AVAST 2014 FREE versus CryptoLocker

Hello

Yesteday I meet at first time with CryptoLocker virus. On this computer is installed AVAST FREE 2014 on Windows7 HP. I was checking somethink on this computer and sudenly I see some pictures modify my virus. There was information that file is encrypted etc… When I want to move file/pictures out of computer file was crypted online and I move crypted file/before I touch on it was ok.

I deside to scan computer by AVAST , I chosse full scan . After more then one hour AVAST tell that there was not any virus or dengerous file detected. I was in SHOCK.

Afterwards I used ESET online scanner and this detected virus in computer. Today Im going to continue with cleaning.

Can you tell me, Can you imagine why AVAST not detect virus??? Till now, I like AVAST very much.

Thanks Jiri

no security program have 100% detection…
the bad guys release new versions every day to avoid detection…

CryptoLock is Malware…not Virus.
If you are hit by CryptoLock then read this thread: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Check out this thread on the subject and suggestons. http://forum.avast.com/index.php?topic=141429.msg1028176#msg1028176
Bottom line, pay $24 (was $14 this weekend) for MalwareBytes “lifetime” license…great deal !
Also, add the utility CryptoPrevent. http://www.foolishit.com/vb6-projects/cryptoprevent/
Avast Free (V8 & V9) work fine with the above.
The above becomes a very protected system. :slight_smile:

This is indeed interesting .

Why did deepscreen not stop this.?

Indeed it would appear the avast zero-day protection is not there yet.

What on earth is deepscreen for if it cannot protect the computer from unknown malware.

I would expect a chosen security product.(avast) to be able to stop this without having to download and install other software.

Again avast needs to improve its zero day protection immensely.

Perhaps the hardened mode…who knows.
However, considering what CryptoLock can do to your PC (data) I think a “one time” $24 investment plus a free util to “complement” Avast is well worth it.

Well, yeah, Hardened mode would have prevented it but it’s not enabled by default. A lot of users are still on v8. I’d be interested to see if Deepscreen or the Autosandbox (v8) would have reacted and stopped it.

There is also still Crypto Prevent.

http://www.foolishit.com/vb6-projects/cryptoprevent/

What about different variations of this threat.?

what do we do…carry on installing separate programs until all our bases are covered…?

I wouldn’t be so sure about MBAM; see:

https://forums.malwarebytes.org/index.php?showtopic=137506

Malwarebytes isn’t an AV though… it’s supposed to be ran alongside an AV. What makes me think is that if Malwarebytes detected the variant, it should have stopped it in the first place. I think he got infected and then got Mbam pro.

Thx, I needed MBAM anyway…I think it is a great complement to Avast.
Looks like the “Variants” may be a moving target for MBAM :frowning:
Over the years there are MW items Avast missed and I used MBAM to remove…since their “PRO” is lifetime license it is a no brainer.
As I stated, I have Avast 8 + MBAM PRO + CryptoPrevent on all PCs now…plus, daily backups (run at night) to USB HDDs that I take offline in morning.

Yup, think so…once your files are encrypted you are SOL.
You can pay the ransom and hope they send you the key…OR if you have “offline” backups that have not been touched use MBAM to remove the MW program and restore your backups. There is possibility (assuming you have Windows Sys Restore Enable) that they files are not encrypted…kind of a pot-luck if Cryptolock succeeded on these VSS copies…but that would be first place I would look.

Why not set your machine security policy not to run them? It’s when they are executed they give the problems.

Here’ s the guide from Bleeping Computer
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Dave

That is what CryptoPrevent does, nice util so you don’t have to manually do the Group Policy edits.
http://www.foolishit.com/vb6-projects/cryptoprevent/

I’m bumping this up just to add one note … apparently most download managers will corrupt the EXE installer for CryptoPrevent (my FDM did), so make sure to use your browser’s built-in downloader. I’ve now installed that plus upgraded my MBAM to Pro, as suggested.

CP is similar to SpywareBlaster in one respect … since it works primarily through registry entries, the only time you should need to open it is when checking for updates. Like SB, there’s also a low-cost addon available which enables auto-update checking.

Would somebody be so kind as to offer some answers as to why the avast zero-day protection did not alert to this…?
It contains deepescreen etc so should not the crypto have been alerted to the user…?

Its a perfectly reasonable enquiry and desrves a full and comprehensive explanation.