Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why did I get infected even though I run anti-malware software?

Question:

"Your computer has been locked," infection! Now why would Avast not prevent
this? I'll admit I've not used a firewall for some years and have been doing
well. Sometimes Avast pops up with "this page has been blocked". This is
real-time protection. Nevertheless, I suddenly saw the screen with a fake
announcement that I'd broken the law and my PC would be unlocked only if I paid
a certain amount. And it really was locked. I got around it by using two
programs: HitmanPro and Combofix plus reinstalling Windows on two drives of
three. Big trouble. Question two: Where can this kind of malware be placed in
the system? It has to be close to the first items to start up as this static
message screen turned up almost at once when I tried to restart. For the
record, I've installed a firewall now.

In this excerpt from
Answercast #94
I look at possible reasons a computer could get infected
with ransomware even though anti-malware software is running.

]]>

Anti-malware doesn't stop infection

I think one thing that's very important to realize about this particular malware that we're encountering (which we refer to as ransomware because, basically, it holds your computer ransom - you have to pay to have it unlocked) is it's really just malware. There's nothing really that special about it other than what it does.

There's nothing special about how it infects your computer. It's just malware like any other malware.

How does ransomware work?

Where does it insert itself?

Well, obviously it's inserting itself in the system startup sequence. There are several different places that malware, depending on how they work, can insert themselves to automatically run - just like any other software can install itself to automatically run on Windows startup.

So in that sense, there's nothing really special about that either. It's simply how malware, this kind of malware or any kind of malware, has the opportunity to infect your machine.

Why didn't Avast catch ransomware?

The real question that I think is interesting here is - why didn't Avast catch this?

Well, let's start by assuming that you're using Avast correctly and you've kept it up to date - as up to date as possible. Even so, not all anti-malware tools catch all malware. It's simply a fact of how anti-malware tools work.

There's kind of a race. Malware generators create as quickly as they can - and anti-malware tools are in a constant state of keeping up. If something gets released in the morning and infects your machine before your anti-malware tools have been updated, the anti-malware tool may not catch it. Simply because it doesn't know that it exists yet.

Keep virus protection tools up-to-date

That's why I insist, and so often talk about keeping not just the anti-malware tools themselves up to date, but making sure that they are enabled to update their database of information at least once a day - if not more often. Some tools actually do it more often.

That's why I say - make sure you're using the tools correctly.

If you have an out of date anti-malware tool, this kind of stuff is just going to happen. You're opening a window wider and wider, every day that the tool is not updated, that would allow newer malware to infect your machine.

When malware wins

But even if you keep your anti-malware tools updated, there is still a window of opportunity for the newest malware to make it through. As I said earlier, not all malware tools catch all malware. It's an unfortunate side effect of exactly how malware and anti-malware tools are written.

I have an article, "I have an anti-virus tool. Why do I still get infected?" It basically covers exactly this topic and why it might happen.

The best thing you can do besides re-enabling your firewall (which I think is a fantastic idea) is to make sure that you're doing all of what it means to "be safe on the internet" correctly. That does include firewalls and anti-malware tools - but it also includes behavior. It also includes making sure you're not inviting malware on to your machine.

No anti-malware tool can prevent you from installing malware on your machine deliberately. Even though you might not think it's deliberate. If you download an attachment and open it and run it - there's a very good chance that you've just bypassed all of your security.

So, those are the things that I would have you think about. Those are the things that I would have you look and make sure that Avast is up to date and make sure that its database is getting updated frequently as well.

(Transcript lightly edited for readability.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Why did I get infected even though I run anti-malware software?”

  1. I Still get phone calls from Microsoft “APPROVED TECHS” WANTING TO CLEAN mY “new P.c, SAYING I HAVE mULTABLE INFECTIONS etc. hOW THE HELL cAN I gET THIS STUFF stopped??.I THINK THEY “sabatoge MY PC . TO START WITH?!

    Reply
  2. There is a large difference between malware and ransomware. When I got hit with ramsonware, after a bit of time of ranting, I realized that the creators had to have a way to undo their damage to stay in business. This means that the even slightly geeky users can figure out the fix. Also, the firewall and virus protection developers have fixes for these problems. Most of the time these are free to get you to look at their product. All in all, I would much prefer a ransomware hit to a real malware one.

    Reply
  3. Use Sandboxie to protect your browser.
    No malware will be installed or saved on your hard drive after closing the sandbox protected browser.
    Of course if you choose to save outside the sandboxed browser this could possibly obviate the solid protection provided.
    Sandboxie is free apart from a minor 5 second buy nag screen after trial use expires .
    No updating to find the latest virus definitions is required
    Jp

    Reply
  4. David Jones, I disagree.

    They are not looking for repeat customers or good word-of-mouth. Just a one-time payment. They really have no reason at all to actually fix or unlock your computer after you pay up.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.