Avast not detecting Ucash Ransom Trojan

[LasseThid]

My father just called me and from what he told me he's computer has been infected with the Ucash Ransom Trojan. The (not so) funny thing is that he has Avast! Free installed on his system. He says that yesterday he was able to do a virus scan after a failsafe boot, but Avast! says there are no infections found on his computer.
When he boots up normally within ten seconds a picture comes up saying his computer has been blocked and that he has to pay to unlock the computer or face prosecution.
Since this Ucash crap has been around for a while it's strange that Avast! doesn't detect it.

[Pondus]

Since this Ucash crap has been around for a while it's strange that Avast! doesn't detect it.

yes it has, the problem is the bad guys change it every day and release new versions....and no security program have 100% detection

if you need removal help, follow the logs to assist in cleaning malware guide at top in viruses and worms forum section

[essexboy]

This malware changes on a daily basis and 90% of the time the latest variant lasts for two or three days before detection.  Up until then manual removal is required

[LasseThid]

OK.
I have a site full of removal guides for crap like this. 

[Pondus]

OK.
I have a site full of removal guides for crap like this. 

we have have a forum full of removal specialists if you need one....and it is all free

[Aventador]

No antivirus detects this. Its the FBI Ransomware. I have seen this hundreds of times get passed Norton, Kaspersky, AVG, Avast, Avira and Bitdefender. That best thing to do is to download HitmanPro Kickstart then follow up with a MalwareBytes Antimalware scan. This infection usually happens when a user clicks on a random link without thinking. Essexboy can slso help you out. He is great at this stuff. But its not Avast's fault. Safe surfing habits play a huge roll in this.

http://www.surfright.nl/en/kickstart

http://www.malwarebytes.org/

There are several versions of this. The code is changed daily so its impossible to keep up with it. Mac users are seeing this now. Here is great removal guide and or guides.

http://www.bleepingcomputer.com/virus-removal/

[vagabondh]

Maybe I don't understand the "sandbox" concept, but with Internet Security or other versions that have it, could it not protect users from this "better"?

[true indian]

vagabondh,all versions of avast provide the same high level protection,there is not cut down.

Avast is a very good AV right now but your best protection is your brian and self caution and the second line is avast 

Probably you must question your dad's browsing habits first and get him to use firefox with noscript plugin,WOT,Malwarebytes free alongside avast

[A. User]

Using a sandbox while browsing is a good idea. There is a free one called sandboxie and it will be good to try it. I use it everyday but the paid versions of avast have a sandbox so if you have a paid AV you don't need sandboxie.

[true indian]

Plus,if you have a copy of the infected files send them to virus@avast.com for analysis. 

[Aventador]

Maybe I don't understand the "sandbox" concept, but with Internet Security or other versions that have it, could it not protect users from this "better"?

All versions of Avast has the same detection rate. The sandbox is incorporated in all of them. But this wasn't a program that was downloaded. It was most likely a link your father clicked on via an email. Using a 3rd party browser such as Firefox or Google Chrome is a start. Adding Adblock Plus and WOT to either of those is also wise. I already listed the antiviruses which I have seen miss this. You also have to understand that the people who makes this change the code daily. Avast still has one of the highest detection rates around. So honestly speaking Avast isn't really to blame here as much as how your father came across this. Ask him what he was doing or what he clicked on.

The best protection is to keep a clean system image that is current and up to date. If this happens simply mount the stored image and your up and running like nothing every happened. Prevention is better then detection any day.

[Aventador]

Using a sandbox while browsing is a good idea. There is a free one called sandboxie and it will be good to try it. I use it everyday but the paid versions of avast have a sandbox so if you have a paid AV you don't need sandboxie.

Avast sandbox is not the same as Sandboxie. Avast sandbox does not protect your browser from unwanted changes. It analyzes unknown programs to see if they are safe or not when executed. Sandboxie is a browser protection first and foremost. It does not have any sort of detection means. Using a system image is always the best route. Every security product will fail at some time or another. Thats why its best to have a backup solution. Unfortunately most users fail to back there pc's up.

[A. User]

Maybe I don't understand the "sandbox" concept, but with Internet Security or other versions that have it, could it not protect users from this "better"?

All versions of Avast has the same detection rate. The sandbox is incorporated in all of them. But this wasn't a program that was downloaded. It was most likely a link your father clicked on via an email. Using a 3rd party browser such as Firefox or Google Chrome is a start. Adding Adblock Plus and WOT to either of those is also wise. I already listed the antiviruses which I have seen miss this. You also have to understand that the people who makes this change the code daily. Avast still has one of the highest detection rates around. So honestly speaking Avast isn't really to blame here as much as how your father came across this. Ask him what he was doing or what he clicked on.

The best protection is to keep a clean system image that is current and up to date. If this happens simply mount the stored image and your up and running like nothing every happened. Prevention is better then detection any day.

And to say, adblock plus is a part of avast 8. Also, the sandbox of the free avast is not the same as in the paid versions, i mean it pushes a program in it when it decides that the program is suspicious or it isn't known to the avast filerep.

[Aventador]

Adblock Plus with very limited options is part of Avast. It does not have the same subscriptions unless you add them. Yes the Avast's paid products sandbox is different then Avast's free sandbox. But it still cannot full virtualize your browser like Sandboxie. But lets not veer off the beaten path and hijack this thread. Thanks.

Here is a side by side comparison.

http://www.avast.com/en-us/compare-antivirus

[A. User]

Using a sandbox while browsing is a good idea. There is a free one called sandboxie and it will be good to try it. I use it everyday but the paid versions of avast have a sandbox so if you have a paid AV you don't need sandboxie.

Avast sandbox is not the same as Sandboxie. Avast sandbox does not protect your browser from unwanted changes. It analyzes unknown programs to see if they are safe or not when executed. Sandboxie is a browser protection first and foremost. It does not have any sort of detection means. Using a system image is always the best route. Every security product will fail at some time or another. Thats why its best to have a backup solution. Unfortunately most users fail to back there pc's up.

Well, the sandbox in the paid versions of avast can force programs to run in it and it is better to buy avast pro(or above if you want) than buying the paid sandboxie. Of course you can use the free sandboxie like me.