Yes I got infected!

My set up when I got infected:
- MBAM Pro Real Time File System protection
- EMET 3.5
- FF + NS + ABP

My current set up:
- MBAM Pro
- EMET 3.5
- FF + NS + ABP
- FortiClient Antivirus

FortiClient AV found:
"Malware: W32/Hamweq.AQ!tr found in D:\RESTORE"
"Malware: W32/Injector.VOX!tr found in D:\RECYCLER"
"Malare: INF/AutoRun!tr found in d:\autorun.in by realtime scan"

Drive D is my USB. I used it to connect to a computer at a local hospital where I was giving a presentation. Drive D doesn't have a write protection.

 

Just one thought as I don't know that FortiClient thing:

Not every "found malware!" is really malware found. - AV scanning to me in the last years only brought up false positives! (And I used different products). - So make sure this is real and no false alarm by checking that stuff with VirusTotal and other scanners before you decide anything. My advise.

 

Hmmm. Good point. I did delete those files already. So now it makes me wonder if these were false positives. I will keep your advice in mind for the next time.

 

Is this cheering in your topic title?

 

Well I do like playing the cat and mouse game. And I learned something new.

 

Did Forticlient find the malware? MBAM?

 

+1
Which AV found the viruses?
Were you running MBAM with realtime protection?

 

Was running MBAM Pro meaning the real time protection was on. FortiClient found the virus on realtime without any kind of scanning. Then on demand scan it found 2 more.

 

FPs are always possible, but there are also situations whereby leftovers from past infections (malware no longer active) are picked up by over sensitive scanners. It happened to me when testing Emisoft on a computer which had been infected and cleaned.

 

And hospitals are supposed to be sterile! Hospital borne infections are becoming all too common these days!

(Sorry; it had to be said )

 

Unless you're using XP or unpatched Vista I doubt those autorun infections will get a chance to activate themself on your Win7 machine. Maybe that's why your old setup just ignored those (your USB device is infected and may act as a medium to infect old systems, but your machine is safe).

 

Does MBAM realtime automatically scan usb devices when they are plugged in? Also, if these 'malware' had not executed would MBAM scan them? For some reason I was thinking MBAM realtime only scanned on execution. So if these were autorun and not executed, MBAM realtime would have ignored them unless there was an on-demand scan of the usb?

 

Perhaps you should inform the hospital that they are probably infected

 

The fact that he got a usb plugged onto their computer makes me think that's the last thing they should be worried about. Who's managing their network?

 

This is why all my drives have a physical write-protect switch. Remember, always use a condom.

I use Kanguru drives but there are other alternatives out there.

 

Especially in a hospital

Thanks guys. Yes I do run windows 7, I have autorun disabled in my settings as well. Perhaps this was the reason that MBAM Pro didn't detect it.

As for the computer. It was another doctors laptop (chairman of the department). It might have been his private computer running XP Pro. I don't know if it had any kind of antivirus on it but the guy didn't seem to know much about computers in the first place. Yes perhaps I should shoot him an email that his laptop is infected.

 

That's what I've been doing for years and it has not failed me once. If your PC is working well and is not showing any signs of being compromised. Assume it's a false positive and double and triple check it before you delete anything.

Also some scanners will flag cookies and PUP, potentially unwanted programs. PUP's are not malware when you install the program yourself.

 

Go to nearest hospital ASAP !

 

Probably some nitwit
Though it could also be that they have disabled autorun completely and got infected trough other means with a virus that also spreads via USB drives which then infected jo3blac1's one.

 

Next time you could upload to:

https://www.virustotal.com/

or

http://virscan.org/

for confirmation.

 

You should be better protected with Forticlient up and running.

 

Forticlient is enterprise level security. Generally it's the software engine used on enterprise security appliances. Very strong, and reliable.

I've used enterprise filtering for years in the home. Currently I use Trend on my $1200 Juniper router I bought got $50 from a business that was upgrading, it provides an additional, front line defense, and you don't really need to go all crazy with installing stuff because of a good enterprise solution. Consumer routers are hideous.

Fortinet is well known in the SOHO/Enterprise markets, and is known to be very good.

 

Hopefully they won't change it into bloatware over time. The only reason I kept it was because it feels very light on my laptop.

 

So were they false-positives or real?

 

MBAM is not an AV replacement.