Yesteday I meet at first time with CryptoLocker virus. On this computer is installed AVAST FREE 2014 on Windows7 HP. I was checking somethink on this computer and sudenly I see some pictures modify my virus. There was information that file is encrypted etc… When I want to move file/pictures out of computer file was crypted online and I move crypted file/before I touch on it was ok.
I deside to scan computer by AVAST , I chosse full scan . After more then one hour AVAST tell that there was not any virus or dengerous file detected. I was in SHOCK.
Afterwards I used ESET online scanner and this detected virus in computer. Today Im going to continue with cleaning.
Can you tell me, Can you imagine why AVAST not detect virus??? Till now, I like AVAST very much.
Perhaps the hardened mode…who knows.
However, considering what CryptoLock can do to your PC (data) I think a “one time” $24 investment plus a free util to “complement” Avast is well worth it.
Well, yeah, Hardened mode would have prevented it but it’s not enabled by default. A lot of users are still on v8. I’d be interested to see if Deepscreen or the Autosandbox (v8) would have reacted and stopped it.
Malwarebytes isn’t an AV though… it’s supposed to be ran alongside an AV. What makes me think is that if Malwarebytes detected the variant, it should have stopped it in the first place. I think he got infected and then got Mbam pro.
Thx, I needed MBAM anyway…I think it is a great complement to Avast.
Looks like the “Variants” may be a moving target for MBAM
Over the years there are MW items Avast missed and I used MBAM to remove…since their “PRO” is lifetime license it is a no brainer.
As I stated, I have Avast 8 + MBAM PRO + CryptoPrevent on all PCs now…plus, daily backups (run at night) to USB HDDs that I take offline in morning.
Yup, think so…once your files are encrypted you are SOL.
You can pay the ransom and hope they send you the key…OR if you have “offline” backups that have not been touched use MBAM to remove the MW program and restore your backups. There is possibility (assuming you have Windows Sys Restore Enable) that they files are not encrypted…kind of a pot-luck if Cryptolock succeeded on these VSS copies…but that would be first place I would look.
I’m bumping this up just to add one note … apparently most download managers will corrupt the EXE installer for CryptoPrevent (my FDM did), so make sure to use your browser’s built-in downloader. I’ve now installed that plus upgraded my MBAM to Pro, as suggested.
CP is similar to SpywareBlaster in one respect … since it works primarily through registry entries, the only time you should need to open it is when checking for updates. Like SB, there’s also a low-cost addon available which enables auto-update checking.
Would somebody be so kind as to offer some answers as to why the avast zero-day protection did not alert to this…?
It contains deepescreen etc so should not the crypto have been alerted to the user…?
Its a perfectly reasonable enquiry and desrves a full and comprehensive explanation.