“Your computer has been locked,” infection! Now why would Avast not prevent
this? I’ll admit I’ve not used a firewall for some years and have been doing
well. Sometimes Avast pops up with “this page has been blocked”. This is
real-time protection. Nevertheless, I suddenly saw the screen with a fake
announcement that I’d broken the law and my PC would be unlocked only if I paid
a certain amount. And it really was locked. I got around it by using two
programs: HitmanPro and Combofix plus reinstalling Windows on two drives of
three. Big trouble. Question two: Where can this kind of malware be placed in
the system? It has to be close to the first items to start up as this static
message screen turned up almost at once when I tried to restart. For the
record, I’ve installed a firewall now.
Anti-malware doesn’t stop infection
I think one thing that’s very important to realize about this particular malware that we’re encountering (which we refer to as ransomware because, basically, it holds your computer ransom – you have to pay to have it unlocked) is it’s really just malware. There’s nothing really that special about it other than what it does.
There’s nothing special about how it infects your computer. It’s just malware like any other malware.
How does ransomware work?
Where does it insert itself?
Well, obviously it’s inserting itself in the system startup sequence. There are several different places that malware, depending on how they work, can insert themselves to automatically run – just like any other software can install itself to automatically run on Windows startup.
So in that sense, there’s nothing really special about that either. It’s simply how malware, this kind of malware or any kind of malware, has the opportunity to infect your machine.
Why didn’t Avast catch ransomware?
The real question that I think is interesting here is – why didn’t Avast catch this?
Well, let’s start by assuming that you’re using Avast correctly and you’ve kept it up to date – as up to date as possible. Even so, not all anti-malware tools catch all malware. It’s simply a fact of how anti-malware tools work.
There’s kind of a race. Malware generators create as quickly as they can – and anti-malware tools are in a constant state of keeping up. If something gets released in the morning and infects your machine before your anti-malware tools have been updated, the anti-malware tool may not catch it. Simply because it doesn’t know that it exists yet.
Keep virus protection tools up-to-date
That’s why I insist, and so often talk about keeping not just the anti-malware tools themselves up to date, but making sure that they are enabled to update their database of information at least once a day – if not more often. Some tools actually do it more often.
That’s why I say – make sure you’re using the tools correctly.
If you have an out of date anti-malware tool, this kind of stuff is just going to happen. You’re opening a window wider and wider, every day that the tool is not updated, that would allow newer malware to infect your machine.
When malware wins
But even if you keep your anti-malware tools updated, there is still a window of opportunity for the newest malware to make it through. As I said earlier, not all malware tools catch all malware. It’s an unfortunate side effect of exactly how malware and anti-malware tools are written.
I have an article, “I have an anti-virus tool. Why do I still get infected?” It basically covers exactly this topic and why it might happen.
The best thing you can do besides re-enabling your firewall (which I think is a fantastic idea) is to make sure that you’re doing all of what it means to “be safe on the internet” correctly. That does include firewalls and anti-malware tools – but it also includes behavior. It also includes making sure you’re not inviting malware on to your machine.
No anti-malware tool can prevent you from installing malware on your machine deliberately. Even though you might not think it’s deliberate. If you download an attachment and open it and run it – there’s a very good chance that you’ve just bypassed all of your security.
So, those are the things that I would have you think about. Those are the things that I would have you look and make sure that Avast is up to date and make sure that its database is getting updated frequently as well.
(Transcript lightly edited for readability.)
Next from Answercast 94- Could my email account hack be related to my computer being stolen the week before?