"The Beast" trojan: no match for Process Guard

[Wayne - DiamondCS]

We've received quite a few emails overnight in regards to 'The Beast' trojan (a trojan which injects itself in the form of a DLL into other processes such as explorer.exe, allowing it to remain resident inside another process). While a lot of the queries were about disinfection, it seems that not many people are aware that prevention against DLL-injecting trojans is at last easily achievable due to our recent release of Process Guard . Users running the full (multi-process) version (even with just the default configuration) are protected from The Beast trojan -- you can try and run The Beast but it just does nothing due to being unable to inject its DLL (as Process Guard prevents it from obtaining Write access which it requires).

So when it comes to DLL-infecting trojans, you don't have to wait until the thing has infected you - you can prevent the infection from ever happening in the first place simply by installing the full version of Process Guard

(The only reason the free version of Process Guard can't fully protect against The Beast is because The Beast tries to inject into several processes).

[snowbound]

Hi wayne

Iam fairly new to computers and would like to try PG.

Problem is i don't think i would even know how to use it properly.
U said even the default settings will stop the beast.

Are the default settings sufficient to stop most Trojans?




Snowbound

[Wayne - DiamondCS]

Hi snowbound,
Process Guard is a very powerful program "under-the-hood", but it's actually quite easy to use. The first time you start Process Guard full version it'll ask you if you'd like it to automatically add a list of processes to protect - simply press Yes. Your configuration at this stage will then be mostly complete (and The Beast trojan's DLL injection has been rendered useless). All you need to do then is add any other security processes you have (such as your firewall, antivirus, antitrojan, etc). That's all!

It's fairly easy to use and configure and the helpfile should answer most if not all of your questions, but if it doesn't, don't hesitate to ask here

Best regards,
Wayne

[snowbound]

Thank u wayne

I appreciate u taking the time to address my question.

I will most certainly try PG.

Another great product by DCS


Congratulations


Snowbound

[Peter2150]

Hi Wayne

Besides the defaults, and security programs, is there a reason to protect any other types of programs, and what types would they be.

[Jason_DiamondCS]

You should protect basically every program that starts up by default on your PC. This way if a trojan enumerates all processes on your system all the main ones will be blocked, typically the programs which stay active the whole time.

Another way is to protect every program you run, this is the safer approach but takes a little bit of time to set up. It is very simple though, it only takes 2 clicks to add a program to be protected. Once it is added there is no more work required.

-Jason-

[Gavin - DiamondCS]

Another thing I recommend is adding processes that are in your firewall ruleset. This can help a lot when you think about it

Most wont need terminate protection but adding it (default protection) is not a bad thing at all.