possible virus???

I'm getting a "Windows Internet Security" popup randomly in my browsers.
It's been happening in the last week or so.

First it only started in google chrome, now it's happening in safari. I have VMware fusion installed but haven't launched it in quite a while. I just restored both my internal HDs with snow leopard install disks.

any ideas?

Sounds like a pop up ad. It's presuming you're using Windows and is trying to get you to go a site for one nefarious reason or another. It may be trying to get you to download a virus, but no Windows virus will affect your Mac.

There aren't any viruses for Mac. It's a nefarious pop-up ad that Safari's built-in pop-up blockers can't stop. It's a scam, you just need to add a better adblocker to your browsers of choice.

Apparently this is a virus that infects routers and changes the DNS to route where it wants. My DNS server is greyed out in my network settings.

I downloaded ClamXav and wasn't able to update the definitions... it wasn't letting me connect. which made me very suspicious.

Apple - Support - Discussions - Microsoft windows threat of infection ...

Fake Windows Internet Security

http://www.suggestafix.com/index.php?showtopic=33650

Most routers have a reset button that reverts them back to the original factory settings. It's usually a tiny button recessed inside a small hole on the back. You push it with the end of a paperclip. Resetting should undo whatever harmful changes were made. Be aware that you'll also lose any settings that you made when you initially setup the router. It will be exactly like it was it was when you first unwrapped it. You have have to configure it again.

I'm wondering how this happened in the first place?
How did my router become infected?
would it be from a site or an intruder on my network?

I have an old verizon DSL modem that I had the firmware flash upgraded back in 2009. I wonder if I'll have to reflash the firmware?

Well, judging by the fact that you are not alone, I doubt it was somebody on your network. It probably broke your router's password by brute force attack using something that behaves like THC hydra or Brutus but attempts to log into your router instead.

OK folks... This is malware and has nothing to do with a virus for Mac or a router infection.

This Malware attacks windows machines by tricking people to click on it as it looks like it found viruses on your machine. The user then clicks the "fix it" icon and the program is downloaded and installed on the machine. It then sets the computer policies to block the user from opening control panel or killing the service which continually asks the user to pay to remove it.

More than likely the sites that you are visiting are infected and not your machine. As long as you don't install anything when it asks you, you will be ok.

Yes, it's a scareware ad, but if you click the link on the Apple Support site and read you'll see that it is a DNS redirect if you actually follow the link. Just play it safe, don't click things that are blatant fakes, and you'll be fine.

well I'm not on a windows machine. I didn't download anything from it (why would I don't runs windows anti-virus) and it keeps popping up on different sites.

The network DNS numbers don't look anything like my old IP numbers, they are greyed out and won't let me change them, and it won't let me connect to ClamXav.

so keep saying it's all in my mind but something wacky is going on. alot of other people are getting it also, so it has to be something...

Yes, but for it to do the DNS redirect, you have to install it. Is it possible that they created a OSX version? Yep... Does it sound like you installed it? Yep...


Still, not a virus, just malware.

well rebooted/reset my router and now I can change my DNS without it changing back.
Downloaded the ClamXav updates, and am running a scan now.
we'll see what comes up.

thought I'd post in case any other mac users have this trouble, and are looking for possible solutions.