Rogue Paladin antivirus defeated Avira?

Discussion in 'other anti-virus software' started by 17viper17, Mar 18, 2010.

Thread Status:
Not open for further replies.
  1. 17viper17

    17viper17 Registered Member

    Joined:
    Feb 1, 2010
    Posts:
    7
    With my aunt's computer restarting when it's about to load the desktop, I did a Windows repair install. Finally got it to work and lo and behold Paladin Antivirus icon has replaced Avira Personal. MBAM icon was nowhere to be found either. Now my question, is this rogue software so powerful that it was able to install itself without Avira or MBAM stopping it? Could it have been the user's fault (knowing she isn't that tech savvy)? But still, isn't that the reason why Avira and MBAM was there, to prevent installation of these kinds of rogue software/s. I will reformat her computer and will probably replace Avira with Avast Free. Any tips on how this disaster can be prevented in the future? Thanks in advance for replies!
     
  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Sandboxie,or Geswall which are both free.

    Secure the browser,things will be easier to control,and malware like this will have a hard time getting installed,period.
     
  3. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    Hello,

    The text below was found at Wikipedia:

    hxxp://en.wikipedia.org/wiki/Rogue_security_software

    After the reading, you may have an idea of how Rogue AVs infect computers.

    Regarding switching AVs, I would advise you to stick with whatever you are using. No AV is 100% bulletproof and all of them at any given time will let Rogue AVs to slip through and infect your machine.

    Your best bet in this case is like the other poster wrote. Usa a Sandbox program to encapsulate your browser [Sandboxie, Geswall, ZA ForceField, etc] and mitigate the attack of Fake AVs. Also try to patch or get the latest versions of Adobe Flash Palyer, Adobe Reader and Java Runtime. These three are the top 3 applications being exploited right now since the also install browser plugins and for the bad guys an unpatched vulnerability on any software installed on your computer is like a house without locks in a bad neighborhood.


    Regards,

    Carlos
     
  4. johnyjohn

    johnyjohn Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    126
    Hi,

    In Configuration | General | Extended Threat Categories | Possible Fake Software has to be enabled.
     
  5. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Ive seen a trojan dropper that brings tdl3, Paladin and Vundo along for the ride. Most AVs are useless against these threats until they have a signature for them - due to the frequency with which they're re-encrypted, it's a losing battle for AVs.
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    A classic HIPS, such as Malware Defender, will serve to prevent downloads/installs that are not expressly allowed by the user.

    Prevx's Safe Online does a superb job of protecting against rogues, as well as against keyloggers.

    Firefox's NoScript extension adds an extra layer of protection against drive-by scripts.

    Of course, no security app will fully protect against a careless or ill-informed computer user. For a fail-safe in such cases, one must resort to imaging software.
     
  8. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    use LUA
     
  9. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    757
    This is a very good read indeed .:thumb:
     
  10. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    ooooooooooooppps:thumbd:
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    What a useless and insulting comment you have made. If you dislike this thread, why bother reading it?
     
  12. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    DefenseWall makes all internet facing applications untrusted by default, which means they cannot touch critical system areas (Ilya claims it's stronger protection than LUA).

    To make Paladin (or another rogue) trusted, your grandma would have to do it manually (right-click>DefenseWall HIPS>Change status to trusted), which I doubt she would. :cautious:
     
  13. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    With LUA and Avast 5 which with its behavior blocker monitoring critical areas like registry etc. this can be preventable.
     
  14. 17viper17

    17viper17 Registered Member

    Joined:
    Feb 1, 2010
    Posts:
    7
    Much much appreciation for all the help. Certainly very informative. Thanks all. BTW, pardon the noobie question, what is LUA? :oops:
     
  15. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Limited User Account
     
  16. 17viper17

    17viper17 Registered Member

    Joined:
    Feb 1, 2010
    Posts:
    7
    Oh :oops: !! Will do just that. Thanks again to everyone for your replies!
     
  17. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    i have seen that you are always ready to comment my comments in an unfriendly manner. First of all learn to respect someones point of view. Avira never needs any advocate here especially not here in this great forum and i do not need anyone to tell me weather to like or support something . If i am wrong mods can work it out. Please bellgamin do not attack my posts . if you do not like them do not bother reading.:thumbd: :thumbd: :thumbd:
     
  18. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Before this turns into a slanging match,I think someone ' may ' have already answered your question
    My concern is why is this not switched on by default ? and if it was on, would it have blocked it ?
     
    Last edited: Mar 19, 2010
Loading...
Thread Status:
Not open for further replies.