on his bookmark bar, which are legit.). 

 

What should I do next?

 

Thanks,

TheMastr13

Get a better antivirus than McAfee.  Scan.  Then download and run Malwarebytes.

[TheMastr13]

Get a better antivirus than McAfee.  Scan.  Then download and run Malwarebytes.

What antivirus do you recommend? He got mcafee free with his ISP, but I bet I can convince him to buy a good one.

[Enderman]

format everything and reinstall windows

[Counter-Strike Player]

format everything and reinstall windows

 

inb4 it's a boot sector-0 rootkit.

[Guest]

The "guru" went and scanned something with McAfee?

No, no, I just can't believe this... What, was the guy on drugs?

[TheMastr13]

The "guru" went and scanned something with McAfee?

No, no, I just can't believe this... What, was the guy on drugs?

the "guru" was in his 70's...

I couldn't talk my grandpa out of talking to him

[JefferyD90]

so any time you do suspect any malware on a computer, do a clean install of Windows. There is no need not to. Also, when you do, don't let your grandpa use Google Chrome. It is a highly insecure web browser unless you pay for a add on to monitor your actions. Internet explorer is plenty enough for him and has all of Windows built in security features ruining.

[lx_srs]

What antivirus do you recommend? He got mcafee free with his ISP, but I bet I can convince him to buy a good one.

no need to "buy" anything.  Just get something like Avast! or Avira.

[Counter-Strike Player]

so any time you do suspect any malware on a computer, do a clean install of Windows.

 

Just be sure to clean out the MBR first as I've mentioned earlier about sector 0 right before proceeding to reinstall Windows (preferably from a live-cd or a windows repair disk cmd utility prompt and therefore outside the booted Windows environment.) A "clean install" of Windows isn't going to touch the boot loader code (which can easily be rootkits.)

 

Google Chrome...is a highly insecure web browser...

 

Unless you're talking about unflaggable WebRTC functionality unique to the desktop version of Chrome (that will leak your real external IP to STUN servers), then no -- it is secure. IE and activeX has had its share of security debacles over the decades and you can't just blanket-statement that IE > Chrome. Chrome is even being proactive and now banning the use of NPAPI plugins like flash because they get that "plugins" are antiquated technology that are always going to be security vulnerable. That's why if you open up the Adobe Flash settings in your control panel, you will see a warning in every tab saying "these settings don't apply to Chrome."

[TheMastr13]

-Lots of valuable info-

 

no need to "buy" anything.  Just get something like Avast! or Avira.

 

Scan through his computer with "adwcleaner" and "Malware Anti-Bytes"

 

Get a better antivirus than McAfee.  Scan.  Then download and run Malwarebytes.

well, i used ADW and Malware bytes and cleaned up a good chunk of suspicious files. I then installed 360 total security (its been recommended to me by quite a few friends) and it is running a full scan right now. If that doesn't work then i'll do an OS reinstall and clear the MBR. Thanks everybody!

[JefferyD90]

chrome is a very insecure web browser for browsing. It will allow just about any script to run that wants to, at least IE ask you every time if you want to, and it has built in support from Windows defender. Although I will say you're correct, I can't say IE>chrome, but for your grandpa, I think it's a safe assumption IE is probably the better bet.

Just be sure to clean out the MBR first as I've mentioned earlier about sector 0 right before proceeding to reinstall Windows (preferably from a live-cd or a windows repair disk cmd utility prompt and therefore outside the booted Windows environment.) A "clean install" of Windows isn't going to touch the boot loader code (which can easily be rootkits.)

 

 

Unless you're talking about unflaggable WebRTC functionality unique to the desktop version of Chrome (that will leak your real external IP to STUN servers), then no -- it is secure. IE and activeX has had its share of security debacles over the decades and you can't just blanket-statement that IE > Chrome. Chrome is even being proactive and now banning the use of NPAPI plugins like flash because they get that "plugins" are antiquated technology that are always going to be security vulnerable. That's why if you open up the Adobe Flash settings in your control panel, you will see a warning in every tab saying "these settings don't apply to Chrome."

[Giganizer300PRO]

First of all, what was the popup like? Was it the shiny piece of shit like the one that said his computer was infected? Because it was most likely a scam, there is no need to worry unless strange things start to occur.

But if you really think it wasn't or just want to be 1000% sure, do the following (my recomendation):

 

Get avast! and Malwarebytes Anti-Malware and scan with both of those, make sure to run the most detailed scan possible and then run the avast! boot scan.

If anything comes up, let the software deal with it, if not, watch for any strange behavior for the next few week or a month, just to be safe. If nothing comes in that time you are good for sure. If something comes up at any point during the process, let the software deal with it if it is possible. If the issue is more serious and you aren't able to fix it, report your problems to this forum as well as the avast! forum. There are great both very skilled and helpful people there. I have contacted them before with a huge problem and they provided a quick and effective fix very quickly. After that I have switched to a full license for their antivirus. Even after that I had a problem and I contacted them and again, they were able to help me very effectively and quickly.

[Counter-Strike Player]

chrome is a very insecure web browser for browsing. It will allow just about any script to run that wants to, at least IE ask you every time if you want to, and it has built in support from Windows defender. Although I will say you're correct, I can't say IE>chrome, but for your grandpa, I think it's a safe assumption IE is probably the better bet.

 

Well I haven't used IE in quite some time as I've always uninstalled it immediately on each Windows reinstall, but the fact that it asks you to allow scripts on every individual website visit (on default internet options settings, mind you) is news to me. Firefox has "noscript" and Chrome has "scriptsafe" if you want to talk about more granularity about which site scripts you'd rather block/allow. Anti-XSS protection has come a LONG way over the past few years to the point where you probably don't even need these extensions, if you had doubts over XSS and CSRF (which is still a "thing" btw) attacks and modern browsers (finally) have acceptable-to-decent implementations to suppress them naturally. Maybe not if you're concerned about Clickjacking.

 

Whatever floats your boat though and if it works for you, then great. The silver lining is that javascript isn't going to do a whole lot, in terms of your detriment as a casual internet user.

[JefferyD90]

since IE 9, IE had been focused on security with a emphasis on light weight.

Well I haven't used IE in quite some time as I've always uninstalled it immediately on each Windows reinstall, but the fact that it asks you to allow scripts on every individual website visit (on default internet options settings, mind you) is news to me. Firefox has "noscript" and Chrome has "scriptsafe" if you want to talk about more granularity about which site scripts you'd rather block/allow. Anti-XSS protection has come a LONG way over the past few years to the point where you probably don't even need these extensions, if you had doubts over XSS and CSRF (which is still a "thing" btw) attacks and modern browsers (finally) have decent implementations to suppress them naturally. Maybe not if you're concerned about Clickjacking.

 

Whatever floats your boat though and if it works for you, then great. The silver lining is that javascript isn't going to do a whole lot, in terms of your detriment as a casual internet user.

[TheMastr13]

First of all, what was the popup like? Was it the shiny piece of shit like the one that said his computer was infected? Because it was most likely a scam, there is no need to worry unless strange things start to occur.

But if you really think it wasn't or just want to be 1000% sure, do the following (my recomendation):

 

Get avast! and Malwarebytes Anti-Malware and scan with both of those, make sure to run the most detailed scan possible and then run the avast! boot scan.

If anything comes up, let the software deal with it, if not, watch for any strange behavior for the next few week or a month, just to be safe. If nothing comes in that time you are good for sure. If something comes up at any point during the process, let the software deal with it if it is possible. If the issue is more serious and you aren't able to fix it, report your problems to this forum as well as the avast! forum. There are great both very skilled and helpful people there. I have contacted them before with a huge problem and they provided a quick and effective fix very quickly. After that I have switched to a full license for their antivirus. Even after that I had a problem and I contacted them and again, they were able to help me very effectively and quickly.

He just got a Remote Desktop connection request just now. I'm gonna do an OS reinstall just to be safe. I don't want to hassle with it.

[Giganizer300PRO]

He just got a Remote Desktop connection request just now. I'm gonna do an OS reinstall just to be safe. I don't want to hassle with it.

I guess you can try to reset the whole computer if you are already in the process...

The problem might go away.