I use Avira and Online Armor. I thought I was pretty well protected. But last night I accidentally clicked on some web banner proclaiming that I'd won a prize or whatever and within about 40 seconds I had a virus/trojan that locked me out of task manager, tried to run various processes, turned off Avira and generally buggered up my PC.

How could I have prevented this from happening? Was it because that combination lacks web protection? Would I be better with the free Comodo "suite" which says it has web protection?

Pardon me,how does anyone click on something by accident?Nothing will save a computer from the person operating it!

Crikey...hmmm let me think....maybe you go click in the scroll bar and miss by a couple of pixels?

That isn't the point anyway. The PC is used by my wife and kids who are at some point likely to click on something malicious on a website. My question is protecting the system against such things.

Also protecting systems from benign user action is very much a major part of computer security.

Do you happen to know anything about it that might be useful?

Are you using Avira with Online Armor FREE, by any chance? It sounds like OA FREE....because you didn't have "Web" protection. Here is a link that explains the differences between the paid and the free version of Online Armor, and the Web Shield is only included in the paid:

http://www.tallemu.com/comparisons.html

-{ Quote: " The PC is used by my wife and kids who are at some point likely to click on something malicious on a website." }-

Well in that case I'd suggest that you use Sandboxie with your browser.

You could start by putting your family and yourself on a LUA for each person.

-{ Quote: "Crikey...hmmm let me think....maybe you go click in the scroll bar and miss by a couple of pixels?

That isn't the point anyway. The PC is used by my wife and kids who are at some point likely to click on something malicious on a website. My question is protecting the system against such things.

Also protecting systems from benign user action is very much a major part of computer security.

Do you happen to know anything about it that might be useful?" }-

The best thing is to get an image program (Acronis/ShawdowProtect) and make an image of your computer each night. If malware gets on your ssytem, you simply restore the image that was created before the malware invaded. It is as if it never happened.

Sandboxie or ShadowDefender would have paid for themselves last night instead of all that other stuff. AVs will miss stuff eventually and it is imperative that you have something like the 2 I mentioned.

Of course Neil, you are protected, were you not.

http://www.wilderssecurity.com/showpost.php?p=1302538&postcount=7

-{ Quote: "I use Avira and Online Armor. I thought I was pretty well protected. But last night I accidentally clicked on some web banner proclaiming that I'd won a prize or whatever and within about 40 seconds I had a virus/trojan that locked me out of task manager, tried to run various processes, turned off Avira and generally buggered up my PC.

How could I have prevented this from happening? Was it because that combination lacks web protection? Would I be better with the free Comodo "suite" which says it has web protection?" }-

Do you use Avira Premium? AVs will miss things, but I'm surprised that OA didn't give you a message. If AntiVir didn't detect it, I doubt Comodo AV would have.

-{ Quote: "Do you use Avira Premium? AVs will miss things, but I'm surprised that OA didn't give you a message. If AntiVir didn't detect it, I doubt Comodo AV would have." }-

Sounds like he has OA FREE, which doesn't offer the Web Shield as part of the protection like the paid version: http://www.tallemu.com/comparisons.html

-{ Quote: "Of course Neil, you are protected, were you not.

http://www.wilderssecurity.com/showpost.php?p=1302538&postcount=7" }-

Not sure what you're getting at. Just because some data is on an encrypted drive isn't relevant surely.

Yes I was using free versions for all.

They found the trojan just fine and alerted me but they didn't stop it getting in and causing problems. I've got rid of it now but it took a while.

I'm thinking of going to the free Comodo suite which has AF, firewall and web protection. I do seem to remember Comodo FW being irritating though.

Would adding Threatfire (free) have helped much?

my mistake, I thought you were using Firefox on a virtual drive. Sorry.

-{ Quote: "Yes I was using free versions for all.

They found the trojan just fine and alerted me but they didn't stop it getting in and causing problems.

" }-
With any additional info that it's probably impossible to provide right now ,what you said above doesn't make much sense.Really

-{ Quote: "Yes I was using free versions for all.

They found the trojan just fine and alerted me but they didn't stop it getting in and causing problems. I've got rid of it now but it took a while.

I'm thinking of going to the free Comodo suite which has AF, firewall and web protection. I do seem to remember Comodo FW being irritating though.

Would adding Threatfire (free) have helped much?" }-

I think you should post at the Avira boards, too. Maybe you can talk to them about it getting past AntiVir. I think OA Free has basic HIPS features, but would only alert you to malicious actions - not necessarily stop entry.

Your story makes me think that AV web scanners might be important. Comodo AV doesn't have a web scanner, though.

Yes that's exactly what happened - alerts but only AFTER infection.

Firefox is on a mounted Truecrypt drive but that doesn't offer any protection from such things. I use to to secure the data once the machine is off. Whilst mounted it operates exactly as a normal drive.

-{ Quote: "
Would adding Threatfire (free) have helped much?" }-

TF has a net module, so possibly it could catch a nasty that came down from your browser. Of course no certainty.

Also Comodo has file/folder protection, which again, would make it difficult for the malware to do something without you letting it. Just don't allow your browser to have total file/folder protection access, but only on the directories you download stuff.

As for the firewall part of Comodo, it's not as easy as in OA (where you don't have to do anything), but IMHO it's very well designed.

Hi NeilC, Can you describe in detail what exactly happened step by step? Did u get any alert from OA and you allowed it?

A trojan/ virus bypassed Antivir- that,s OK but it must not bypass OA free for sure. I am much surprized.

C=an you recover the trojan from Antivir,s quarantine, upload it somewhere and PM me the link to get it?

Thanks

-{ Quote: "Yes that's exactly what happened - alerts but only AFTER infection.

Firefox is on a mounted Truecrypt drive but that doesn't offer any protection from such things. I use to to secure the data once the machine is off. Whilst mounted it operates exactly as a normal drive." }-

Well, I admit that in a couple of my tests (I don't do tests as much anymore,) Avira let the malware install but alerted and removed a couple of the malicious files that the install produced.

-{ Quote: "Well in that case I'd suggest that you use Sandboxie with your browser." }-
Yep! Use sandboxie to isolate your browsing from the rest of your system.

I'm not sure about this, but if you had the Noscript extension in Firefox, clicking on the banner should have produced nothing, unless the banner was allowed in the Noscript options.
I use Avast, and the webshield sometimes pops up a warning of an infected page. It works well - for infections that the AV has signatures for. For new threats I would say some kind of browser restriction - like no script - should plug that gap.

-{ Quote: "Would I be better with the free Comodo "suite" which says it has web protection?" }-
Where did you read that Comodo has web protection?
Is there a Web-AV or some sort of NoScript or anything similar?

Another question about OA.
Did you set your browser to RunSafer?
Because most of the malware would be very limited in its actions with this setting.

However, as said before, use anything like Sandboxie and don't waste your time with malware removal because of this fraud and scam sites.

Cheers

You don't remember the URL which caused the initial infection? I would be interested in adding detection for the downloader/installer.

-{ Quote: " I think OA Free has basic HIPS features, but would only alert you to malicious actions - not necessarily stop entry." }-

OA Free should have the full HIPS. I don't know why it wouldn't have stopped this.

To the OP, what version of OA do you have anyway?

-{ Quote: "OA Free should have the full HIPS. I don't know why it wouldn't have stopped this.

To the OP, what version of OA do you have anyway?" }-

There are some features missing in the free OA (like full keylogger protection and run safer default,) but it still should have stopped infection.

Even the free versions of Avira & OA will provide equal or better protection than Comodo (CIS). CIS has a good FW & HIPS, but its antivirus is very weak.

I suggest you stay with Avira & OA and simply add Sandboxie (http://www.sandboxie.com/). That combination will protect your computer to the nth degree.

-{ Quote: "There are some features missing in the free OA (like full keylogger protection and run safer default,) but it still should have stopped infection." }-
Correct. It's strange he said it didn't stop it... ???



-{ Quote: "Even the free versions of Avira & OA will provide equal or better protection than Comodo (CIS). CIS has a good FW & HIPS, but its antivirus is very weak.

I suggest you stay with Avira & OA and simply add Sandboxie (http://www.sandboxie.com/). That combination will protect your computer to the nth degree." }-
Those are my 3 musketeers. :)

-{ Quote: "Even the free versions of Avira & OA will provide equal or better protection than Comodo (CIS). CIS has a good FW & HIPS, but its antivirus is very weak.

I suggest you stay with Avira & OA and simply add Sandboxie (http://www.sandboxie.com/). That combination will protect your computer to the nth degree." }-
Adding Sandboxie or DefenseWall (or both) will be good idea.

-{ Quote: "Even the free versions of Avira & OA will provide equal or better protection than Comodo (CIS). CIS has a good FW & HIPS, but its antivirus is very weak.

I suggest you stay with Avira & OA and simply add Sandboxie (http://www.sandboxie.com/). That combination will protect your computer to the nth degree." }-
That looks like my setup ;)

NeilC,

If you click on something or surf to a compromised site, more than likely it was an known exploit to a software you have installed that has a patch/update. I can't stress enough how important it is to keep your programs updated. Especially programs like Windows, browsers, Java, Flash player, media players, PDF readers, etc... See my signature to a Secunia link where you can get a free online scan to check if your important programs are vulnerable. Don't make it easy for the bad guys :thumb:.

-{ Quote: "Even the free versions of Avira & OA will provide equal or better protection than Comodo (CIS). CIS has a good FW & HIPS, but its antivirus is very weak.

I suggest you stay with Avira & OA and simply add Sandboxie (http://www.sandboxie.com/). That combination will protect your computer to the nth degree." }-

While I do agree Avira is a better AV product than Comodos AV, I have to disagree on the FW and Hips part. I like OA free but I feel Comodos FW and hips is a bit stronger when you enable Proactive config. Maybe the hips part of Comodo would have sent up a warning about the infection but then you need to make the correct choice Allow or Deny.

Ice

I am using Avira premium with Windows firewall. Do you recommend a good firewall?

-{ Quote: " Do you recommend a good firewall?" }-

Online Armor lol ;)

What about ZA PRO ?

i wouldnt use ZA PRO, i even have a license for it, but im not using cuz i found it too heavy for me, and i just prefer the FW im currently using.

OK thanks for the tips.

The virus installed a file called Prunet.exe. It was a devil of thing. I created various DLLs and processes, some invisible to task manager. If I tried to use unlocker to unlock any of them to delete them it shut down windows. It locked me out of most security features and turned off the firewall.

Free version of Avira AntiVir does not protect against adware/malware. It only protects against viruses and trojans.

-{ Quote: "Free version of Avira AntiVir does not protect against adware/malware. It only protects against viruses and trojans." }-
Not exactly, i have free version of Avira and my AV noticed me few times when i open infected sites and give me information about spyware which was there. So sometimes free Avira can warns you from spyware.
But of course i agree Premium version is better in that things. :lurking:

i tested OA for over a year, and it's rock solid protection. if it flags something, it will halt it in it's tracks. smells like someone clicked allow when they should not have. my assesment anyway. going to Comodo is not the answer if one does not take the time to configure it, or read the pop-ups and respond correctly.


Mike

To avoid such things from installing and causing havoc try surfing under limited user account, or install GesWall free.
Or both!
In addition you can try browsing with SRWare Iron if you don't fancy running your favorite browser sandboxed..

-{ Quote: "i tested OA for over a year, and it's rock solid protection. if it flags something, it will halt it in it's tracks. smells like someone clicked allow when they should not have. my assesment anyway. going to Comodo is not the answer if one does not take the time to configure it, or read the pop-ups and respond correctly.


Mike" }-

No that is not the case. Various popups did appear and they were all responded to correctly. OA did stop the infection doing it's worst and blocked various attempts to run files and access the net but it didn't stop it getting in.

Neil,

Since this concerns OA, maybe it would be best to post on their forum and see what they have to say? http://support.tallemu.com/vbforum/

-{ Quote: "No that is not the case. Various popups did appear and they were all responded to correctly. OA did stop the infection doing it's worst and blocked various attempts to run files and access the net but it didn't stop it getting in." }-

okay, you were there and i wasn't, not the first time i have been wrong....my apologies. the boogaloos are indeed getting crafty, when they can escape TallEmus' wonderfully engineered security tool. maybe a trip to "in the clouds" is worth evaluating.


Mike

Online free has partial HIPS features ( http://www.tallemu.com/comparisons.html ) but anyway they had to block and to alert the threat.

-{ Quote: "okay, you were there and i wasn't, not the first time i have been wrong....my apologies. the boogaloos are indeed getting crafty, when they can escape TallEmus' wonderfully engineered security tool. maybe a trip to "in the clouds" is worth evaluating.


Mike" }-

"In the clouds"?

I don't understand?

So are you guys saying that Avira free and OS free together provide 100% protection against all malware as long as the user responds correctly? We don't need any other form of script control, or whatever?

-{ Quote: "So are you guys saying that Avira free and OS free together provide 100% protection against all malware as long as the user responds correctly? We don't need any other form of script control, or whatever?" }-

Actually oa alone with good usage would be more then sufficient.

So why don't you use that instead of F-PROT Antivirus + SpywareBlaster Pro + SUPERAntiSpyware Pro + Prevx Edge 3.0 Antimalware Beta 64
CCleaner

-{ Quote: "So why don't you use that instead of F-PROT Antivirus + SpywareBlaster Pro + SUPERAntiSpyware Pro + Prevx Edge 3.0 Antimalware Beta 64
CCleaner" }-
Maybe because OA doesn't support 64-bit yet. ;)