Today, a Rogue-Anti-virus infected my HP Slimline. It is secured with Avast! PRO Anti-virus. The rogue antivirus was named - “My Security Engine”. When I tried to access Avast! It was completely disabled. When I pressed “Fix Now” It wouldn’t turn on, the same with the “Real time Shields” It was all turned off. Luckily, I had one more Anti-Malware program. Malwarebytes Anti-Malware was able to detect and delete the rouge antivirus that somehow got on my computer and disabled Avast! Pro Anti–virus. The same is with a Trojandownloader:win32 appeared on my Dell Inspiron 1545 and Avast! PRO Antivirus was disabled. Again Malwarebytes Anti-Malware saved me. So WHY Does Avast! Get disabled and not turn on when I need it the most, when my computer is attacked?

What is the use of having Avast! Pro Anti-Virus when a virus just kills it?

Michael Sanangelo - Ohio, USA

just one question: what do mean by “somehow” ??? when you’re talking about the way the rogue got downloaded, you have absolutely no idea?
How Avast reacted is another question, and that’s unfortunately not the first time I hear that it doesn’t block rogues downloads and actions.

The thing is, I haven’t used that HP Slimline in a few months, I use my laptop 24/7. I just got on today to get all my pictures off onto a USB then out of no where this rouge starts installing. I used to play video games on that computer all the time, but I scanned mostly every file before opening. Thats not the issue at hand here. The issue is Avast! Anti-Virus PRO Does not work when I need it the most. The virus just turns it off and wont re-enable itself, even after pressing “fix now” or “start program”

Try using Superantispyware or MBAM to remove the rough program

calc,

you might want to reread the OP first post, He already got rid of the rogue with malwarebytes~wink~

he is asking why avast didnt catch it and was shut off.

Rogue AV’s are a major thorn in all legitimate AV’s side in My opinon.

Sat

here is one reason why it didn’t stop this one getting on:

• Fake antivirus overwhelming scanners, whilst this is an old article, the trend is still there.
  http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/

The reason for the growth in numbers is what is known in technical terminology as ‘polymorphism', an old defence technique which involves changing the binary checksum of every copy (or download) of a piece of malware. This makes it much more difficult for antivirus programs to detect the programs.

I read that article, I get it a little more now. Infact, I just downloaded Superantispyware portable edition on my USB to use incase my computer gets infected again and I dont have MBAM.

I don’t agree with that sorry, rogues don’t come just like that :

1. If avast didn’t detected it that doesn’t means that it is 100%
   Because no Av give 100%/ more protection ;D

2.If you have the Pro version of avast why didn’t you use the Sandbox?
Doesn’t the Sandbox makes avast look cooler O.O?

I’m not kidding. Explain to me how a rogue gets there when I haven’t used that computer in more than 5 weeks.

The rouge program install when you download it and runs its installer. It can’t infect a computer from nothing. If you dont remember what you installed last time then that is other thing. Maybe someone that used it.

Have you checked the USB stick you used ?

Yea, I scanned it with Superantispyware before I put it in. And after I got infected. Results=Clean

Use malwarebytes
http://www.malwarebytes.org

The free version I mean…update it fully and do a full scan with it and post the log here for people to help u!

Here is the log with the rogue (Mysecurityengine)

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4091

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

5/22/2010 3:12:06 PM
mbam-log-2010-05-22 (15-12-06).txt

Scan type: Full scan (C:|)
Objects scanned: 14987
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\ProgramData\b28aff4\MSb28a.exe (Rogue.Installer) → Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my security engine (Rogue.Installer) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\b28aff4\MSb28a.exe (Rogue.Installer) → Quarantined and deleted successfully.

Just a question, are you using the 5.0 version of avast? Because avast is supposed to be resistant to malwares that tried to shut it down…

Maybe you got a window like this: http://help.artaro.eu/images/general/avastfree70.jpg and you clciked “Yes”, not knowing what it was otherwise if you’re using v5.0 and didn’t get thhe window then I think it should be checked out as something went wrong in the process…

Al968

Any changes after removing these?

Did you enable the avast! Self-defense module in Settings?

Umm not sure.