My father just called me and from what he told me he’s computer has been infected with the Ucash Ransom Trojan. The (not so) funny thing is that he has Avast! Free installed on his system. He says that yesterday he was able to do a virus scan after a failsafe boot, but Avast! says there are no infections found on his computer.
When he boots up normally within ten seconds a picture comes up saying his computer has been blocked and that he has to pay to unlock the computer or face prosecution.
Since this Ucash crap has been around for a while it’s strange that Avast! doesn’t detect it.
Since this Ucash crap has been around for a while it's strange that Avast! doesn't detect it.yes it has, the problem is the bad guys change it every day and release new versions....and no security program have 100% detection
if you need removal help, follow the logs to assist in cleaning malware guide at top in viruses and worms forum section
This malware changes on a daily basis and 90% of the time the latest variant lasts for two or three days before detection. Up until then manual removal is required
OK.
I have a site full of removal guides for crap like this. ;D
we have have a forum full of removal specialists if you need one…and it is all free
No antivirus detects this. Its the FBI Ransomware. I have seen this hundreds of times get passed Norton, Kaspersky, AVG, Avast, Avira and Bitdefender. That best thing to do is to download HitmanPro Kickstart then follow up with a MalwareBytes Antimalware scan. This infection usually happens when a user clicks on a random link without thinking. Essexboy can slso help you out. He is great at this stuff. But its not Avast’s fault. Safe surfing habits play a huge roll in this.
http://www.surfright.nl/en/kickstart
There are several versions of this. The code is changed daily so its impossible to keep up with it. Mac users are seeing this now. Here is great removal guide and or guides.
Maybe I don’t understand the “sandbox” concept, but with Internet Security or other versions that have it, could it not protect users from this “better”?
vagabondh,all versions of avast provide the same high level protection,there is not cut down.
Avast is a very good AV right now but your best protection is your brian and self caution and the second line is avast ;D
Probably you must question your dad’s browsing habits first and get him to use firefox with noscript plugin,WOT,Malwarebytes free alongside avast
Using a sandbox while browsing is a good idea. There is a free one called sandboxie and it will be good to try it. I use it everyday but the paid versions of avast have a sandbox so if you have a paid AV you don’t need sandboxie.
Plus,if you have a copy of the infected files send them to virus@avast.com for analysis.
All versions of Avast has the same detection rate. The sandbox is incorporated in all of them. But this wasn’t a program that was downloaded. It was most likely a link your father clicked on via an email. Using a 3rd party browser such as Firefox or Google Chrome is a start. Adding Adblock Plus and WOT to either of those is also wise. I already listed the antiviruses which I have seen miss this. You also have to understand that the people who makes this change the code daily. Avast still has one of the highest detection rates around. So honestly speaking Avast isn’t really to blame here as much as how your father came across this. Ask him what he was doing or what he clicked on.
The best protection is to keep a clean system image that is current and up to date. If this happens simply mount the stored image and your up and running like nothing every happened. Prevention is better then detection any day.
Using a sandbox while browsing is a good idea. There is a free one called sandboxie and it will be good to try it. I use it everyday but the paid versions of avast have a sandbox so if you have a paid AV you don't need sandboxie. ;)
Avast sandbox is not the same as Sandboxie. Avast sandbox does not protect your browser from unwanted changes. It analyzes unknown programs to see if they are safe or not when executed. Sandboxie is a browser protection first and foremost. It does not have any sort of detection means. Using a system image is always the best route. Every security product will fail at some time or another. Thats why its best to have a backup solution. Unfortunately most users fail to back there pc’s up.
And to say, adblock plus is a part of avast 8. Also, the sandbox of the free avast is not the same as in the paid versions, i mean it pushes a program in it when it decides that the program is suspicious or it isn’t known to the avast filerep.
Adblock Plus with very limited options is part of Avast. It does not have the same subscriptions unless you add them. Yes the Avast’s paid products sandbox is different then Avast’s free sandbox. But it still cannot full virtualize your browser like Sandboxie. But lets not veer off the beaten path and hijack this thread. Thanks.
Here is a side by side comparison.
Using a sandbox while browsing is a good idea. There is a free one called sandboxie and it will be good to try it. I use it everyday but the paid versions of avast have a sandbox so if you have a paid AV you don't need sandboxie. ;)Avast sandbox is not the same as Sandboxie. Avast sandbox does not protect your browser from unwanted changes. It analyzes unknown programs to see if they are safe or not when executed. Sandboxie is a browser protection first and foremost. It does not have any sort of detection means. Using a system image is always the best route. Every security product will fail at some time or another. Thats why its best to have a backup solution. Unfortunately most users fail to back there pc’s up.
Well, the sandbox in the paid versions of avast can force programs to run in it and it is better to buy avast pro(or above if you want) than buying the paid sandboxie. Of course you can use the free sandboxie like me.
I stand corrected. Avast Internet Security does have a sandbox like browser protection like Sandboxie. But unless his father was running his browser under Avast’s Sandbox it cannot protect him.
http://www.avast.com/en-us/internet-security
“Surf and socialize without worry
Sandbox lets you surf the web and run even risky programs virtually, outside your PC. And our Web, IM, and P2P shields ensure your safety on social networks (e.g. Facebook or Twitter) and online dating sites, IM chats (e.g. Skype or ICQ), or peer-to-peer file-sharing sites.”
There are two different sandboxes in Avast IS. once which analyzes programs and the other to fully virtualize your browser. But this FBI Ransomeware isn’t something you download and install. It comes when a user clicks on a malicious link. Then when you reboot your toast.
But this FBI Ransomeware isn't something you download and install. Iit also comes as attachment in fake mails from DHL / UPS / FedX.....
But this FBI Ransomeware isn't something you download and install. Iit also comes as attachment in fake mails from DHL / UPS / FedX.....
Exactly. Thats why I asked him to ask his father what he was doing. Every customer I have seen with this came via an email link. First lesson in safe surfing “Never open up emails from people you do not know. Never click on any random link either”. Thats why WOT is great browser addon.
There are two different sandboxes in Avast IS. once which analyzes programs and the other to fully virtualize your browser. But this FBI Ransomeware isn’t something you download and install. It comes when a user clicks on a malicious link. Then when you reboot your toast.
You are correct
Lets not “hijack” LasseThid thread. Hopefully we can help him protect his father from further malware infections.