Urgent! Windows Security - Trojan Scan?

ricounty
ricounty used Ask the Experts™
on
I was browsing the internet and all of a sudden a window popped up ("appears" to be Windows Security alert) stating I have all of these trojans on my computer and it wants to install setup-1ab143_02024-3.exe from promalwarescannerv2.com. This doesn't look legitimate to me at all. It's trying to tell me that I have 6 trojans in my shared documents folder, 101 in My Documents folder, 346 on my C drive and 142 on my D drive. I find this hard to believe as I have webroot (latest version) with everything up-to-date. Could this be real? I've taken a screen shot of this in action and attached it to this question.. Should I close all these windows or let it proceed?
WindowsSecurity.jpg
Screenshot.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
its completly bogus, DON'T CLICK RUN.

It will keep trying to pop this up quite aggressivly from the original page.  If you can't close your broswer, use ALT-F4 repeatedly to try and close all the windows quickly.   If that fails, turn the computer off.
Here are specific instructions on cleaning up that PC:
1. Run ComboFix
a.      Read the directions http://www.bleepingcomputer.com/combofix/how-to-use-combofix
b.      Rename Combofix PRIOR before downloaded to your PC.  

Restart into safe mode and run the following series.

2.      You may also want to check the host file. It may have been altered  
a.      Script to reinstal Winsock, TCP/IP stack, and HOSTS file.
http://downloads.subratam.org/WinsockFix.zip
3.      Run Malwarebytes www.malwarebutes.com
4.      Run SuperAntiSpyware www.superantispyware.com
5.      Run Spybot www.spybot.com
6.      Symantec Endpoint  http://www.symantec.com/business/products/trialware.jsp?pcid=pcat_security&pvid=prot_suite_sbe_1
7.      If the situation continues, go to www.TrendMicro.com  and run the online scan Housecall
@ricounty - DON'T run Combofix and Malwarebytes in SAFE MODE. They are not meant to be ran in Safe Mode...just in Normal Mode...after you have ran the scan(s)...you will want to run a temporary file remover...something like CCleaner...it works great and it's free.
http://www.ccleaner.com/
Top Expert 2007

Commented:
ricounty,

As already mentioned, the alert is bogus and to download the file is asking for trouble.

Scan the system with MalwareBytes as already suggested, and Combofix if the problem persists and other scanners.

Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan if you can.
In some cases you may need to redownload and rname before saving the file to your desktop if the tool won't run.
http://www.malwarebytes.org/mbam.php

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial