Antivirus 360 popup

My son was doing a google search for a school assignment, and he clicked on a few links in the results, so there were a few tabs open in the Firefox browser. He called to tell me that a popup had shown up saying there was a virus in the computer. I read the popup, and it was for Antivirus 360, an offer to run a scan. I read the popup to see what the source of the rogue was, and then I closed the popup using the red x in the upper right hand corner. I saw one of the tabs had the word 'antivirus' in it, probably their web page. We closed down the entire browser.

This had happened once before a couple of months ago, but I think it was with "antivirus 2009". Same thing, we closed the popup with the red x (rather than using the 'cancel' button). I scanned the computer with AVG 8, Kaspersky online, Spybot S & D at the very least and it came up clean.

I'm currently running a Spybot S & D scan on that system. (BTW, I'm still really gun shy of 1.6, so I updated the definitions to 1.5.2 and did not update to 1.6. I don't have any of Spybot's processes running in the background.)

Is there any possibility of the "Antivirus" rogues getting in if you just close the popup with the red x, the way we did?

Oh, and I was doing a google search on my laptop with my Opera browser...Boy, a person has to be careful with that! On a page with the url reading something like 'virusguru', that turned out to be antivirus 360's home page. Does anyone know if they do drive by downloads? (Stopsign used to pull that stunt--hijack your browser to their homepage and then sneak in an install wihthout telling you, I had a devil of a time cleaning it out of a computer at the place I used to work at a few years ago.) I closed that page right away and didn't see any sign of anything downloading onto the laptop.

The subject my son was researching had nothing whatsoever to do with antivirus software, this was obviously a bad webpage.

I'll be running a Hijack This read on the PC when spybot is done. I'm no expert, but I think (thanks to this forum), I could possibly spot antivirus 360 in there if it's there.

That's a Windows XP Media Center Edition SP2. The laptop is Windows XP Pro SP 2.

 

I wanted to add that the popup was a browser popup, not a program popup. The message came up in a little browser window.

 

I think my computer is allright. I've scanned it with Kaspersky's free online scanner. I've also scanned the whole thing with my AVG free 8. I've generated a Hijack This log and I can't see anything in that relating to Antivirus 360. The computer has been rebooted twice and all looks well.

I also found this page with some information about it:

http://www.bleepingcomputer.com/malware-removal/remove-antivirus-360

I could not find any traces of Antivirus 360 on the computer, looking for the items mentioned at that link.

The popup shown at that link is NOT what appeared on my computer. What I saw was a small browser window with a message which asked if I wanted to have my computer scanned by Antivirus 360.

 

Thanks, I think things are fine. I can't find a trace of Antivirus 360 on the computer after several scans and searching a HijackThis log and hunting for registry entries and files that this rogue leaves on one's computer. I understand, too, that if you have Antivirus 360, you know it, as it puts out constant nag screens. If anything comes up, though, I'll be back. I sure do appreciate what a great resource this forum is. Thanks for following up.

I think we prevented a download by closing that browser popup with the red x (I don't trust that the button that says "cancel" is necessarily going to actually perform that function). If it happens again, though, I am going to make a point of recording the url that led to this so I can report them to google and get google to put up a warning. It's just that at the time, my son had opened up several tabs from a page on a google search and he wasn't sure which of those had led to the website that generated the browser popup. I just wanted to get the whole browser closed asap in case the page in question was going to try a drive by download.