a user had this popup on both W7 and XP.
On W7, they clicked cancel in theinstallation request popup - the malware then installed itself - coudl be seen in Add / Remove Programs
The second time, on XP, they did not click anything, just killed the IE browser window displaying the spoofed infection warnings and the install request. Nothing appears in Add/Remove Programs.
SEP did not detect anything in either case.
No idea where this launches from - Facebook perhaps? How does this get onto a PC without any kind of detection? Would TruScan detect this as malware?