While visiting some adult sites recently using IE in private browsing, I got
what looked like an official screen from the metropolitan police advising me
that my computer had been detected accessing illegal sites and would be locked.
My camera was activated and my picture was taken and displayed on my screen. I
switched my machine off using the power button, waited a few seconds and then
rebooted into Windows 7. Everything seemed to be ok. After my initial panic, I
fired up my iPad and looked on the web to see if there was any mention of this
message and sure enough several sites identified it as a Trojan that had gotten
on to my machine. I started an AVG scan. AVG is/was my favorite anti-virus
software and is/was constantly running on my machine. I found several instances
on a Trojan, which it quarantined. Up until now, I’ve always promoted AVG as
the best protection around. So I was a bit shaken that this Trojan had gotten
through. Any help or words of wisdom you can provide would be reassuring.
In this excerpt from
Answercast #95 I look at what you might get on your computer if you visit
Anti-virus doesn’t catch all malware
The actual question is a fair bit longer but the bottom line is that the person asking the question is concerned that something got through their anti-virus software.
The bottom line here is that not all anti-virus tools will catch all viruses. Not all anti-spyware tools will catch all spyware. They will catch most. And in this particular case within AVG, it did catch it when you did the scan of your hard disk.
What it didn’t do was catch it as it happened.
Real time scanning
This is what we refer to as real-time scanning.
Now, I often recommend that people turn off real-time scanning because it can interfere with the function of the web browser, or the mail client, or any number of other things. But it’s real-time scanning that actually might have caught this as it happened.
As it turns out, either it didn’t, or it wasn’t turned on to do real-time scanning. But the scan, the static scan, the scan that you initiated after you suspected a problem, did. So that implies that AVG knows about this and will clean it up.
AVG will catch it when it does its regularly scheduled scan. It just didn’t do it in real time – quite possibly because you had real-time scanning turned off.
Visiting questionable sites
This is one of those decisions that you as a computer user need to understand and need to make. Real-time scanning can be important if you regularly frequent areas of the internet that are, for lack of a better word, questionable, and yes – many of the adult sites on the internet qualify as being in that questionable category. There’s a lot of malicious software that is delivered if you visit the wrong adult sites.
This is also true if you visit software downloading sites, illegal music sites, all those kinds of things. They all have a reputation of giving you more than what you’re looking for in the form of malware.
In those cases, if that’s the kind of thing you do on a regular basis, you want to make sure that you’re running anti-malware software that is scanning in real-time.
Problems with real-time scan
If it’s interfering with your browser, if it’s interfering with your email, that’s a problem that you need to fix somehow. It may mean using a different email program or browser. It may mean using a different anti-malware tool but if you’re visiting these kinds of places regularly, you want to make sure that you’ve got real-time scanning enabled.
Now, the other approach of course is don’t go there. Avoid the sites that are known to give this kind of experience. I have nothing against adult sites personally but I do know that when you visit random adult sites, you’re putting your computer at risk for exactly this kind of thing. Either you need to be taking the steps to avoid that by properly choosing and configuring the anti-malware software that you run, or you need to choose not to go there.
(Transcript lightly edited for readability.)
End of Answercast 95 Back to – Audio Segment
9 comments on “Why didn't my anti-malware tool catch malware that was delivered when I visited an adult site?”
Boys wil be boys and girls will be girls.
Make you computer wear a condom. I have several in different flavors and colors. Threatfire is a decent one but it only comes (sic) in one flavor and colors are not an option. I have my real-time scanning from several anti-malware apps enabled when I go porn cruising and what suprises me is – they don’t step on each others toes, but they keep my machine lean ‘n’ clean.
Use Sandboxie when visiting questionable sites. Anything that tries to invade via your browser can be deleted when the browser is closed.
good advice indeed. Sanboxie will also prevent the installion of malware from any site.
Caveat: providing you don’t choose to save outside the sandbox protected browser and risk an infection installing.
One good tool to use in these cases is WOT (Web of Trust). It is a plug in for all the major browser which warns you of questionable sites base on the ratings of WOT users. Web Of Trust – Website Trust Ratings from Other Internet Users. It will block the vast majority of drive-by malware websites. It’s not perfect, but it’s an extra level of protection which doesn’t noticeably slow down your browsing experience.
@JohnPro2: actually if you do download & save something outside the sandbox (i.e. music, video), you can then run the item sandboxed to check its behavior. Never did it with an .exe file, though.
I agree. exe files run sandboxed would be quite safe as well.
Right click the .exe files and a menu should appear giving the option to run sandboxed.
It’s not just porn sites.
I regularly do searches on tech stuff I run across on the web, and ask-leo. At least once a month while visiting a tech site I got from a Google search, Norton Anti-virus pops up that it had blocked some malware that was trying to attacking my computer. Usually it says the malware was blocked and I do not need to do anything. But once Norton Anti-virus gave a notice that the attack was serious/dangerous… I immediately closed the browser and did a virus scan with Norton Anti-virus, which found nothing. And with Microsoft Windows Defender Offline, which found a Java malware. Even though Windows Defender Offline says it cleaned the infection, I re-installed my computer from the last Windows 7 Image backup. Then again did scans which came up clean. Yes Leo, backup, backup, backup!!!
Tech sites can be very dangerous!