Avast - ENHANCED PROTECTION MODE

WHAT IT MEAN ? HOW TO RETURN TO NORMAL MODE?

Hi

This is not an Avast! pop-up I have ever seen. It is almost surely an infection, just posted here yesterday>>http://forum.avast.com/index.php?topic=81947.0, http://forum.avast.com/index.php?topic=81972.0

Indeed, Avast doesn’t have such a mode. You are most likely infected with a virus that came with a fake flash update you downloaded to see video. We already notified the Virus Lab about this virus. In the mean time I will ask our malware removal specialist Essexboy to help you.

Greetz, Red.

have you tried running Malwarebytes ?

if not run a quick scan and see if it find anything

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always make sure the program is updated before you scan
click on the remove selected button to quarantine anything found

post the scan log here

Whilst this doesn’t mention your issue directly many of these are are just different names and follow the same sort of procedure. The one here may have come from falling for a fake flash update.

So read this article below, as the general removal process is the same for many of these fake security applications. Whilst MBAM may well be able to find rogue related malware (this really is its specialist area), but you may also need to use RKill first to disable any malware processes running before using MBAM.

http://www.bleepingcomputer.com/virus-removal/remove-internet-protection

This virus has severly violated the copyright by his background then if avast! retrace that author of it i think he could simply take it to the law. I guess ?

Would it worth? I don’t think they will take the author to the law…
It’s normal that the major antivirus in the world get this type of attack…

It’s a Trojan dropper. It removed Avast! from my computer completely. Can’t re-install. Also, it changed the shortcut. The fake alert runs from C:\WINDOWS\update.tray-10-0-lnk\svchost.exe tray 10-0 1. Blocks Facebook website. Here’s a write up:

http://deletemalware.blogspot.com/2011/07/remove-avast-enhanced-protection-mode.html

Also, this Trojan uses the same fake alert for other anti-virus software. For example, Norton ENHANCED PROTECTION MODE, etc. Got it through MSN messenger but I think it mainly spreads on Facebook. Malicious link takes to fake Youtube sites, then redirects to Flash-Player.exe. The file I got was not detected by Avast (fully updated). I’ve already submitted it. Malwarebytes was able to remove some of the malicious files, but not all of them.

Cheers!

Malwarebytes was able to remove some of the malicious files, but not all of them.
then you should also upload it to malwarebytes and tell them that.....

have you tested the file at VirusTotal ? if so post the scan link

VirusTotal scan results: http://www.virustotal.com/file-scan/report.html?id=8a532dee28d057ba5f3d26f0ee012bd4b5574ffc42230ee6bd525a77110e969a-1311717501

If you haven’t already done so - Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn’t remove them from the original location, so they still have to be dealt with in that location (if required).
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Any news about this malware? This is a nasty one and I can’t help but be concerned about it. Why has not Avast detected this particular one? What may be some settings that we should do?

Avast! should now detect this one as malware gen as I saw It on virustotal results

http://www.virustotal.com/file-scan/report.html?id=8a532dee28d057ba5f3d26f0ee012bd4b5574ffc42230ee6bd525a77110e969a-1311754341

Thanks Danny. So samples are now with Avast developers and have been considered/included in the signature updates…yes?

Im wondering if this is the same one.

http://news.softpedia.com/news/Trojan-Spreading-Through-Facebook-Replaces-Antivirus-Programs-213343.shtml

Signatures are only a part of the battle as they will always be playing catch-up, this was a social engineering trick that caught out a lot of people.

Watch out for social engineering tricks (usually security based pop-ups), as this one for most people came in the form of a pop-up on facebook saying you needed to update flash player.

Clicking update infected the system, so ignore these type of pop-up update warnings and don’t update from the pop-up (you have no idea what the remote location behind it is), only update from the source, e.g. adobe in this case.

So whilst the latest signatures should detect this particular variant, the user has to watch out for these social engineering tricks that may carry a new variant.

Thank you very much again DavidR for the information. I wil pass this one including the link to friends.

I have this problem. Essexboy told, make a topik, but I don’t know how. I take a malware Anti-malware, after RougeKiller. After OTS. In the computer all ok, but I can’t use the Facebook. What’s the next station?

@gyorodika,

You need to go to the section of the forum named “Viruses and Worms”.

Once there, you will see in the upper part of the topic, on the right side of your screen, the “new topic” option (together with “mark read”, “notify”, “new topic”, “post new poll”).

Please don’t copy what others are doing with OTS or any other advanced tool. Those solutions are for each user/system in particular.

Click at http://forum.avast.com/index.php?board=4.0 to get to the section of the forum named “Viruses and Worms”, open a new topic and explain YOUR problem. You will get help for your particular problem/system.