Solved - Fake AV now detected ;)

This one was picked up from a google image search on a machine running MSE.
Don’t have the image search link, but was kinda hoping avast would detect it…
When I got to the pc it was at the “Run/Don’t run” dialog, so almost installed.

http://www.virustotal.com/file-scan/report.html?id=b626aa9c487ec1fddb823fc73fd37cdcb984272d57e0746d8760494de2c150e8-1307265373

MBAM had it…
Files Infected:
c:\Users\username\Desktop\fastantivirus2011.exe (Malware.Gen) → Quarantined and deleted successfully.

Sent to avast.

Hi spgSCOTT,

The original Romanian malware site is being blocked by the avast Network Shield, so the malware won’t even reach your computer. We are fully being protected. Avast flags FastAntivirus2011.exe as URL:Mall and Action: blocked,

polonus

Yes it is a strong case for the other shields that don’t even get looked at in various naked on-demand scan tests.

Both the web shield and the network shield have more than simple signature detection and they can block the site based on hacked/exploited sites without even needing to know or have a signature to detect what might be at the remote payload site.

Obviously having a signature does make a difference. However, in real life, what would be put down as a missed detection based on only an on-demand scan, is likely to have been blocked using these shields.

I understand that the other shields may have blocked it, but since it wasn’t an avast machine, I don’t know where it came from so I can’t comment on that.

It is now detected however :slight_smile: