A currently common scam is for a web site to say you have (or may have) a virus, let us scan your system for you. I recommend that you never allow a web site to scan your PC because there is no realistic way for you to know how legitimate it is. Get your own anti-virus (AV) software and use it.
The scam described tries to get you to damage your own system. Sometimes a visit is all it takes. The hacker in this instance, uses a flaw (bug) in the web browser to immediately install malicious software (malware) on your computer. You may not notice that anything has happened, although often the affect is obvious and immediate.
Those that are immediately obvious can be the most damaging. The hacker is not bothering to hide his or her attack and if damage (such as data destruction) is to occur, it probably already has — the computer is fast. If you are warned by your AV program, there is a chance it has blocked some or all of the attempted attack. Follow the steps below.
The stealth approach may be better or may be worse. You may have spyware or a virus installed on your system. If you didn't receive a warning, it snuck past whatever AV software you are using. There is a chance it will be caught later, when it becomes active, but your best defense is regular scans of your entire file system. (And, recall that I recommend use of at least two AV tools that are compatible.)
Perhaps the worst case, is when the attack opened a "backdoor" that will be used at some future time. Assuming your AV software misses this, you may never know it is there. However, the whole purpose of a backdoor is to allow the hacker to return whenever he or she wants to. They may be nice and do nothing to your system. They may use it as a stepping stone for illicit activity (they love showing this in movies). They may spy manually by reading files or watching activity on the computer. (Got a webcam? They may actually be watching you.) Or, they may trash the whole system at a later time. (Back up your data!)
The scam, briefly described above, uses misinformation to get you to do something you wouldn't normally do. Like install malware on your PC. Often, in order to install the malware, they need your permission. That is, they need you to take some action that allows the software to install.
Assuming you have taken the system administration advice of using a regular (not administrative) account for normal activity, they probably need special permission to install the malware. Again, they are going to try to trick you into doing this.
In a more traditional con, they sometimes try to convince you to buy something – usually their "special" AV program. In this case, nothing is installed, but you're out some money. (Dispute the charge with your credit card company.)
Finally, you may just find it impossible to get away from a site that you've been redirected to. (As an aside to the sidebar, I don't see how this very irritating scenario gets anyone to buy anything.)
Let's say you have browsed to a web site. A pop-up window appears that says a virus has been detected on your computer. The question asked varies:
The question varies because they are in control whichever way you respond. They wrote the program that acts upon the response! If you say "yes", you've given tacit agreement to installation (that is, you will allow the system to actually install the malware) or to a purchase (so, of course you have to enter your credit card info). If you say, "no", they can ask again, perhaps raising the rhetoric level. Or, they can pretend you gave permission — you took an action and the dialog box disappears, so whatever comes next must have been because of your response, right? (What did that box say again?)
The key to remember is their program gets to decide what to do for either response, not you, no matter what the question is. There is no safe response.
If you reached step 3, I recommend a full system scan using (both of) your AV program(s).
If the system doesn't work or exhibits any erratic behavior, find the "help desk" in your IT department. Back up your files first; they may have to wipe the disk. Then use the files you just backed up only as a last resort (You've been backing your file up all along, right?), as the malware may be lurking there.