Ucash and Co. (why not able to stop)

Discussion in 'ESET NOD32 Antivirus' started by wolliballa, Sep 15, 2012.

Thread Status:
Not open for further replies.
  1. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    Isn't there a way NOD32 AV could stop these lousy Ucash -Malware to infect PCs which are protected by up-to-date NOD32 and fully updated OS plus etc-software plus being run with non-admin rights.
    You might be happy to be able to use a non-infected account to clean up the mess but it would be a good idea to get not infected in first place.
    Typically this happens when googling around and hitting a wrong result link.
     
  2. P_R_

    P_R_ Eset Staff Account

    Joined:
    Jul 25, 2012
    Posts:
    62
    Location:
    Slovakia
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    We have been analyzing the LockScreen malware and certain improvements in cleaning will be implemented soon. As for proactive protection, we add detections as soon as new variants emerge that are not coverered by heuristics / generic detections. Of course, new detection methods and protection techniques are continually being developed / improved to provide even better protection to our users.
     
  4. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    In most/ some cases NOD32 has successfully identified malware but only after infection ( dropping file e.g. into %User%Appdata/Local/Temp and Prgram Data and creating Autostart link ).
    Once you are a happy user, you have another uninfected admin account ready to fix the lot. In most cases you might need another run with Malwarebytes to detect other locations additionally infected (or yet undetected ).
    But if you react to slowly, this damned sh... might have already encrypted your files or have marked them as hidden...........

    Had more than 5 cases with my customers last 3 months:
    - fully uptodate systems (XP,Vista,W7)
    - alternative Browser used
    - Java platform up-to-date
    - restricted user (standard )

    Just 'google' and klick. And hit you are.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    Fair enough.
    I know that Eset is always trying to stay on track. But as these bastards act like chameleons changing colours every minute I wonder if there could not be another way of prohibiting infection other than generating new signatures every day.

    Anyway I still am a very good friend of NOD32 and keep on selling !
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Thread Status:
Not open for further replies.