Avast completetly ignoring Teslacrypt.

[jvidal]

Hi!

These last few  months, I've stumbled upon several people affected by the teslacrypt family of ransomware viruses. All of them had Avast on their computers, which didn't detect it AT ALL.

What is going on? why isn't avast detecting this INCREDIBLY DANGEROUS virus??

[Eddy]

1]
It is not a virus but ransomware.

2]
avast does detect many variants of TeslaCrypt.

3]
There is not tool that detects all malware.

4]
Many people have pup detection disabled in avast.
TeslaCrypt is (amongst other ways) spread through pup's.

5]
Detection can only be added if avast (and other malware vendors/developers) have a sample of the malware.
Doctors can't develop a cure for a decease that the don't know the existents of.

6]
I have to guess here, but those people are using a account with administrator rights for daily use.
That means that if malware gets on the system it has the same rights as the user.
NEVER use a account with administrator rights for daily use.

Security on/for a system starts with what the user knows/does, not with software.

[jvidal]

are you for real?

Not a virus?? yeah, right.

Avast hasn't detected ANY variant of teslacrypt, alphacrypt or cryptolocker/cryptowall so far.

I know it can't detect all malware, but at least it should detect some of it!!!

Maybe PUP is disabled by default, it still should detect ransomware viruses even if pup detection is not enabled. This is not a valid excuse.

Probably they use an admin-enabled accout, but they have their reasons. Limited accounts won't allow you to do a lot of necessary things.

Oh, and BTW, Avast flags the tesladecoder tool used to try and decrypt the files as a virus, but not the actual virus. Neat!

[Eddy]

Yes, I am for real.
It is not a virus, but ransomware.

A virus is just one of the (many) types of malware.
Some others are : trojan, adware, scareware

avast sure has detected several variants of ransomware.
You can check the vps history what avast is detecting.
https://www.avast.com/virus-update-history
Keep in mind that different vendors often have different naming for the same malware.

Saying avast detects the TeslaCrypt encoder as malware isn't much helpful.
Which exact decoder do you mean ?

[Pondus]

Not a virus?? yeah, right.

all virus are malware, but all malware are not virus. If it does not  self-replicate it is not a virus

quote VB100

In a stricter sense 'virus' applies only to self-replicating malware, and even more specifically only to code which infects other files on the local system

[Eddy]

As addition.
A virus attaches itself to the end of a file, not changing the rest of the file.

[Pondus]

As addition.
A virus attaches itself to the end of a file, not changing the rest of the file.

end/beginning depends on what version, there are also space filler variants (cavity injectors)

[Pondus]

Avast hasn't detected ANY variant of teslacrypt, alphacrypt or cryptolocker/cryptowall so far.

No      well a quick google search give this

Teslacrypt
https://www.virustotal.com/nb/file/21fd3ae9ad43d66dafb94aab22d985d44805df86912882476d840110ab1347f1/analysis/

Alphacrypt
https://www.virustotal.com/nb/file/7bdc23cc435305da225148b643fc5273a0bf4e227327e15309fe8d5d98c12c20/analysis/
https://www.virustotal.com/nb/file/10cefc780480238a0072c34b4d43571321db91eeb4fc36b1c8ceb5dd7d7aaab1/analysis/

Cryptolocker
https://www.virustotal.com/nb/file/a2bc3059283d7cc7bc574ce32cb6b8bfd27e02ac3810a21bd3a9b84c17f18a72/analysis/

Cryptowall
https://www.virustotal.com/nb/file/45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d/analysis/
https://www.virustotal.com/nb/file/55e866cc8580e5f9f7f6560e478f3b37b3362e9f94e88439beef6026c86c80be/analysis/
https://www.virustotal.com/nb/file/45317968759d3e37282ceb75149f627d648534c5b4685f6da3966d8f6fca662d/analysis/

What is going on? why isn't avast detecting this INCREDIBLY DANGEROUS virus?

New changed versions are frequently released to avoid detection

Oh, and BTW, Avast flags the tesladecoder tool used to try and decrypt the files as a virus, but not the actual virus. Neat!

It is normal that tools used to clean malware are detected bc of how they behave, happens frequently with all the tools used by this forums malware removal team

https://www.virustotal.com/nb/file/84b86bd83929a9bda1d114a0df9361a8a51d38af27a60879fd405af4477263f3/analysis/1450954969/

[viny-stras]

Hello, I just have a friend with avast running and up to date (11.1.2245 with data base 160122-0) that have been infected by cryptowall 4.0 to day.

He have a backup done every week on an usb drive, so it should be ok to restore his file.

But now the question is to know if there is a way to have a good protection against this kind of malware ?
Because avast still running on his PC without seing or doing anything against cryptowall 4.0 :-(

It seems malwarebytes can see it, I will do a scan with it.
Hope you will be able to work on a protection again this type of malware.

Bests regards,

Vincent (from France)

[Pondus]

Hello, I just have a friend with avast running and up to date (11.1.2245 with data base 160122-0) that have been infected by cryptowall 4.0 to day.

He have a backup done every week on an usb drive, so it should be ok to restore his file.

But now the question is to know if there is a way to have a good protection against this kind of malware ?
Because avast still running on his PC without seing or doing anything against cryptowall 4.0 :-(

It seems malwarebytes can see it, I will do a scan with it.
Hope you will be able to work on a protection again this type of malware.

Bests regards,

Vincent (from France)

Do you need assistanse from Malware removal team?   

if so, follow instructions here  https://forum.avast.com/index.php?topic=53253.0

[Milos]

Hello,
samples that we have are already detected. Maybe this is some new variant, which is not covered by any our generic detection. We would like to have such samples to analyze.
Can you send us the malware samples to analyze why it was not detected? Create a ticket on https://support.avast.com/ and attach the samples, please.

Thank you,
Milos

[Lotan]

quick question. how do you avoid ransomware and prevent it to begin with? is it something hackers install directly to your pc through hacking or is it by clicking bad/infected links?

[bob3160]

quick question. how do you avoid ransomware and prevent it to begin with? is it something hackers install directly to your pc through hacking or is it by clicking bad/infected links?

https://www.foolishit.com/cryptoprevent-malware-prevention/

[Lotan]

how do i know if cryptoprevent is working? as there doesnt seem to be any toolbar icon

[bob3160]

how do i know if cryptoprevent is working? as there doesnt seem to be any toolbar icon

This explains how it works and why you don't need any toolbars icons etc.
http://www.bleepingcomputer.com/forums/t/525028/cryptoprevent-does-it-work/page-2#entry3619786