This malware is evolving and now blocks safe mode so the only realistic way to remove it is from outside windows. If someone gets this, as far they as they are concerned there is no distinction between virus or malware
Does avast! prevent this?
Is it in-the-wild to worth a blog post on cleaning or not?
It depends on which variant it is Tech, Avast needs to monitor the winlogon key and stop any changes being made without authorisation
And does avast! do it or not? Are we protected?
Is there a general “cleaning” routine for it that you can share?
Thanks.
Is there a general "cleaning" routine for it that you can share?Here is one, think Bob3160 have posted it before https://www.norman.no/uk/home_and_small_office/help_support/removal_of_police_virus_and_other_ramsonware
Here is another tutorial:
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware
Pondus, the site that you posted has an certificate error due to Google chrome.
working fine here on IE… but got the same on Opera…just approved and it loaded fine
the site is at Norman antivirus
Thanks for the tutorials.
Look,if you need 100% security then layer your security up.
All of us here are volunteers,did you even try googling on how many viruses come out everyday?
Eg: avast+MBAM PRO+ comodo fw+ safe browsing habits + your brian A.K.A. common sense + a good browser with security plugins like noscript,WOT etc
If you have crazy browsing skills,nothing is gonna save you!!its the fact.
If you got infected,its your goddamn fault,not avast’s fault,you can leave the machine running there for ages and it will never get infected unless you mess around with it.
Why will some people never get the facts in their head? probably because in a harsh language they are “noobs” who think no end to themselves…meh… :
With over 185+ million user base,the amount of people who get infected are very small and most get help here in removal using specially made 3rd-party tools.Not just 1 of those tools do the whole job but instead all tools do it,they help each other to remove the infection just as layered security does to prevent them.
Many tools like OTL require a expert input to remove infections and many like combofix do some automated as well as user based input removal.
For your information,avast has been drastically improving since past year with detection mechanism;s like evo-gen and they will be upping their game further this year,time to read:
http://rejzor.wordpress.com/2013/08/09/avast-antivirus-2014-announced/
So anything else Mr.Counseller??
Hi true indian,
there is no justification for an AV so popular like Avast! to not protect against FBI malware , also so popular.
Things like “no AV can protect you 100%” and “use common sense” are lame excuses in this situation;
another problematic malware here, this was posted in 2009 but it is still going on
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
@claudiubotezatu maybe you could contact the bad guys and tell them not to update there malicious programs, then problem would be solved
and you can check signures released here http://www.avast.com/en-no/virus-update-history
130728 - Win32:Ransom-ANT [Trj], Win32:Ransom-ANU [Trj]
130727-1 - Win32:FakeAV-EUG [Trj],
130727-0 - Win32:LockScreen-ACT [Trj], Win32:LockScreen-ACU [Trj], Win32:LockScreen-ACV [Trj], Win32:LockScreen-ACW [Trj], Win32:LockScreen-ACX [Trj], Win32:LockScreen-ACY [Trj], Win32:LockScreen-ACZ [Trj], Win32:Ransom-ANP [Trj], Win32:Ransom-ANQ [Trj], Win32:Ransom-ANR [Trj], Win32:Ransom-ANS [Trj],
and it goes on and on and…
Hi Pondus,
Insanity: doing the same thing over and over again and expecting different results.
Albert Einstein
Expecting to defend against FBI virus just updating the signatures over and over again is a lost cause ( if not insanity!!!)
have you looked at Avast! recently??? A thousand of shields, behavior, HIPS cloud, streaming update… seems extremely sophisticated … I wouldn’t expect to fight FBI virus using signatures (like 20 years ago…)
What about behavior shield?
What about HIPS?
What about GENERIC signatures?
Have you looked at any other AV ? as there all in the same predicament and none of them protect against the very latest variants until their discovered and new code/signatures written to combat the problem.
And avast doesn’t have HIP’s
Hi craigb,
There is still also something like educated user interaction and added layered defense to solve such a problem.
It was known from the point zero that just a single av solution cannot provide all-round 100% protection.
And how would you protect against the main problem called PEBKAC, see image attached.
PEBKAC does not fully upgrade and patch her OS and third party software, so PEBKAC stays vulnerable and is at risk.
PEBKAC does not use layered defense like pre-scanning, browser script blocking (NoScript), and clicks after all that moves on and over the screen.
Still PEBKAC relies on an av solution to protect her fully against 0-day malware, insecure Internet practices, downloading insecurities,
and when PEBKAC is at fault she starts moaning and will blame the av solution for not saving her glorious behind…
All sounds a bit cynical but often this is the truth…
polonus
you can be 100% sure that avast and all the other top dogs are working on this…but there is no easy solution, if there was…!!!
and it should be a soulution that also work for Your grandma and not only computer geeks
Hi craigb,
Sorry, I was thinking at heuristic not HIPS.
Somehow , in removal process , always Malwarebytes is involved or recommended; how come they can do it and Avast! not???
Hi Pondus,
If the user uses the avast updater for OS and third party software that comes with his av solution for free
he is secure against the exploits the malware tries to abuse.
Even using a non-admin account can help, and not clicking the initiating links naturally,
I am on avast! and not infested by this malcode nor any other from those main uri’s only…
Using ABP with a malware site blocking list may also help…
polonus
Malwarebytes doesn’t always help either, it’s always suggested to run as it’s an essentially great tool to help in the cleaning process but if there database doesn’t have the latest variant either then your still in trouble and other tools such as what the Malware guys use need to be used.
MBAM (and AdwCleaner) are used to clear known malware from the system, the new and unknown requires the human eye. By running those two programmes there is less clutter for the analyst to work though