Crypt0L0cker

I experienced Crypt0L0cker and even if thanks to a full backup I didn’t had any damage. I then made some test on a test pc and I found Avast Free is the only AV that does not intercept this ransomware that could create so many damages. Bitdefender, Kaspesky, Nod32, AVG, Avira they all intercept Crypt0L0cker, Avast no.
Avast used to be my favorite and as I am a supporting tech I’ve installed it on about 100 pc and untill now I was so pleased so happy now I’m not more and I’m gonna unistall Avast everywhere.
That’s a big big fail!

avast does recognize several versions of CryptoLocker.
avast also detects things that others don’t.

New versions of cryptolocker are released evry week

Make the link not clickable.
We do not want visitors of this webboard opening malicious websites.

Prove that avast does detect it:
https://www.avast.com/virus-update-history

Have a try with that link on a PC with the latest AVAST update and you won’t tell this. I’ve been testing all day long. Avast fail that’s it and as I’ve the proof you cannot convince me.

as i said above new versions comes out regulary and no security program have 100% detection

report it here https://support.avast.com > avast virus lab

edit your post above and change http to hxxp … this will make the link unclickable

I removed the live link to Cryptolocker malware.
It was taking too long for the Mods to make the link non clickable.
Better safe than sorry. :slight_smile:

I cannot understand how can you go with statement like this: you have a new version of Crypt0L0cker every week and multiple of them and so who cares if Avast can’t catch them all!
You’re out of what it’s supposed an Antivirus does: protect for whatever can damage you.
Crypt0L0cker can do big big damages and if you are good with that risk I’m not.
I experienced through a complete set of test using a PC that I have installed for the purpose.
I created a cloning image to restore back whenever Crypt0L0cker won over the Antivirus.
I found Avast, Avira and Panda failed. Bitdefender, Symantec, Nod32, AVG don’t.
Tell me why should I go with Avast if it doesn’t block a so harmful ransomware. I should be crazy.
Until you experience the same problem, but at that time it would be to late, you can keep pushing for Avast.
If I were an Avast friend I would try to understand why it failed and I would fix it and for sure I will not say you have a new version of Crypt0L0cker every week and multiple of them and so who cares.
I will wait the news Avast fixed it, until that time I changed my Antivirus with one working on that problem.

Actually, many cryptolockers born as “undetected” by any vendor. If you are a virus wirter, you want your sample undetected by any vendor. So we need prevention here. Avast has some features to prevent 0-day threats. Deepscreen, Hardened Mode and nowadays HIPS.
They can also fail. So what will happen ? You will probably infected with cryptolocker and you will lost your files.
I suggest you that do not trust any antivirus and do not be a supporter of any antivirus. Use softwares that build on more prevention not detection. You can maybe use anti-executables or you can use sandbox technology (also available in avast paid versions)
These are will save you. I think you are a techie guy and you know which file looks malicious or not.
Please use your common sense before running any file on your PC.
and remember that “Every virus born as undetected, we need prevention not detection”

Sincerely,
yigido

I cannot understand how can you go with statement like this: you have a new version of Crypt0L0cker every week and multiple of them and [b]so who cares if Avast can't catch them all![/b]
did anyone above say we dont care?

i gave you a link above where to report undetected samples

The OP seems to be focused on just this one malware sample, but is forgetting about other things.
As I have said, avast does detect things that others don’t and visa versa.

Being safe to this malware sample and using a other av means you will be vulnerable to other malware that avast protect you against.

It is detection. On some cases Avast can detect, on other many samples “A” antivirus can detect. So this history will never end.
There is no 100% detection exist. Protection is not equal to detection.
This user needs prevention against unknown threat. You guys give him a “Virus submission form” to submit his undetected sample. Why?
If he already know its a threat, why he needs Avast or any other Antivirus then? If he can decide which is malware or which is safe. He is a security product himself :wink: Why he needs Avast?
The user wants to ask something different in my huble opinion.

You guys give him a "Virus submission form" to submit his undetected sample. [b]Why?[/b]
i am an avast user just like you .... what else should i give him?

for protection there is a tool CryptoPrevent https://www.foolishit.com/cryptoprevent-malware-prevention/
it also needs updates, meaning it does not detect/protect 100%

This is Avast’s job, to collect samples. I am a user too and believe me I send many samples to vendors in every day :wink:
at these words, my goal was not bad. Please do not misundertsand me.

I strongly advise you to installed CryptoPrevent above this quote post by Pondus, because they work great together with Avast, MBAM & MCShield :wink:

This is Avast's job, to collect samples.
and this is what all AV labs do 24/7

try detecting all this https://www.av-test.org/en/statistics/malware/ they try but it is not possible

My suggestion is “Enable Hardened Mode : Aggressive”

Hardened Mode: Aggressive This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it's not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn't used by thousands of users.

a cryptolocker cannot be in Avast whitelist so this feature will block the execution of sample and you will be protected. :wink:

This is why I say that “Detection always multiple steps behind the new malwares” so we need prevention here :slight_smile:

That’s it.
Every Antivirus is not anymore a pure Antivirus it’s much more and even if I understand that a AV can fail where another succeed I want some reliable solution not only in detection but even in prevention and even if that was the first time in years Avast failed for me that was shocking because it was something I cannot tolerate it fails on.

I’m a tech and the problem didn’t happen directly to me. I’m enough aware to avoid myself this kind of threat - a pdf file does not have an exe extension - but for my mother what matter is the logo.

A cryptolocker start a massive cripting activity, I cannot understand an AV that does not suspect anything and prevents it. I need to stop Avast so many times because of my administrative scripts when I test them and I have to tolerate a cryptolocker activity not prevented: it’s simple absurd!

As a Tech, you should also be aware that there is no 100% in anything in life. Certainly not in protecting your system from attacks.
If such a product existed, we would all be using it and the bad guys would be out of business and so would you as a Tech. :slight_smile: