TDSS Prevention

[nozzle]

I've looked for an antivirus that can prevent a TDSS infection and only found cleanup tools AFTER the infection. Is there an antivirus that actually prevents a TDSS infection?

Thanks

[SLE]

First: TDSS is dead. There are no new samples of it itw since a long time.
Second: All AVs should detect exisiting samples and droppers per signature.
Third: Some AVs also proactive detect the methods known TDL samples used in the past. (f.e. EAM, KIS,...)

[nosirrah]

"First: TDSS is dead. There are no new samples of it itw since a long time."

D0C23926925123071B143F717B7ADC7D
24CEA1FD12E4C9C99B6D0779DC923895

These both dropped from exploits this month and were undetected at 0hour. I just rechecked the newest one and it is up to about 40% detected.

ITW you will see MBAM logs containing Trojan.Agent.BRVGen.

Ping me if you want the samples.

[Dark Shadow]

Then look elsewhere.How about adding Sandboxie to your setup or AppGuard or both.

[Chiron]

Quote:

Originally Posted by nozzle

I've looked for an antivirus that can prevent a TDSS infection and only found cleanup tools AFTER the infection. Is there an antivirus that actually prevents a TDSS infection?

Thanks

Comodo Internet Security or Comodo Firewall will protect you. So will many others, as long as they don't rely entirely on detection in order to "protect" the user.

[nozzle]

Thanks Chiron. I'm already using Comodo Firewall and didn't know it had that capability. Learning new things everyday.

Keep safe

[Chiron]

Quote:

Originally Posted by nozzle

Thanks Chiron. I'm already using Comodo Firewall and didn't know it had that capability. Learning new things everyday.

Keep safe

Yes, any files not verified as safe by Comodo analysts will be prevented from harming your system. Thus you are safe from malware whether it is detected as such or not.

Have you already read my guide here?

[nozzle]

Thanks again Chiron for the install manual. Nice and simple "how to" for Comodo Firewall. I followed your instructions and believe I am more secure for doing so.

Stay Safe

[Noob]

Most AV's should be able to detect the old TDSS variants.

[icr]

Run as a limited user

The infection comes from the usual dropper from P2P networks or by warez websites, and it needs admin rights to run its payload. If UAC is OFF(disabled) or the user manually gives admin rights, then TDSS can infect even Windows Vista and Windows 7. This is likely to be the usual scenario, where a user looks for specific cracks,patches,pornography and don't mind if UAC warns him, he gives admin privileges to the wanted file. And finally gets infected.


regards,
icr