Is Avast actually working on this Win7 2012 virus?

Hello, I just got the increasingly popular “2012 antivirus” malware from a seemingly normal website. Avast Pro was defenseless. :cry:

After running a search, I see this link posted in several threads:

My issue is that customers have been reporting this virus since June, and we’re still being hit in December. Removal instructions are nice, but I have a pro license for the sole purpose of NOT having to jump through hoops to remove malware. So far, this seems to be the only solution to the Win 7 2012 virus.

If I reformat my computer and install Avast again, I feel like there’s nothing stopping me from getting the virus all over. How do I prevent it? When will Avast updates resolve this?

Thanks

Norton DNS blocks malware, have you tried it? It’s free.

https://dns.norton.com/dnsweb/homePage.do

no I haven’t. I thought that’s what Avast’s real time shield was for. It’s always worked for me until now.

Do you run both simultaneously or have you replaced Avast with Norton DNS?

I have Norton DNS configured in my router, it can be configured in your computer.

Configured in your router will protects all your computers in your home network.

To protect your laptops away from home configure Norton DNS also in the laptops.

Many find Norton DNS faster than other DNS services.

Additionlly, a good free software firewall will help defend your system.

http://www.online-armor.com/products-online-armor-free.php

And you might get hit in February, or even next year sometime. The thing is, these things often change their signature, some every downloaded copy is different. Its simply too fast to keep up with for any of the AV vendors. Thats why you try different layers of security, rdmaloyjr has given you a couple of good suggestions in that regard…were you sandboxed when this happened? (I’m betting no) That is basically the main reason to get Avast! Pro, and when I got hit by a fake AV that Avast! didn’t detect, the sandbox kept it nice and isolated.

Anyway, this is always going to make the AV companies look bad because everyone defines the malware by the title it presents to you once it is running (in this case, Win7 2012 AV) but that is not how detecting works for an AV. Not presenting this as some excuse, simply an explanation.

Fake antivirus overwhelming scanners
http://www.networkworld.com/news/2009/100209-fake-antivirus-overwhelming.html

Yes, you run both simultaneously.

I really don’t beleive using OpenDNS, Norton DNS, Comodo DNS, or any other DNS will guaranty that you won’t be infected by a rouge.

Most rouges get installed via phishing. You open an e-mail, click on a web page link, etc. Bottom line, you unwittingly invited them in. Ensure your browser anti-phishing filter is turned on! In IE8 for example, when you start your browser the anti-phishing filter is turned off by default. You have to manually turn it on. There is a simple registry hack you can do to ensure it is set on at browser startup. Not sure if it turns on by default in IE9.

Most rouges will install bogus IP/URLs in your lmhosts file. Various methods of locking down the lmhosts file will give you at least partial protection.

Consider using simple web site blockers like SpywareBlaster that will preload restricted web sites in your browser and set your activeX settings securely.

You might want to consider purchasing MBAM Professional. It runs in real time and is shown in recent tests to be almost 100% effective at blocking rouges. It costs $15 - $25 US depending where you buy it from and comes with a lifetime license. That is you pay once and get updates forever. I also believe you can install it on two resident PCs without violating your license terms. Aside from uninstalling Avast and buying another anti-malware solution more effective against rouges with it’s annual licensing fees, MBAM Pro is the cheapest solution I know of.

Really, is Avast working on Win7 AV virus? XD I just got attacked for the second time in a 2 day difference. That virus is everywhere! I even had a post but there seems that more and more people keep posting XD. I think I might even still have the virus on the computer IDK! I got it for a second time, SECOND TIME! All I do is Hardboot, Restore to about a month ago. Done.

I got it for a second time, SECOND TIME! All I do is Hardboot, Restore to about a month ago. Done.

Let Tech know. He needs encouragement that system restore works without hosing Avast :frowning:

System Restore is not an effective means of removing malware.

System Restore is not an effective means of removing malware.

+1

From many places I got the news that Really, is Avast working on Win7 AV virus
http://imagicon.info/cat/5-64/vbulletin-smile.gif

Most rouges get installed via phishing. You open an e-mail, click on a web page link, etc. Bottom line, you unwittingly invited them in. Ensure your browser anti-phishing filter is turned on! In IE8 for example, when you start your browser the anti-phishing filter is turned off by default. You have to manually turn it on. There is a simple registry hack you can do to ensure it is set on at browser startup. Not sure if it turns on by default in IE9. You might want to consider purchasing MBAM Professional. It runs in real time and is shown in recent tests to be almost 100% effective at blocking rouges. It costs $15 - $25 US depending where you buy it from and comes with a lifetime license.

Quite correct DonZ63.

Essentially, these programs are often user installed, albeit unwittingly, most of the time. The key is to prevent these programs from installing or appearing in your computer in the first place. Innocent or inexperienced users may click the scan button, without thinking, when these programs appear, and thus give these program permission to run and execute.

I have yet to hear if UAC is useful in mitigating or even able to abort unwanted installation(s) in Vista or Win7. Are users bypassing this security function when a rogue appears? Or does the program self-install w/o user interaction or causation?

For what it is worth, I run Sandboxie 3.62 when I run my browser, so, hopefully if I happen to encounter a rogue program, all I have to do is close my browser, and delete the contents of my sandbox, and I am done. Restarting the browser inside Sandboxie should bring the browser back restored and unaffected by the earlier attack. Yeah, I know running Sandboxie slows the browser down somewhat, especially when first opening the browser, but once the necessary folders and files are loaded into Sandboxie, browser response is minimally impacted. Avast! has a similar sandbox, so that should work as well. I simply prefer to run whatever program in a separate sandbox when I have that program out there in the 'net, something Avast! does not seem to offer as an option.

Really, the only sure way to protect your system is to either not go on the internet (most cases) or run your OS as a virtual system if you do.

But virtual costs $$$ and requires tech savvy many do not have.

Polonus does, but he works hard at finding unknown malware. That is why he needs it.

Short of that, MBAM is the way to go. ;D

This is the second time this has happened in recent days.

I open this thread and I get an IP block on 87.118.92.88 from MBAM Pro. Note this has only occured on two separate threads in this forum, not every posting.

Avast what is going on with this forum?

I do a well!

@mchain
As you are running XP Home Edition you have no clue about UAC!

MBAM’s IP block is, by it very design, prone to FPs.

Url associated with 87.118.92.88 is ns.km20323-04.keymachine.de.

Does look like it’s associated with scamming.

Oh my! Are we getting scammed by the anti-scammers? :o

MBAM's IP block is, by it very design, prone to FPs.

I will check it out with MBAM and post back.