As many can relate, I personally have also been a victim to this malicious procedure performed by hackers. The typical scenario is that one clicks on a promising website and then within milliseconds a file is automatically downloaded and displayed on the bottom of your screen. This can either be fortunate or unfortunate. The fact that it shows on the bottom of my screen (with a loading icon) gives me about five seconds to cancel the download which is just enough time. Does cancelling the download in time prevent the malware from infecting my computer? Or has it already been too late?
I guess that "it shows on the bottom of my screen (with a loading icon)" means at the bottom of your browser? If your browser is downloading a file then it probably means that you would have to run or open it to get infected. If that's the case I would just stop the download, close browser and delete browser cache. You can also use some on-demand scanners for your peace of mind. A poll with a list of on demand scanner can be found here: https://www.wilderssecurity.com/thr...ers-do-you-use-please-list-your-votes.379874/ EDIT: also make sure to update your OS and apps to prevent drive-bys that exploit vulnerabilities.
You can stop the download assuming you have enough time. I think malware file size are typically small.
Even if the file is malicious, it can not infect or harm your system until you actually open it. When it's just sitting in your downloads folder, it will be harmless and you can just delete it.
Quote from OP: "The fact that it shows on the bottom of my screen (with a loading icon) gives me about five seconds to cancel the download which is just enough time."
It is possible to be infected by an exploit, just by visiting an infected website. But I believe that if a website actually downloads a file normally, you would need to open that file to get infected. I could be wrong.
I know I've seen either Norton or Malwarebytes block either, "Known attack signature", or "Trojan" on my machines at different times, which makes me question the OP's antivirus, or other PC security.
No antivirus will detect all threats, so no matter what security software you use, some malware will be undetected. Also, if he was to actually open the infected file, then maybe his antivirus would detect and block suspicious behaviour.
Roger, I never said any one AV would detect all threats. My example above from multiple times just by clicking a link to a website, not even getting there, and certainly not downloading anything at all. That is a layer above detecting threats that have been downloaded. Anyway, I'll leave this thread to the more knowledgeable members. Cheers.
Also no expert here. But, would not a virtualization software such as Sandboxie, Shadow Defender or the old Powershadow for XP prevent permanent damage? These have worked for me on win 7 and XP, but I'm not sure how widely effective they are. If used with a file backup regimen, wouldn't they protect us?
Shadow Defender and Powershadow would prevent the infection from being persistent, since all changes to your drive would be removed each time you reboot, but it would not protect you at all during the time you are infected before rebooting. So if you where doing some online shopping, etc.. while infected before rebooting, the hacker could still obtain your debit card information or other payment information if the malware had that capability. Sandboxie is different since it does use some policy protection and other protection mechanisms (hooking, etc.) you can enable to prevent malware from installing or limit what the malware is able to do in the sandbox. Some of those protections have to be enabled by the user since they do not come enabled by default. I haven't used Sandboxie much so you would need to ask someone else for configuration advise. I have heard that malware running inside Sandboxie's sandbox can still connect out to the internet with default settings. If you use Sandboxie then ask some of die hard users here on configuration advise. Sandboxie is also different since it only virtualizes a certain portion of your hard drive that is being used by a vulnerable app, when Shadow Defender on the other hand virtualizes your entire drive. With Sandboxie you need to empty your Sandbox to prevent persistence, and with Shadow Defender you need to reboot. So, in my opinion, Shadow Defender which offers system wide virtualization (not exactly how it works, but the easiest description for most to understand; it is system wide though) is more full proof in making sure malware does not remain persistent once you have rebooted, but offers no protection at all until you reboot. On the other hand, Sandboxie which virtualizes only a certain portion of your hard drive which is being used by a vulnerable application, provides actual protection to not allow the infection to occur to begin with, especially when the user enables additional security settings in Sandboxie's settings.
Good explanation. Thank you. It seems that if one also had a real time antivirus and an effective firewall running, the damage would be much limited? I once clicked on a harmless looking news link with Powershadow running. Without warning the XP computer rebooted. It was not configured to do so. When it came back, every change made while shadowed was gone. Including the active 'net connection. I have always assumed that some malware had tried to install & reboot. When I went back to the site, that news link was gone. Don't mean to hijack this topic, but that seems similar to Omar Owens description, except that here the download restarted the computer, maybe to install itself. Fwiw, the bad actor got past the AV, the firewall, and Sandboxie.
