avast

Discussion in 'other anti-virus software' started by STONEMAN, Apr 11, 2011.

Thread Status:
Not open for further replies.
  1. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    today i was looking for kurt wenner 3D street artist in google images when i was hit with one of those fake you have a virus pages, i wasnt really bothered as i was using shadow defender an sandboxie, i downloaded the prompted file to a sandboxed folder to see what is was, it was named bestantivirus2011.exe,
    anyhow i rebooted my pc and installed avast free and did the same search as before in shadow mode with sandboxie on as usall but didnt get a peep from avast, should avast have blocked this threat? im a little curious thats all
    cheers :)
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Now go, install another 40 or so other AVs (with same virus definitions from the same time as you tested with avast) and tell us how many missed it - so that your test at least says something relevant. :p
     
  3. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    was not ment to be a put down of avast at all,i havent used an anti virus for a while and was just curious.yeap maybe i shouldnt have used just one av as an example,maybe a naive post on my behalf:(
     
  4. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Rogue antimalware apps are being missed all the time by all AVs. Simply way too many of them changing all too often to evade detection. Antiviruses are not a magic security solution for everything, they are reactive.
     
  5. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    very true,this i why i personally prefer the set up in my sig,it suits my needs
    perfectly.cheers
     
  6. Duradel

    Duradel Registered Member

    Joined:
    Nov 26, 2010
    Posts:
    363
    Location:
    Melbourne, Australia
    If you use Clear Cloud DNS or Norton DNS you'll have a greatly reduced chance of being hit by those wacky pages.

    Avast is pretty good detection wise but no AV is perfect which is why having software like shadow defender and sandboxie in addition to AV is great.
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Fake AV's are quite problematic actually so every program will have some problems with it.
     
  8. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Yes, indeed.
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Yes. It should have. And so should other AVs. But as has been already noted, many don't. Vigilance is your friend.
     
  10. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    with my setup im reasonably safe but just for that extra layer will be now
    using ClearCloud DNS thanks to Duradels advice.funny thing is i could have picked any anti virus but avast was the first one that sprang to mind,
    oh well :)
     
  11. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I've also found that MBAM is very good at detecting fake AV's. Running it realtime will help a lot.
     
  12. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have helped several people that got infested with that bogus AV. It can really mess up a system. I may be wrong ,but I believe if you click on it you are in trouble.
     
  13. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    i do have a lot of confidence in sandboxie and shadow defender so i wasnt
    that bothered just curious,i know nothings 100% but i do have great faith in those programs.i very rarely download any thing,but if i do, i have a folder which is sandboxed with all restrictions and use several ondemand scanners.
    this suits my needs,cheers
     
  14. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r

    mbam is probably THE best thing out there for fake or rouge av's hands down. as noted by many most if not all av's will miss these sometimes. its very rare mbam will miss them yes it can happen but usually with the newest defs mbam can remove almost every one of these.
     
  15. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia

    Agree.That's why Bleeping Computer keep advising user to use MBAM to scan those nasty roguwares during the cleaning procedure.When someone infected with Rogueware,I always recommend the cleaning guides from Bleeping computer and found that almost every cleaning procedures need MBAM.
     
    Last edited: Apr 11, 2011
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Here's some knowledge to help for the next time this happens: If you're surfing the web and something pops up telling you that you're infected or that your computer has problems to fix...and the name of the AV/AM/Firewall isn't anywhere in that pop-up, it's fake. A couple of other things, don't ever download any prompted files from these things. When confronted with such a prompt, the very best thing to do is to click the "X", to close it. You can't rely on the "No" option, as it may very well be a second "Yes" button (seen it happen many times). Also, the name of that file should throw up a red flag. No serious vendor names their products such things as "bestantivirus2011". Always look at the name of the supposed AV/whatever program. Legitimate icons for well known programs are used in these things, but the name almost always gives it away.

    If you do the above things, and always stick to well-known vendors like Avast, Norton, Avira and so on, you won't have to worry about these fake programs, whether your current antivirus/antispyware program detects them or not.
     
  17. Cloud

    Cloud Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    1,030
    Location:
    United States
    Not 100% true. There is a fake Kaspersky browser alert page, it looks very much like the alert you get when Kaspersky blocks a malicious webpage.
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
  19. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    dw246 raises some good suggestions, and it's a learning curve we should be trying to teach users out there. It's good to be protected via a layered approach, but with a bit of commonsense and knowledge, we should be able to minimise the risk somewhat.
     
  20. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Would it be better to use the "Alt" plus "F4"?

    https://www.wilderssecurity.com/showpost.php?p=1856288&postcount=2
     
  21. STONEMAN

    STONEMAN Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    98
    Location:
    London,South Of The River
    the thing is when this happened i knew it was fake as i had cleaned the antivirus2010 off a friends computer last year, and it gave a similar fake antivirus scan page.i was just curious but not worried i only had to close sandboxie and reboot shadow defender for safe measure,i do surf the more mature side of the web every so often but have never had this happen before,thats why the curiosity,cheers
     
  22. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Well in my case, aVast stopped one of those thousand fake AVs with its webshield couple of days ago. Overall, it's a great protection and appreciate them for providing it free and vlk is always chiming which I truly appreciate. :)
     
  23. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
  24. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Good point, though I've not yet run into a pop-up that the "X" didn't solve. In Sandboxie, it's as easy as terminating all processes :)

    P.S, stare at enough various alert boxes and you spot subtle differences (please keep in mind I'm going on my own experience here), and I've yet to find a phishing website that didn't have something "off" about the URL. Another very easy way to avoid this issue is to simply bookmark the official websites of the various security vendors. You can easily just create an extra bookmark folder and keep them there. It hurts nothing, and you'll always have their correct address.
     
    Last edited: Apr 11, 2011
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    But it's a news release from Avira... o_O
     
Loading...
Thread Status:
Not open for further replies.