TDSS Prevention

Discussion in 'other anti-virus software' started by nozzle, Aug 12, 2012.

Thread Status:
Not open for further replies.
  1. nozzle

    nozzle Registered Member

    I've looked for an antivirus that can prevent a TDSS infection and only found cleanup tools AFTER the infection. Is there an antivirus that actually prevents a TDSS infection?

    Thanks
     
    nozzle, Aug 12, 2012
    #1
  2. SLE

    SLE Registered Member

    First: TDSS is dead. There are no new samples of it itw since a long time.
    Second: All AVs should detect exisiting samples and droppers per signature.
    Third: Some AVs also proactive detect the methods known TDL samples used in the past. (f.e. EAM, KIS,...)
     
    SLE, Aug 12, 2012
    #2
  3. nosirrah

    nosirrah Malware Fighter

    "First: TDSS is dead. There are no new samples of it itw since a long time."

    D0C23926925123071B143F717B7ADC7D
    24CEA1FD12E4C9C99B6D0779DC923895

    These both dropped from exploits this month and were undetected at 0hour. I just rechecked the newest one and it is up to about 40% detected.

    ITW you will see MBAM logs containing Trojan.Agent.BRVGen.

    Ping me if you want the samples.
     
    nosirrah, Aug 12, 2012
    #3
  4. Dark Shadow

    Dark Shadow Registered Member

    Then look elsewhere.How about adding Sandboxie to your setup or AppGuard or both.
     
    Dark Shadow, Aug 12, 2012
    #4
  5. Chiron

    Chiron Registered Member

    Comodo Internet Security or Comodo Firewall will protect you. So will many others, as long as they don't rely entirely on detection in order to "protect" the user.
     
    Chiron, Aug 12, 2012
    #5
  6. nozzle

    nozzle Registered Member

    Thanks Chiron. I'm already using Comodo Firewall and didn't know it had that capability. Learning new things everyday.

    Keep safe
     
    nozzle, Aug 12, 2012
    #6
  7. Chiron

    Chiron Registered Member

    Yes, any files not verified as safe by Comodo analysts will be prevented from harming your system. Thus you are safe from malware whether it is detected as such or not.

    Have you already read my guide here?
     
    Chiron, Aug 12, 2012
    #7
  8. nozzle

    nozzle Registered Member

    Thanks again Chiron for the install manual. Nice and simple "how to" for Comodo Firewall. I followed your instructions and believe I am more secure for doing so.

    Stay Safe
     
    nozzle, Aug 12, 2012
    #8
  9. Noob

    Noob Registered Member

    Most AV's should be able to detect the old TDSS variants. :D
     
    Noob, Aug 13, 2012
    #9
  10. icr

    icr Registered Member

    Run as a limited user

    The infection comes from the usual dropper from P2P networks or by warez websites, and it needs admin rights to run its payload. If UAC is OFF(disabled) or the user manually gives admin rights, then TDSS can infect even Windows Vista and Windows 7. This is likely to be the usual scenario, where a user looks for specific cracks,patches,pornography and don't mind if UAC warns him, he gives admin privileges to the wanted file. And finally gets infected.


    regards,
    icr ;)
     
    icr, Aug 14, 2012
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice