avast

[STONEMAN]

today i was looking for kurt wenner 3D street artist in google images when i was hit with one of those fake you have a virus pages, i wasnt really bothered as i was using shadow defender an sandboxie, i downloaded the prompted file to a sandboxed folder to see what is was, it was named bestantivirus2011.exe,
anyhow i rebooted my pc and installed avast free and did the same search as before in shadow mode with sandboxie on as usall but didnt get a peep from avast, should avast have blocked this threat? im a little curious thats all
cheers

[doktornotor]

Now go, install another 40 or so other AVs (with same virus definitions from the same time as you tested with avast) and tell us how many missed it - so that your test at least says something relevant.

[STONEMAN]

was not ment to be a put down of avast at all,i havent used an anti virus for a while and was just curious.yeap maybe i shouldnt have used just one av as an example,maybe a naive post on my behalf

[doktornotor]

Rogue antimalware apps are being missed all the time by all AVs. Simply way too many of them changing all too often to evade detection. Antiviruses are not a magic security solution for everything, they are reactive.

[STONEMAN]

very true,this i why i personally prefer the set up in my sig,it suits my needs
perfectly.cheers

[Duradel]

If you use Clear Cloud DNS or Norton DNS you'll have a greatly reduced chance of being hit by those wacky pages.

Avast is pretty good detection wise but no AV is perfect which is why having software like shadow defender and sandboxie in addition to AV is great.

[RejZoR]

Fake AV's are quite problematic actually so every program will have some problems with it.

[PJC]

Quote:

Originally Posted by RejZoR

Fake AV's are quite problematic actually...

Yes, indeed.

[Page42]

Quote:

Originally Posted by STONEMAN

should avast have blocked this threat?

Yes. It should have. And so should other AVs. But as has been already noted, many don't. Vigilance is your friend.

[STONEMAN]

with my setup im reasonably safe but just for that extra layer will be now
using ClearCloud DNS thanks to Duradels advice.funny thing is i could have picked any anti virus but avast was the first one that sprang to mind,
oh well

[kjdemuth]

I've also found that MBAM is very good at detecting fake AV's. Running it realtime will help a lot.

[WilliamP]

I have helped several people that got infested with that bogus AV. It can really mess up a system. I may be wrong ,but I believe if you click on it you are in trouble.

[STONEMAN]

i do have a lot of confidence in sandboxie and shadow defender so i wasnt
that bothered just curious,i know nothings 100% but i do have great faith in those programs.i very rarely download any thing,but if i do, i have a folder which is sandboxed with all restrictions and use several ondemand scanners.
this suits my needs,cheers

[zfactor]

Quote:

Originally Posted by kjdemuth

I've also found that MBAM is very good at detecting fake AV's. Running it realtime will help a lot.

mbam is probably THE best thing out there for fake or rouge av's hands down. as noted by many most if not all av's will miss these sometimes. its very rare mbam will miss them yes it can happen but usually with the newest defs mbam can remove almost every one of these.

[yongsua]

Quote:

Originally Posted by zfactor

mbam is probably THE best thing out there for fake or rouge av's hands down. as noted by many most if not all av's will miss these sometimes. its very rare mbam will miss them yes it can happen but usually with the newest defs mbam can remove almost every one of these.

Agree.That's why Bleeping Computer keep advising user to use MBAM to scan those nasty roguwares during the cleaning procedure.When someone infected with Rogueware,I always recommend the cleaning guides from Bleeping computer and found that almost every cleaning procedures need MBAM.

[dw426]

Here's some knowledge to help for the next time this happens: If you're surfing the web and something pops up telling you that you're infected or that your computer has problems to fix...and the name of the AV/AM/Firewall isn't anywhere in that pop-up, it's fake. A couple of other things, don't ever download any prompted files from these things. When confronted with such a prompt, the very best thing to do is to click the "X", to close it. You can't rely on the "No" option, as it may very well be a second "Yes" button (seen it happen many times). Also, the name of that file should throw up a red flag. No serious vendor names their products such things as "bestantivirus2011". Always look at the name of the supposed AV/whatever program. Legitimate icons for well known programs are used in these things, but the name almost always gives it away.

If you do the above things, and always stick to well-known vendors like Avast, Norton, Avira and so on, you won't have to worry about these fake programs, whether your current antivirus/antispyware program detects them or not.

[Cloud]

Quote:

Originally Posted by dw426

...and always stick to well-known vendors like Avast, Norton, Avira and so on, you won't have to worry about these fake programs, whether your current antivirus/antispyware program detects them or not.

Not 100% true. There is a fake Kaspersky browser alert page, it looks very much like the alert you get when Kaspersky blocks a malicious webpage.

[Page42]

Yes, and there was a widely-reported incident of fake websites having a look and feel very similar to the Avira website... http://www.avira.com/en/press-detail...+imitate+avira

[TonyW]

dw246 raises some good suggestions, and it's a learning curve we should be trying to teach users out there. It's good to be protected via a layered approach, but with a bit of commonsense and knowledge, we should be able to minimise the risk somewhat.

[TheKid7]

Quote:

Originally Posted by dw426

When confronted with such a prompt, the very best thing to do is to click the "X", to close it. You can't rely on the "No" option, as it may very well be a second "Yes" button (seen it happen many times).

Would it be better to use the "Alt" plus "F4"?

http://www.wilderssecurity.com/showp...88&postcount=2

[STONEMAN]

the thing is when this happened i knew it was fake as i had cleaned the antivirus2010 off a friends computer last year, and it gave a similar fake antivirus scan page.i was just curious but not worried i only had to close sandboxie and reboot shadow defender for safe measure,i do surf the more mature side of the web every so often but have never had this happen before,thats why the curiosity,cheers

[Miyagi]

Well in my case, aVast stopped one of those thousand fake AVs with its webshield couple of days ago. Overall, it's a great protection and appreciate them for providing it free and vlk is always chiming which I truly appreciate.

[dw426]

Quote:

Originally Posted by Page42

Yes, and there was a widely-reported incident of fake websites having a look and feel very similar to the Avira website... http://www.avira.com/en/press-detail...+imitate+avira

I wouldn't post that as a clickable link, Page. Avast threw a fit and blocked a trojan.

[dw426]

Quote:

Originally Posted by TheKid7

Would it be better to use the "Alt" plus "F4"?

http://www.wilderssecurity.com/showp...88&postcount=2

Good point, though I've not yet run into a pop-up that the "X" didn't solve. In Sandboxie, it's as easy as terminating all processes

P.S, stare at enough various alert boxes and you spot subtle differences (please keep in mind I'm going on my own experience here), and I've yet to find a phishing website that didn't have something "off" about the URL. Another very easy way to avoid this issue is to simply bookmark the official websites of the various security vendors. You can easily just create an extra bookmark folder and keep them there. It hurts nothing, and you'll always have their correct address.

[Page42]

Quote:

Originally Posted by dw426

I wouldn't post that as a clickable link, Page. Avast threw a fit and blocked a trojan.

But it's a news release from Avira...