Author Topic: Win 7 Anti Spyware 2011  (Read 3290 times)

0 Members and 1 Guest are viewing this topic.

mathar

  • Guest
Win 7 Anti Spyware 2011
« on: March 28, 2011, 09:31:35 PM »
I've just spent the last 3.5hrs fixing my laptop after getting this.  ???  Basically I started getting all these messages pop up about security breach and I should buy this Win 7 Anti Spyware 2011 - all looked totally legit too. Looked like it was something that came pre-installed on my laptop. Luckily I don't just buy things without researching and quickly found it was spyware! I ran Avast and it didn't find anything. I'm not a computer guru (explains 3.5hrs) but I'm fine with googling to find out how to fix my problems. If I break it, someone else can fix it. So I ended up doing a system restore in safe mode but then had video problems. I was finally able to fix all this and am happily working from my laptop.

My question - should Avast have caught this? I found so much about it when I googled it that I would expect Avast to have caught it. And 2nd, do the purchased versions catch more than the free version? I have the free version.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Win 7 Anti Spyware 2011
« Reply #1 on: March 28, 2011, 11:02:11 PM »
Here is a good instruction for a removal of this spyware: http://malware.im/win-7-security-analysis-and-removal/
A resident av solution does not catch them all, so it is advised to add some non-residental anti-malware software to catch the additional non-detects like MBAM and/or SAS. Fake av malware is constantly being upgraded and morphed to go under the av detection radar. It is a good policy to send non-detects to avast so detection can be added,
This variant is detected: http://www.virustotal.com/file-scan/report.html?id=514992e4ca7c42bd41be4f841b0b1827b3e8397c0f6aee2336f93aefdd8aba81-1300972816
This also: http://www.virustotal.com/file-scan/report.html?id=be763d2225345f058de282983f0e8bdd6a6753e62cb6733a7c84161112f1d98e-1300971896
But avast detection was not there earlier: http://www.virustotal.com/file-scan/report.html?id=514992e4ca7c42bd41be4f841b0b1827b3e8397c0f6aee2336f93aefdd8aba81-1268993364
So it depends when the trojan dropper did hit you, to say you were protected or not....

polonus
« Last Edit: March 28, 2011, 11:10:07 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Win 7 Anti Spyware 2011
« Reply #2 on: March 28, 2011, 11:07:01 PM »

doktornotor

  • Guest
Re: Win 7 Anti Spyware 2011
« Reply #3 on: March 28, 2011, 11:10:22 PM »
As long users insist on browsing under administrator account and keep clicking YES on everything, all hope is lost.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Win 7 Anti Spyware 2011
« Reply #4 on: March 28, 2011, 11:21:57 PM »
Hi doktornotor and pondus,

Yes, user education will be our only hope in the end, the "malcreants"will register another thousands and thousands of domains and morph these "old wine in new sacks" malicious fake av malware to users launched from there or from hacked sites. If something is "too good to be true" there is almost always crime or malware behind it, and yes without the first elementary lines of browser security practices all browsers will eventually turn a user's computer into a malcode spewing zombie beast.
For the more aware the malware can be followed and added to anti-malware solutions from "the sites we do not want to name but are known to every security staff and some other resources", for instance with a "search query for this malware that would be: /viruses.php?virusname=W32/FakeSec.B.gen!Eldorado&sort=first%20desc", keep an eye on the sparrow at "herbivore" (joke), there really is no excuse not to have the latest definitions as the binairies get unfold...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!