Avira + Online Armor - what went wrong?

Discussion in 'other anti-virus software' started by NeilC, Jan 15, 2009.

Thread Status:
Not open for further replies.
  1. NeilC

    NeilC Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    31
    I use Avira and Online Armor. I thought I was pretty well protected. But last night I accidentally clicked on some web banner proclaiming that I'd won a prize or whatever and within about 40 seconds I had a virus/trojan that locked me out of task manager, tried to run various processes, turned off Avira and generally buggered up my PC.

    How could I have prevented this from happening? Was it because that combination lacks web protection? Would I be better with the free Comodo "suite" which says it has web protection?
     
  2. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    Pardon me,how does anyone click on something by accident?Nothing will save a computer from the person operating it!
     
  3. NeilC

    NeilC Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    31
    Crikey...hmmm let me think....maybe you go click in the scroll bar and miss by a couple of pixels?

    That isn't the point anyway. The PC is used by my wife and kids who are at some point likely to click on something malicious on a website. My question is protecting the system against such things.

    Also protecting systems from benign user action is very much a major part of computer security.

    Do you happen to know anything about it that might be useful?
     
  4. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Are you using Avira with Online Armor FREE, by any chance? It sounds like OA FREE....because you didn't have "Web" protection. Here is a link that explains the differences between the paid and the free version of Online Armor, and the Web Shield is only included in the paid:

    http://www.tallemu.com/comparisons.html
     
    Last edited: Jan 15, 2009
  5. Waterfox

    Waterfox Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    118
    Location:
    Sweden
    Well in that case I'd suggest that you use Sandboxie with your browser.
     
  6. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    You could start by putting your family and yourself on a LUA for each person.
     
  7. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    The best thing is to get an image program (Acronis/ShawdowProtect) and make an image of your computer each night. If malware gets on your ssytem, you simply restore the image that was created before the malware invaded. It is as if it never happened.
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Sandboxie or ShadowDefender would have paid for themselves last night instead of all that other stuff. AVs will miss stuff eventually and it is imperative that you have something like the 2 I mentioned.
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
  10. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Do you use Avira Premium? AVs will miss things, but I'm surprised that OA didn't give you a message. If AntiVir didn't detect it, I doubt Comodo AV would have.
     
  11. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Sounds like he has OA FREE, which doesn't offer the Web Shield as part of the protection like the paid version: http://www.tallemu.com/comparisons.html
     
  12. NeilC

    NeilC Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    31
  13. NeilC

    NeilC Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    31
    Yes I was using free versions for all.

    They found the trojan just fine and alerted me but they didn't stop it getting in and causing problems. I've got rid of it now but it took a while.

    I'm thinking of going to the free Comodo suite which has AF, firewall and web protection. I do seem to remember Comodo FW being irritating though.

    Would adding Threatfire (free) have helped much?
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    my mistake, I thought you were using Firefox on a virtual drive. Sorry.
     
  15. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    With any additional info that it's probably impossible to provide right now ,what you said above doesn't make much sense.Really
     
  16. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I think you should post at the Avira boards, too. Maybe you can talk to them about it getting past AntiVir. I think OA Free has basic HIPS features, but would only alert you to malicious actions - not necessarily stop entry.

    Your story makes me think that AV web scanners might be important. Comodo AV doesn't have a web scanner, though.
     
  17. NeilC

    NeilC Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    31
    Yes that's exactly what happened - alerts but only AFTER infection.

    Firefox is on a mounted Truecrypt drive but that doesn't offer any protection from such things. I use to to secure the data once the machine is off. Whilst mounted it operates exactly as a normal drive.
     
  18. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    TF has a net module, so possibly it could catch a nasty that came down from your browser. Of course no certainty.

    Also Comodo has file/folder protection, which again, would make it difficult for the malware to do something without you letting it. Just don't allow your browser to have total file/folder protection access, but only on the directories you download stuff.

    As for the firewall part of Comodo, it's not as easy as in OA (where you don't have to do anything), but IMHO it's very well designed.
     
    Last edited: Jan 15, 2009
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi NeilC, Can you describe in detail what exactly happened step by step? Did u get any alert from OA and you allowed it?

    A trojan/ virus bypassed Antivir- that,s OK but it must not bypass OA free for sure. I am much surprized.

    C=an you recover the trojan from Antivir,s quarantine, upload it somewhere and PM me the link to get it?

    Thanks
     
  20. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Well, I admit that in a couple of my tests (I don't do tests as much anymore,) Avira let the malware install but alerted and removed a couple of the malicious files that the install produced.
     
  21. rolarocka

    rolarocka Guest

    Yep! Use sandboxie to isolate your browsing from the rest of your system.
     
  22. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I'm not sure about this, but if you had the Noscript extension in Firefox, clicking on the banner should have produced nothing, unless the banner was allowed in the Noscript options.
    I use Avast, and the webshield sometimes pops up a warning of an infected page. It works well - for infections that the AV has signatures for. For new threats I would say some kind of browser restriction - like no script - should plug that gap.
     
  23. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Where did you read that Comodo has web protection?
    Is there a Web-AV or some sort of NoScript or anything similar?

    Another question about OA.
    Did you set your browser to RunSafer?
    Because most of the malware would be very limited in its actions with this setting.

    However, as said before, use anything like Sandboxie and don't waste your time with malware removal because of this fraud and scam sites.

    Cheers
     
  24. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    You don't remember the URL which caused the initial infection? I would be interested in adding detection for the downloader/installer.
     
  25. Thug21

    Thug21 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    141
    Location:
    Illinois
    OA Free should have the full HIPS. I don't know why it wouldn't have stopped this.

    To the OP, what version of OA do you have anyway?
     
Loading...
Thread Status:
Not open for further replies.