Last night while surfing the web my pc began grinding as if loading something large. shortly after this everything went back to normal. After about 5 minutes i received a popup in the form of a rogue antivirus tell me i had all kinds of infections and blocking me from running anything. Now here is the astounded part. I had updated my avast about 20 minutes before all this happended and the rogue virus did NOT disable avast, however avast did NOTHING. I checked my systray and avast was running as normal so i opened it, selected to run a scan and waited. After a while i was notified that my system was clean of any infections and was secured! Next i selected an at-boot scan option, restarted and allowed it to scan my pc, once again no infections found. Booted back to my desktop and was greeting with the same rogue antivirus along with a notification that avast has updated again but still did not detect anything at all. Ive used avast for over 6 months now and so far never had any issues but then again never had any virus’s attempt to install either. As a note i do not use facebook or myspace and im running mozilla 3.5.11. Up until this point i was a major fan of the avast free and was considering purchasing the pro version, i have also recommended avast to several people as i am a pc tech for a major retailer in america. If avast would have at least detected and attempted to remove it or block it from installing i would feel better but this is not the case. As bad as i hate to say it i am removing avast from all my pc’s and returning to norton internet security 2011. Hope to see some improvements in the future.
Well, I wasn’t trying to be an ass, but judging by his post, it looks like he came here to gripe and leave so I didn’t help him.
I also didn’t see any part of his post where he asked for help either.
I just assume this is just another user that thinks that an Antivirus will be able to catch every single piece of bad code ever written EVER and not have a single fault.
I might just be having a bad day though… so I apologize for my rudeness, and thank you Scott for actually attempting to help.
Hundreds, maybe thousands, of new malware and variants are released every week.
The rogue antivirus scam is a multi-million dollar business.
Any antivirus will let an undetected one through, sooner or later. That includes Avast, as you’ve found out. It also includes Norton.
The correct action would be to try and locate the malicious files concerned (as many as you have the knowledge to find) and add them to the chest, right click on each, and submit to Avast. This would be done on the next database update.
Tools that have a good reputation for removing rogues include MBAM and Superantispyware. Both have a free version.
Oh I don’t know about that…Hit and Run without attempting to help the community with whatever information a person can provide does’nt help anyone :-
Also Anti virus programs have bad days just like people ;D lol Just to clear I was speaking about the original post.
I had an experience like this two years ago but I stuck with Avast.
Doesn’t the AV typically use heuristics or some kind or behavior analysis?
They state that they do, but these things still get in.
Seems a bit like airport security, responding and checking for yesterdays threat.
kyoten3 I don’t recommend you to return to NIS. CIS (comodo internet security) will give you good protection if you know how to configure it. I think KIS, Bullguard as well as Eset Smart Security are good and cost less besides KIS.
You can also use combos like Avast and OnlineArmor or any a like.
None Anti-virus is perfect and just for 1 rogue, you change the anti-virus? That’s shows the leak of confidence you have in your protection…
Anyways… and cause I’m a fair person, here’s something to remove rogue programs for your computer: http://www.bleepingcomputer.com/virus-removal/
just so everyone knows im not saying norton is the king of all, actually im not a fan of corporate software that is feed to everyone out there. As for the virus it was Pc security essentials according to malware bytes and was a varient of trojan vundo. I understand that no antivirus is going to catch a virus that is 2 hours old but this virus has been around for at least a couple of months (this version of it anyway). Don’t get me wrong avast has caught some dialers attempting to install when ive been surfing some sites i shouldn’t have (not porn though just some cough free software, trial only of course and yes you are correct i should have posted for help and reported back so avast techs could include this in there database. I guess I felt safe with avast and when it all happened I just felt let down. I did remove avast from my laptop ( the pc in question here) and install NIS 2011 but still have avast on both my desktops. Im gonna run them like this for a while and see where they go with avast, hopefully they just overlooked this one and can fix it in the next release. I know that most people hate norton but the newer version isnt as bad as it used to be and it does seem to stop most of these fake av’s. The retailer i work for provides us free copies (legally through training on the norton zone) but ive not used them in 4 years and dont really want to start. Anyway ill stick with it for now on my desktop pc’s and see where it goes.
I got a variant of vundo two years ago as I mentioned. As you experienced,
Avast was running normally. It was neither disabled nor did it detect the virus.
A symptom was the screen started to flash every couple of seconds. I couldn’t do anything.
I rebooted and Windows Defender detected something, notified me it was taking some corrective
action and asked me to reboot. After the reboot, the system was stable enough that I could manually
cleanup the system.
I still don’t know whether Windows Defender recognized it by pattern recognition, or whether it was
through behavior analysis. Since that day, I have left WD real time monitoring ON, although
further incidents have not occurred.
Well I know for a fact that Norton IS 2011 let a FAKE antivirus (Cyber Security) install on my moms computer and all she does is play her card games and check email.
Take security software that has HIPS-technology, Avast with OnlineArmor (in case you don’t want to try CIS) will give you at least same protection as NIS2011 (NIS has HIPS but auto-HIPS which mean that NIS will take decisions instead of you) if not even better.
Many find CIS, by default settings, very annoying; it asks you, at the same time as it gives you hints which decision you should take, if you want to allow/block or sandbox. But many don’t understand why. Well… the reason why CIS asks is because it trusts the users decisions.
Im gonna run them like this for a while and see where they go with avast, hopefully they just overlooked this one and can fix it in the next release.
If you really wanted to, you could try to find the files that were downloaded on your computer (the actual virus or malware, whatever it was) and submit it to avast to help improve detections.
That would help you, and anyone else that possibly comes across it.
By the way, Malwarebytes is a great free tool to help catch the “extras” that A/V products don’t.
I believe that malware bytes deleted the files in question. i know it was a odd file name that was residing in the app data/temp folder something like fekiuilwi343et.exe also there was a registry key as well. I’m not sure if malware bytes saves the log of the scan but if so or if there is a way i can get the info just tell me and ill do it. I hate these things, at my job we make around 4-5k each week just on virus removal and 99% of it is rogue antivirus’s. My biggest problem is that i don’t know how i got it. I’ve been in computers for years and worked directly as a tech for 3 years now so i know what to watch out for or at least thought i did. I’ve managed to keep my wifes pc clean for over a year and she is a major facebook user and I get the rogue using google, lol just very frustrating. Anyway if there is a way i can get info that would be useful let me know
Malwarebytes by default puts everything it removes in a quarantine. A log is also saved under the “Application Settings\Data” folder or somewhere around there for the user that ran the scan.
You could examine what the file names were by looking at the log, and you could restore the files to send them to avast if you wanted to give some help to the community.
