I’m a free user so you get what you pay for, but it’s sad that this Trojan goes totally undetected by Avast. My son clicked on a bad site by mistake and it totally took over and locked down normal processes like task manager and added proxy servers to IE and Firefox rendering them nearly useless and flashing porn sites, etc. Here are the registry keys it downloaded:
Interestingly, I was able to start in safe mode and run a full scan with Avast and it detected nothing. SUPERAntiSpyware picked it up in a safe mode scan, but could not terminate the process or quarantine the Trojan.
The only way I found it possible to rid my computer of the malicious Trojan was to: A) kill certain processes with HijackThis; and B) run MalwareBytes which found the keys above listing the first two as Rogue.AntivirusSuite and the last two as Trojan.Fraudpack.
Good luck with this one if you get infected - you will spend a few hours trying to remove it and most likely will have to download HijackThis and rename it in order to find the suspicious processes and kill them before running MBAM.
I will ask my son to show me what he clicked on and post the link later today if possible. I know it’s impossible to detect every single threat, and still think Avast is the best by far, but this one’s been hiding out there for a while and I hope for the sake of others they find a way to lock it down.
I don’t know what to think honestly, can’t tell if all AVs are equally useless against rogue or not…thing is as said it’s been reported so many times now that Avast didn’t stop a rogue install…and to some extent, this is almost understandable as there’s “just” another software install process going on…but what I don’t get is why nothing’s detected by Avast when the rogue’s already installed and the system is over infected with trojans…
Were avast services disabled by the infection on your son’s computer?
adding: it’s not just a matter of being able to detect every single threat, Avast seems completely unable to detect any rogue… (I haven’t experienced that personally, just read reports).
I wonder if “mode of transport” may be a factor here. I suspect it’s riding in a Java applet, since
just prior to the event I noticed a series of little coffee-cup icons (java) marching leftward
along the taskbar…first one, then two, then three, etc. all by themselves and I hadn’t even clicked on anything.
Don’t know for sure, but I suspect an innocent-looking javascript may be providing cover for this thing, perhaps unintentionally, lurking in an ad or display on an otherwise OK website.
Thanks for the feedback. I don’t believe this Trojan disabled Avast, and I will check for rootkits. The best we could do to narrow down where this bug came from was somewhere within the following website’s pics:
Can’t be sure which one he clicked on, but it happened immediately following the click whereby it linked to some sort of porn site. Sorry i couldn’t be more helpful with the exact website.