"Your computer has been locked," infection! Now why would Avast not prevent
this? I'll admit I've not used a firewall for some years and have been doing
well. Sometimes Avast pops up with "this page has been blocked". This is
real-time protection. Nevertheless, I suddenly saw the screen with a fake
announcement that I'd broken the law and my PC would be unlocked only if I paid
a certain amount. And it really was locked. I got around it by using two
programs: HitmanPro and Combofix plus reinstalling Windows on two drives of
three. Big trouble. Question two: Where can this kind of malware be placed in
the system? It has to be close to the first items to start up as this static
message screen turned up almost at once when I tried to restart. For the
record, I've installed a firewall now.
In this excerpt from
Answercast #94 I look at possible reasons a computer could get infected
with ransomware even though anti-malware software is running.
]]>
Anti-malware doesn't stop infection
I think one thing that's very important to realize about this particular malware that we're encountering (which we refer to as ransomware because, basically, it holds your computer ransom - you have to pay to have it unlocked) is it's really just malware. There's nothing really that special about it other than what it does.
There's nothing special about how it infects your computer. It's just malware like any other malware.
How does ransomware work?
Where does it insert itself?
Well, obviously it's inserting itself in the system startup sequence. There are several different places that malware, depending on how they work, can insert themselves to automatically run - just like any other software can install itself to automatically run on Windows startup.
So in that sense, there's nothing really special about that either. It's simply how malware, this kind of malware or any kind of malware, has the opportunity to infect your machine.
Why didn't Avast catch ransomware?
The real question that I think is interesting here is - why didn't Avast catch this?
Well, let's start by assuming that you're using Avast correctly and you've kept it up to date - as up to date as possible. Even so, not all anti-malware tools catch all malware. It's simply a fact of how anti-malware tools work.
There's kind of a race. Malware generators create as quickly as they can - and anti-malware tools are in a constant state of keeping up. If something gets released in the morning and infects your machine before your anti-malware tools have been updated, the anti-malware tool may not catch it. Simply because it doesn't know that it exists yet.
Keep virus protection tools up-to-date
That's why I insist, and so often talk about keeping not just the anti-malware tools themselves up to date, but making sure that they are enabled to update their database of information at least once a day - if not more often. Some tools actually do it more often.
That's why I say - make sure you're using the tools correctly.
If you have an out of date anti-malware tool, this kind of stuff is just going to happen. You're opening a window wider and wider, every day that the tool is not updated, that would allow newer malware to infect your machine.
When malware wins
But even if you keep your anti-malware tools updated, there is still a window of opportunity for the newest malware to make it through. As I said earlier, not all malware tools catch all malware. It's an unfortunate side effect of exactly how malware and anti-malware tools are written.
I have an article, "I have an anti-virus tool. Why do I still get infected?" It basically covers exactly this topic and why it might happen.
The best thing you can do besides re-enabling your firewall (which I think is a fantastic idea) is to make sure that you're doing all of what it means to "be safe on the internet" correctly. That does include firewalls and anti-malware tools - but it also includes behavior. It also includes making sure you're not inviting malware on to your machine.
No anti-malware tool can prevent you from installing malware on your machine deliberately. Even though you might not think it's deliberate. If you download an attachment and open it and run it - there's a very good chance that you've just bypassed all of your security.
So, those are the things that I would have you think about. Those are the things that I would have you look and make sure that Avast is up to date and make sure that its database is getting updated frequently as well.
(Transcript lightly edited for readability.)
Next from Answercast 94- Could my email account hack be related to my computer being stolen the week before?
I Still get phone calls from Microsoft “APPROVED TECHS” WANTING TO CLEAN mY “new P.c, SAYING I HAVE mULTABLE INFECTIONS etc. hOW THE HELL cAN I gET THIS STUFF stopped??.I THINK THEY “sabatoge MY PC . TO START WITH?!
There is a large difference between malware and ransomware. When I got hit with ramsonware, after a bit of time of ranting, I realized that the creators had to have a way to undo their damage to stay in business. This means that the even slightly geeky users can figure out the fix. Also, the firewall and virus protection developers have fixes for these problems. Most of the time these are free to get you to look at their product. All in all, I would much prefer a ransomware hit to a real malware one.
@Hal
Like Spam and telemarketers, there’s not much you can do other than to ignore them and hang up in their ear, unless you prefer to have fun leading them on.
@David
That might be true of some ransomware, but if the ransomware encrypts your data with strong key, even a very good hacker wouldn’t be able to decrypt it.
Use Sandboxie to protect your browser.
No malware will be installed or saved on your hard drive after closing the sandbox protected browser.
Of course if you choose to save outside the sandboxed browser this could possibly obviate the solid protection provided.
Sandboxie is free apart from a minor 5 second buy nag screen after trial use expires .
No updating to find the latest virus definitions is required
Jp
David Jones, I disagree.
They are not looking for repeat customers or good word-of-mouth. Just a one-time payment. They really have no reason at all to actually fix or unlock your computer after you pay up.