FakeRean, ave.exe or Vista Smart Security 2010

I update to the latest iAVS before every internet session but still got this one.

It was able to infect through Mozilla without selecting to download or run anything.

Manual removal needs patience and the use of a clean computer or dual boot.

There are a few guides available, here is the one I used:

http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html

You can also use malwarebytes, “more tools, fileassasin” to search for and then delete ave.exe in “c:/users”. It’'s easier than manually un-hiding, un-read-protecting then deleting “ave.exe” from the command line as suggested in the guide.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

I have been, and will continue to be a happy avast user.

Regards,
SteveB

If you don’t already have the NoScript add-on for firefox, I suggest you get it as that can prevent briveby scripts from being run in firefox. Another odd-on is RequestPolicy, which prevents cross site scripting, the most common issue in hacked sites having an inserted iframe or script tag to run a script from a malicious site. This add-on however some find intrusive as a site can many such scripts from aligned sites.

Ok,
I am trialing Noscript.

https://addons.mozilla.org/en-US/firefox/addon/722

It is working without too much user overhead. Exception rule logic is straight forward.

Ultimate proof would be to re-trace my steps and see if I get busted again. But I’m chicken…

Thanks for the tip.

A Question to the big brained or Avast administrators:

It seems unusual that Avast! free edition is ineffective against this virus even though it has been in the field since 2010-03-21. Has the additional features of the purchased versions of Avast! been more effective in blocking it?

Regards,
SB

No security program have 100% detection, and if none have sendt a sample of this to avast then it is not added to the definition
so if you have it ? send it to virus@avast.com in a password protected zip file, and write the password in the mail