Personal Antivirus

I was surfing on a networked computer downtown yesterday and ran across a site that was just bad. I went home and intention visited the site to see what would happen. I was hit by the Scareware program Personal Antivirus, and it installed 3 trojans. I was just curious, nothing more. It was a breeze to clean up with Malwarebyte's Anti Malware. I reported the site(s) in question to McAfee's SiteAdvisor, and in less than 12 hours the site(s) were no longer accessible online. Thanks McAfee...

Some very big concerns are at question here...like why did my NOD32 v4 fail to detect one of the most well known Scareware programs in the entire world? And why did I pay for NOD32 v4 in the first place? I really don't need an AV program if it fails to do the job.

 

did you report the site to Eset too? Was the networked computer affected by this bad site? If not why not? What version Nod32 and what definitions? You pay for the AV to protect to the best of its abilities but not against everything and anything that is out there

 

There's no security solution that would protect you against every single threat. Neither blocking urls would help as a lot of malware exploits the Fast Flux mechanism. Relying on tools aimed at infection removal rather than on detection of not yet running malware is not a good idea either.

Personal AV is one of the infamous rogue AVs that are modified very frequently and tested against detection before they are released by their authors. Even though detection is usually added quickly, you shouldn't rely solely on the AV and expect it to catch everything. Here are some hints that might help you avoid getting infected in the future:

1, do not use an administrator account for daily tasks, especially for browing the Internet (on Vista, keep UAC on)
2, keep your antivirus and operating system up to date
3, use a sandbox tool when browsing the Internet
4, do not visit suspicious sites nor run suspicious files
5, download software only from trusted sites

If you come across a suspicious file or site, submit / report it to ESET by emailing it to samples[at]eset.com. For instructions about submitting files, read this KB article.

 

We have clients being slammed by this several times a week...MalwareBytes always cleans it up very nicely.

 

Cleaned my sister-in-law's laptop of Personal AntiVirus with Malwarebytes.
MBAM had no problems finding or cleaning that crap up.

 

That scareware has a notoriously low detection rate among all AV vendor. I don't know why though.

 

This is alarming. PAV has been around for what now..over 6 months? 9 months? It creates the same entries in the registry...and even easier to detect..creates the same program installation folder in C:\Programs and Files.

It's an easy one to clean up...for over 6 months now I can do it by hand..by memory. If a person can do it..errrmmm....and MalwareBytes has been mopping it up with no problems for many months now, why can't an AV?

We has 2x more calls yesterday about it slipping past NOD on clients..and I just received 1x more this morning..slipped past NOD.

 

How to remove Personal Antivirus (Removal Guide)
http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus

 

Personal Antivirus is an example of a rogue AV program that is frequently modified to evade detection. As we see, new versions are usually detected by not more than 2-3 AVs.

 

Agreed, if a Removal Guide is required, then it's 100% Rogue

 

what will it be the best solution for a personal anti virus. i mean is there one with a great balance of low resources consuption but with hig rate of detection?

 

Since the author seems to test the application until it's undetected by almost all AV programs and then releases it, I'm not sure you'll find such an AV. It's easier to detect it using certain mechanisms when it has already installed on a computer and that's when certain programs are able to find infection on the system whilst most AVs still cannot. On the other hand, these programs likely don't provide as good proactive protection against viruses and other threats as antivirus programs do.

 

i used the last version of eset and it all seemed to be ok. i mean all was working fine. why when i instaled another av it appeard that i had viruses. does eset have o problem with detection?

 

No AV detects 100% of all threats. What one detects, the others may miss and vice-versa. You'd better submit any undetected suspicious files in a password protected archive to samples[at]eset.com to exclude the possibility of the file being false positive.