Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Undead-Divine-Assassin on June 25, 2013, 05:30:25 AM
-
Yesterday my laptop was hit by what I later found out (thanks to Malwarebytes) was a Winlock Trojan.
It happened when I was browsing an innocuous web page using Opera and I don't think I even clicked on the link which apparently may have launched it.
Getting rid of it was a pain and took me most of the day but what concerned me as much as the nasty nature of this attack was the fact it had got through both Avast and the anti-malware program I use. Avast usually flags up malicious web site pages or links, at least when I'm using Firefox it does. But this time, with Opera, nothing.
Anyone else here had anything similar?
-
There is no Antivirus program which detects 100% of all viruses.
Everyday there are more than 50,000 viruses coming out so no AV is 100% and hence there is something called "self caution" to be implemented and plus keeping all your software and windows up to date and having a second layer of security like MBAM Pro or COMODO Firewall.
If you got infected its your fault anyways..not avast's fault and more ever the machine can be kept there running all day and it wont get infected,can we have a non-clickable format of the link you clicked on.
Layered security is the only approach.
-
I'm not sure what it was I clicked on if I did in fact click on it. I was looking for wallpapers using Bing Images, clicked on several links opening new tabs to all the host web sites that I was interested in, then opened one of the tabs and before the page had even finished loading that's when it happened.
As part of the process of getting rid of it I wiped my browser history throughly and deleted all my cookies, not just those I'd collected that day so I have no records
As for it being my fault: really? The whole nature of a trojan like this is that you don't know its there. You can take precautions but if you're searching for something the whole point of it is you're going to be going to previously unknown web sites.
I have Avast and an anti-malware program all religiously kept up to date (and firewall obviously). I'd done my weekly updating and maintenance including virus and malware scans only 24hrs earlier. I also use an additional Firefox and Opera Web Rep plugin to the Avast one.
Ever since I had this laptop, my first true computer, I've manually scanned everything it is possible to scan I've ever dowloaded first with Avast, then Malwarebytes and finally, sometimes, a legacy AV used just for this purpose. If it is a compressed file I even rescan after opening it. That's how cautious I am.
What more could I have done except not click on a link which, of course, if I had known was infected, I wouldn't have gone anywhere near?
-
it is usually spread with software download..
if you want a virus check, follow guide at top in virus and worms forum section
-
As said I scan everything I download but maybe that was it as I'd downloaded some wallpapers earlier and was going to batch scan them once I'd finished. So it might be it wasn't even the specific web site I was on but I just don't know.
-
What browser were you using?? this is a firm indication that it was some how a drive by drop and hence something link NoScript is necessary.
Which 2 side my antimalware apps you were using? if it would have been something solid like Malwarebytes Pro or winpatrol free it would have caught it ::)
Plus,why do people search for wallpapers,I dont understand cant people live with default wallpapers and by the way what type of wallpapers were you searching for? :o
-
I was using Opera. I've been trying it out recently but if anyone knows or thinks that it might have some security weakness which might have been an element in what happened I'll certainly consider the matter.
This might have nothing to do with this Winlock trojan but ironically I was reading up about how Java can be a weak link in the security and related browser security matters only a few weeks ago. That term you used: "drive by drop" I hadn't heard before then so it immediately rang a bell in connection with this article:-
http://blogs.kqed.org/newsfix/2013/01/11/experts-warn-users-to-disable-widely-used-java-software/
That isn't the only place I've come across such advice either; the general recommendation seems to be to disable Java.
I have Spybot as my active anti-malware although. I've never seen much evidence of it doing anything, presumably it is working away quietly in the background but it certainly did nothing in this case. If there is a malicious URL it is Avast that goes into action and pops up a warning.
I use Malwarebytes (Free) as an on demand scanner for downloads and regular quick and full system scans. One thing I find a bit annoying with it is that you can't do a targetted scan of a download when it is already running. You assume it is protecting you but I like to see a report confirming that particular file/folder is clean. To get this you have to close it down, highlight the file and launch the targetted scan from the context menu.
Anyway Avast is automatically updated and both the above are religiously updated on a weekly basis and that was done only 24hrs before this attack accurred. My anti-nasty stuff present and correct of that I'm certain.
-
I have Spybot as my active anti-malware although. I've never seen much evidence of it doing anything, presumably it is working away quietly in the background but it certainly did nothing in this case.
a usless program, and you dont need it when you have Malwarebytes http://www.pcmag.com/article2/0,2817,2412372,00.asp
." In testing, it proved almost 100 percent ineffective.
I use Malwarebytes (Free) as an on demand scanner for downloads and regular quick and full system scans. One thing I find a bit annoying with it is that you can't do a targetted scan of a download when it is already running.
Upgrade to PRO Version, then you get autoupdate and a protection module
it is a one time fee for a Lifetime License
-
We do not know if he has Malwarebytes pro realtime or just the scanner
neither do we know if he has just the Spybot scanner (which btw is not useless- it finds things MB misses (and vice versa) does he have Spybot's T-timer on?
T-timer works with Avast with no conflicts
What Firewall?
-
@wyrmrider
We do not know if he has Malwarebytes pro realtime or just the scanner
don't we!..... you should read reply #6 then
I use Malwarebytes (Free) as an on demand scanner for downloads and regular quick and full system scans.
neither do we know if he has just the Spybot scanner (which btw is not useless- it finds things MB misses (and vice versa)
you mean tracking cookies?
why have all forums that provide free malware removal help stopped using it years ago. ::)
-
For the excellent removal of tracking cookies you could usenon-residential free Super Anti Spyware, some of these tracking cookie-removals demand a reboot.
Or you can use an extension like CookieMonster "send me your cookies" in Google Chrome. At the end of the browser session they are all eaten, and there are no more cookies in the "cookie jar" ;D
polonus
-
We do not know if he has Malwarebytes pro realtime or just the scanner
neither do we know if he has just the Spybot scanner (which btw is not useless- it finds things MB misses (and vice versa) does he have Spybot's T-timer on?
T-timer works with Avast with no conflicts
What Firewall?
Yes, I do have the Spybot T-Timer on and always use the Spybot "Immunize" feature after updating too. However what I've never been sure of is what the T-Timer is actually doing. I know what it is supposed to do but I've never had any messages from it at all let alone as regards, program or registry changes.
What Spybot is unsatisfactory for is quick on demand scans, it might be thoroug but it is snail slow. This is why I installed Malwarebytes and use that for this particular task. You get an immediate report once done and its logged, stored for some time and easily accessible.
Malwarebytes (free version).
Windows Firewall.
I have been wondering whether just to use Spybot as an on demand weekly/monthly maintenance tool and perhaps get Malwarebytes Pro. But the Spybot T-Timer uses so few system resources that seems almost churlish, it's not doing any harm and maybe doing some good. I'm just not sure what exactly. :)
AVs and the like constantly asking or telling you stuff can be very annoying but there is happy medium between that and being totally, anonymously silent like Spybot seems to be.
-
Spybot is rubbish..if you would have had MBAM Pro it would have been better. :)
-
Spybot S&D was not bad "back in the day" and was fairly effective. I used to use it years ago. However, in recent years MBam has far surpassed SpyBot for effectiveness and OS security.
Sometimes a software program will remain at a static state and never improve beyond that. Spybot S&D would fall into that catagory.
As for TTmr. I have read many threads over the years where there have been issues between Avast and TTmr.
Anyway, just in my experience :)
-
I'm not sure what it was I clicked on ...
What more could I have done except not click on a link which, of course, if I had known was infected, I wouldn't have gone anywhere near?
Perhaps do all such browsing in a sandbox?
-
How do I do that exactly?
There are hidden nasties like this out there like this Winlock trojan we all know that, but surely if sandboxing a browser session was a solution we'd all be doing it as standard practice. In fact I thought that was what Spybot may have been doing as much with it's 'immunisation' tool. Maybe I've misunderstood its purpose.
-
As far as Spybot goes I agree with the others in that it is rubbish, the Real time teatimer function is also known to corrupt the functionality of avast so imo it would be best uninstalled.
-
As far as Spybot goes I agree with the others in that it is rubbish, the Real time teatimer function is also known to corrupt the functionality of avast so imo it would be best uninstalled.
Maybe that's the reason he got infected,maybe if spybot wouldnt have been there avast would have saved the day Umm ::)
-
How do I do that exactly?
Using avast Internet security is one way to get sandboxed web browsing.
"avast! Internet Security includes all the features you need to be safe"
"Sandbox
An isolated virtual environment, so risky sites and apps cannot harm your PC."
If using avast free AV you can use Sandboxie and run your browser in it.
sandboxie DOT com
"Sandboxie runs your programs in an isolated space which prevents them from making
permanent changes to other programs and data in your computer."
-
Thanks all for the suggestions/info.
I've not read before that Avast and Spybot are in any way incompatible. I've been using them together for over two years and prior to that with MSE. This is the first time I've been victim of a successful attack ever, in all other cases of dodgy links on web sites Avast has flagged and blocked it. If there were any contra-indications involving Avast and Spybot/T-Timer when working together surely in two years of use I would have had more trouble.
-
true indians speculations are without merit
he quotes another speculation that is also without merit, perhaps is is avast that is the corrupter as possibly with Comodo
let's try and solve problems not throw stones
MBAM works
Superantispyware also finds things (besides cookies) that MBAM does not find
so does Spybot, Spysweeper previously did also- did you see where the Webroot founder just died?
NO AV including AVAST finds everything either and there is malware out there that none of them find out of the box
The choices for a free real time Anti Spywere are very limited
and the ethics of some are very suspect
-
This thread demonstrates perfectly why avast should implement some form of 0-day module and not just rely on detection.
-
This thread demonstrates perfectly why avast should implement some form of 0-day module and not just rely on detection.
Well... It's not completely new. We have the generic signatures, heuristic analysis, autosandboxing... There are 0-day measures out there...
-
Avast is a fantastic av no argument there.
But maybe a HIPS module should be included and then avast would be pretty rock solid.
-
Well every resident av solution cannot do with some additional protection layers.
Many users here have non-resident MBAM and/or SAS installed to close the avast vulnerability window somewhat further.
I also have added Malwarebytres Anti-Exploit-beta to block the execution of payload of specifically zero day exploits.
Like in urlquery dot net scans, a scanner that brought this to windows scanning,
avast could also do with additional Suricata w Emerging Threads and Snort IDS.
For instance a lot of new exploit kit code is being detected that way...
Browser security as with No Script and Request Policy add-ons is also a full proof solution against browser related code infestations.
polonus
-
my spare computer is down so no MBAE for awhile and no windows 8 either
It used to be that a free version of Spyware Doctor- PC TOOLS had a real time version...
The usual "free" version would scan but not remove
but if you downloaded from c-net you would get a version that would enable the real time version - but not the scanner
lots of bait and switch in the anti-spyware market
hard for the novice to tell what any of them really do
x2 on noscript
unfortunately my financial program is a big java program....
-
Hi wyrmrider,
That is why novices have to hang out here some time to pick up the real good and free advice how to protect their comps at minimal costs.
It can be done without additional bundled crap- and junkware and the additional semi-luring of semi-scam tools whhere scanning is OK and free,
but pay to delete what we find programs. Delete all the programs you do not use on a daily bases and keep the rest fully patched and updated,
polonus