TDSS Prevention

Discussion in 'other anti-virus software' started by nozzle, Aug 12, 2012.

Thread Status:
Not open for further replies.
  1. nozzle

    nozzle Registered Member

    Joined:
    Jul 3, 2012
    Posts:
    76
    Location:
    San Diego, CA
    I've looked for an antivirus that can prevent a TDSS infection and only found cleanup tools AFTER the infection. Is there an antivirus that actually prevents a TDSS infection?

    Thanks
     
  2. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    First: TDSS is dead. There are no new samples of it itw since a long time.
    Second: All AVs should detect exisiting samples and droppers per signature.
    Third: Some AVs also proactive detect the methods known TDL samples used in the past. (f.e. EAM, KIS,...)
     
  3. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    "First: TDSS is dead. There are no new samples of it itw since a long time."

    D0C23926925123071B143F717B7ADC7D
    24CEA1FD12E4C9C99B6D0779DC923895

    These both dropped from exploits this month and were undetected at 0hour. I just rechecked the newest one and it is up to about 40% detected.

    ITW you will see MBAM logs containing Trojan.Agent.BRVGen.

    Ping me if you want the samples.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Then look elsewhere.How about adding Sandboxie to your setup or AppGuard or both.
     
  5. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Comodo Internet Security or Comodo Firewall will protect you. So will many others, as long as they don't rely entirely on detection in order to "protect" the user.
     
  6. nozzle

    nozzle Registered Member

    Joined:
    Jul 3, 2012
    Posts:
    76
    Location:
    San Diego, CA
    Thanks Chiron. I'm already using Comodo Firewall and didn't know it had that capability. Learning new things everyday.

    Keep safe
     
  7. Chiron

    Chiron Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Yes, any files not verified as safe by Comodo analysts will be prevented from harming your system. Thus you are safe from malware whether it is detected as such or not.

    Have you already read my guide here?
     
  8. nozzle

    nozzle Registered Member

    Joined:
    Jul 3, 2012
    Posts:
    76
    Location:
    San Diego, CA
    Thanks again Chiron for the install manual. Nice and simple "how to" for Comodo Firewall. I followed your instructions and believe I am more secure for doing so.

    Stay Safe
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Most AV's should be able to detect the old TDSS variants. :D
     
  10. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Run as a limited user

    The infection comes from the usual dropper from P2P networks or by warez websites, and it needs admin rights to run its payload. If UAC is OFF(disabled) or the user manually gives admin rights, then TDSS can infect even Windows Vista and Windows 7. This is likely to be the usual scenario, where a user looks for specific cracks,patches,pornography and don't mind if UAC warns him, he gives admin privileges to the wanted file. And finally gets infected.


    regards,
    icr ;)
     
Thread Status:
Not open for further replies.