Cryptowall 4 trashes Avast: I am loosing faith in Avast

This is information for the benefit of others, since I am now considering moving from Avast as IMHO it should have prevented this infection.

On December 22 2015 I had a visit from the ransomware boys.

I have not been able to determine whether they came from a dodgy website or a dodgy email, I understand both entry methods are used.

Apart from encrypting many data files and taking over to PC to present their ransom demand screen, Avastpro was disabled / corrupted.

After manual malware removal and cleanup Avast was showing as

The ‘Avast service is not running’

Indeed looking in services.msc the service was listed but not started.

Selecting start, caused Windows to think the service was then running, but the main Avast program action did not change.

Interestingly the infection failed to penetrate safezone (small mercies).

More interestingly safezone remained active and available before and after uninstalling Avast but following disinfection.

I have managed to recover over 90% of the encrypted documents.

Please provide prove that CryptoWall 4 (as you call it), is disabling avast and submit it to avast.

Also tell how you recovered the files.
It may help others.

To my knowledge Avast…and all A/V & anti-Malware…do not “stop” CryptoWall/Locker attacks.
I think they “see” and “remove” but by then the damage/encryption is done.
There may be newer/better ways to protect but I have found this added to my Avast/MBAM/MBAE layers.
CryptoPrevent: https://www.foolishit.com/cryptoprevent-malware-prevention/

…plus, use a Cloud Storage that gives you version history.
Some are DropBox, SugarSync or MS OneDrive.
Here is example FAQ/link…
https://community.office365.com/en-us/f/148/t/345474
https://support.office.com/en-us/article/Restore-a-previous-version-of-a-document-in-OneDrive-for-Business-159cad6d-d76e-4981-88ef-de6e96c93893
Basically, if the “crypto” gets by your prevention efforts you can easily remove it with A/V/MW programs.
However, your files are encrypted…just delete them, go to cloud, delete them there since synced and restore version history files.

The date and timestamp of the altered files in the Avast folder plus the fact that Avast was running ‘normally’ during the encryption phase and not immediately after.

Since the only other reply is so holier than thou that author clearly doesn’t need or want my help or any information I might provide.

Hi studiot,

Would you mind supplying us with some samples that we could use to possibly replicate this in our lab? And, by the way, what makes you think that this is Cryptowall 4?

Thanks for your help,
Vlk

A list of avast files that are/where altered could also help a bit already.

Please help all users and make the world a bit more safe by providing avast as much information as you can.

Did you have CrytoPrevent installed? -https://www.foolishit.com/cryptoprevent-malware-prevention/

Is this recommended (i.e. Avast will not protect enough)? Looking at the site they have a limited version for FREE, which makes me wonder if users will get bombarded by requests to upgrade… I have to say their website doesn’t impress me (this link posted), on first impression it looks a bit sketchy to me.

I have the free version of CryptoPrevent installed. I’ve never been bombarded by requests to upgrade.

Layered protection is going to better than a single layer/application.

Since this is a specialist tool against a specific threat it is ‘likely’ to be better than your standard AV, no matter what that may be. Personally I haven’t installed it, I seek to prevent malware in general (including this) using layered protection and pro-active measures. But if all else fails, ensure that you have a robust backup and recovery strategy.

I prefer not to speculate, simply on a visit to the website that they are going to bombard free users with requests to upgrade.

There are many user of this product who are regular visitors/helpers of the forums and no such indication of being bombard to upgrade or I guess they wouldn’t still be suggesting it.

David has already answered: layered defense.
I have never received any spam (if any, as I could have unsubscribed to any email…).
Fantastic protection for free.

I also use the product and have never received any spam or requests to upgrade.

Would we suggest a trashware here in forums?
People seems not to know us well 8)

Have a nice New Year :wink:

CryptoPrevent has been an important layer in my “Layered Security Profile” since it was first introduced. :slight_smile:

I would think that if I have Avast “Hardened Mode” set to “Aggressive” as I have that Avast should be able to stop anything that Cryptowall would, NO? :-\

Peoples…

Let’s stay on topic with the OP’s post.