Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Layer13 on November 24, 2011, 03:14:33 AM
-
Been an Avast user for years and a big fan of the antivirus product. However within the last 3-4 days the AV Cloud 2012 virus has taken over my machine without even been detected by Avast AV. I did a DOS Boot scan.. nothing.. I did a scan while Windows 7 was up.. IT STILL DETECTED NOTHING.
Sad part about it is when I was lucky to use MalwareBytes it detected 4 counts of infected files by AV Cloud 2012.
What's going on here?? Avast is asleep or is MalwareBytes so much better? I am a fan of Avast but when my machine is infected with a virus that is laughing at Avast - this is rally hard to swallow and look the other way.. Please guys let this be a lesson.. stay ahead of the game.. this virus has been release 6 months ago.. you should have been on top of it and detected it real time when it installed itself. Hope that you guys at Avast learned a good lesson..
Cheers
-
Well the original virus could have been around 6 months but would have more than likely been modified several times in that period to escape the clutches of AV detections, you should have reported and sent the infected file to avast to analyze so it could have been added to there database as there is no point in whinging after the fact about avast missing something if your not willing to help build the database since viruses are always changing and the AV companys are always playing catchup.
No Anti-virus will 100% detect everything out there which is why a layered security setup is advised so your lucky that you had malwarebytes for backup as that is what MBAM is for! to catch the thing's your AV may miss.
-
Humm ....... Someone else just posted in the malware forum he got nailed by this. Might be something for Avast to look into.
BleepingComputer and a few other sites have detailed removal instructions. This bugger is one nasty rouge that will install multiple malware including a rootkit.
Do you remember where you got it from? Rogues usually have to be "invited in."
-
Humm ....... Someone else just posted in the malware forum he got nailed by this. Might be something for Avast to look into.
BleepingComputer and a few other sites have detailed removal instructions. This bugger is one nasty rouge that will install multiple malware including a rootkit.
Do you remember where you got it from? Rogues usually have to be "invited in."
Hard to tell where I got it from. It was from a website I visited apparently which ran a java applet placing the AV Cloud 2012 malware on my machine. It totally wrecked havoc on my machine with Ping.exe running at 100% and infecting many exe files on my computer. I immediately used CCleaner to clean out my cache and things got a bit better. Next I scheduled an Avast boot scan which did not find any virus on my machine. Booted up again and read that MalwareBytes was able to deal with it so I installed it and ran it. It found 29 infected instances which it deleted then did a boot scan where it found and deleted some more. Finally my machine was clean but with a lot of programs to reinstall. Some of the vital Win 7 files were infected so I used DLLSuite to restore them to original.. otherwise Win 7 was not running properly. Hope this little piece of information will help others out there to clean it up.. This one is a bitch!
-
Here's a couple of links on how to get rid of it. Doesn't appear using MBAM alone is enough. The Malwaretips article states that even a drive-by download can install it.
Time to beef up Avast's shields.
http://www.bleepingcomputer.com/forums/topic429025.html/page__p__2484538__hl__2012+cloud__fromsearch__1#entry2484538 (http://www.bleepingcomputer.com/forums/topic429025.html/page__p__2484538__hl__2012+cloud__fromsearch__1#entry2484538)
http://malwaretips.com/Thread-Remove-Cloud-AV-2012-Uninstall-Guide (http://malwaretips.com/Thread-Remove-Cloud-AV-2012-Uninstall-Guide)
-
Here's a couple of links on how to get rid of it. Doesn't appear using MBAM alone is enough. The Malwaretips article states that even a drive-by download can install it.
+1
1. Download process explorer ( http://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe ) and save it in desktop.
2. Run process explorer and look for randomly named processes that run from C:\Windows\System32 in the end of process list. The process name would look like 352sadsgasgsag235 or similar, or Cloud AV 2012v121.exe
3. You can also try fake-registering Cloud AV 2012 using this key: 6526765122.
4. Stop that Cloud AV 2012 process and write down the exact name and path. Once you stop correct processes, the malware windows will close and icon will disappear.
5. Rename the Cloud AV 2012 file on disk and reboot.
6. Cloud AV 2012 might come with other parasites as well. Scan your PC with Spyware Doctor, Stopzilla or Malwarebytes Anti-Malware to make sure your system is clean and finalize Cloud AV 2012 removal. Full versions of these programs would have prevented the infection.
-
Hello,
First off sorry if I'm somehow hijacking this thread. I'd like to ask the OP which was the heuristic sensitivity of the Web Shield and that of the File System Shield before the system infection.
Also, I'd like to know if the box "Scan for potentially unwanted programs (PUPs)" was checked in the Expert Settings of any of the real-time shields.
Thank you very much in advance.
-
"Full versions of these programs would have prevented the infection." Bull Caca!
How the hell would anybody know this is true? And the real world answer IS ... they DON'T!
This spyware distribution style uses an automated routine to inject random charactors into the source code, scramble it, and compress it. It can do this every several seconds, so 5000 revisions per day is possible.
The only real solution to prevention of this type of spyware infection is to vitualize one's browser "run in sandbox"
-
Sandboxie would have prevented this 100% of the time. Never rely on an AV as your 1st and last line of defense, or sooner or later, you'll start a thread titled similar to this one.
-
I run Avast with every hueistic option set to high. I do that because this was the level Avast requested in prior AV cert. lab tests. However, the default settings when Avast is installed for hueistics are normal level. Also many PUP settings as I recollect are not set on by default.
I won't get into the sandbox issue. I have been running Avast 9 months and never once had anything sandboxed. I therefore consider the feature "eye candy."
Avast does not include a HIPS which is the main issue here. I beleive the general consensus is that Avast's behavior blocker is worthless.
Also AVs can prevent rogue infections. NIS 2011 was horrible when it came rogues and not much better on rootkits. The tests I have seen for NIS 2012 have shown the exact opposite. Norton's incentive to improve was obvious $$$ since people were ditching NIS 2011 in droves.
An install and forget solution is to install Softsphere's DefenseWall. Costs about the same as Sandboxie. It will protect you against everything; keyloggers, screen capture, Zeus, Banker, rogues,rootkits, bots you name it. The key word is "protect." If you have existing malware, it will zip right through Defensewall.
-
No av's can stop this, nor MBAM as resident... The format of this malware is constantly changing on a daily or even hourly basis.
How do they get it past the AV ?
How about running it through Virus total and if there are no detections.. This version would then be good to go.. Upload it to the servers and bobs your uncle
-
No av's can stop this, nor MBAM as resident... The format of this malware is constantly changing on a daily or even hourly basis.
Looks like DonZ63 has no clue about avast! as you do. ;)
He still runs IE8 on WIN 7 x64 SP1 Home Premium but he is from South Carolina ::)
-
Looks like Yo has no idea that IE9 is not an option for XP ....... ???
-
Looks like Yo has no idea that IE9 is not an option for XP ....... ???
Yea but it is on Window 7 ;D
That's what your signature shows for Windows 7.
-
MBAM is saying unconditionally that Pro ver. will protect you against AV Cloud 2012, so I guess I will reinstall it. Will ignore it's spyware activities for the time being.
How would the full version of Malwarebytes' Anti-Malware help protect me?
We hope our application has helped you eradicate this malicious software. If your current security solution let this infection through, you might please consider purchasing the FULL version of Malwarebytes' Anti-Malware for additional protection.
As you can see below the full version of Malwarebytes' Anti-Malware would have protected you against the Cloud AV 2012 rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
-
Not sure if this video can help you: http://www.youtube.com/watch?v=RQp4M-YRics
-
I wouldn't advise using any instructions given on youtube as it is unlikely to match your specific system, which could cause damage to it. Please remove the youtube link.
You are best following guidance of a malware removal specialist like essexboy who joined the topic, but the OP hasn't been back since his last post 4 days ago.
So we should await his return.
-
I wouldn't advise using any instructions given on youtube as it is unlikely to match your specific system, which could cause damage to it. Please remove the youtube link.
+1 Advice given on YouTube is generally wrong as well.
-
First, I agree with the uTube stuff. Anything there must be viewed as "user beware."
But I am a believer in that someone is always developing "a better mouse trap." So I checked out this Trojan Killer that the uTube video is about.
First, I never heard of the software. There isn't a lot of info on it on the web. The few comments that exist seem to indicate that the software does work. Now for the "meat and potatoes." The company in in the Ukraine. That is red flag number one. Next the full version of the software costs $40 - you got to be kidding? The trial version is a limited version. Good for 15 days. It is limited to 5 malware removals - red flag number 2. "Premium" tech support is currently on sale for $10 - red flag number 3.
You have to use some common sense. If a vendor offers a limited trial of their software and the trial has use restrictions, look elsewhere. If the vendor has not been reviewed by reliable and knowledgable sources, look else where.
I agree that the first place you look for help is from your existing anti-malware software/s vendor/s. If they can't help. then go to the established anti-malware removal sites like BleepingComputer. Or if your not technically inclined and have the financial resources, your local certifed computer repair shop.