Helping people with computers... one answer at a time.

Anti-malware doesn't always stop infection - especially if it is not up-to-date. It's all about keeping yourself safe on the internet.

"Your computer has been locked," infection! Now why would Avast not prevent this? I'll admit I've not used a firewall for some years and have been doing well. Sometimes Avast pops up with "this page has been blocked". This is real-time protection. Nevertheless, I suddenly saw the screen with a fake announcement that I'd broken the law and my PC would be unlocked only if I paid a certain amount. And it really was locked. I got around it by using two programs: HitmanPro and Combofix plus reinstalling Windows on two drives of three. Big trouble. Question two: Where can this kind of malware be placed in the system? It has to be close to the first items to start up as this static message screen turned up almost at once when I tried to restart. For the record, I've installed a firewall now.

In this excerpt from Answercast #94 I look at possible reasons a computer could get infected with ransomware even though anti-malware software is running.

Anti-malware doesn't stop infection

I think one thing that's very important to realize about this particular malware that we're encountering (which we refer to as ransomware because, basically, it holds your computer ransom - you have to pay to have it unlocked) is it's really just malware. There's nothing really that special about it other than what it does.

There's nothing special about how it infects your computer. It's just malware like any other malware.

How does ransomware work?

Where does it insert itself?

Well, obviously it's inserting itself in the system startup sequence. There are several different places that malware, depending on how they work, can insert themselves to automatically run - just like any other software can install itself to automatically run on Windows startup.

So in that sense, there's nothing really special about that either. It's simply how malware, this kind of malware or any kind of malware, has the opportunity to infect your machine.

Why didn't Avast catch ransomware?

The real question that I think is interesting here is - why didn't Avast catch this?

Well, let's start by assuming that you're using Avast correctly and you've kept it up to date - as up to date as possible. Even so, not all anti-malware tools catch all malware. It's simply a fact of how anti-malware tools work.

There's kind of a race. Malware generators create as quickly as they can - and anti-malware tools are in a constant state of keeping up. If something gets released in the morning and infects your machine before your anti-malware tools have been updated, the anti-malware tool may not catch it. Simply because it doesn't know that it exists yet.

Keep virus protection tools up-to-date

That's why I insist, and so often talk about keeping not just the anti-malware tools themselves up to date, but making sure that they are enabled to update their database of information at least once a day - if not more often. Some tools actually do it more often.

That's why I say - make sure you're using the tools correctly.

If you have an out of date anti-malware tool, this kind of stuff is just going to happen. You're opening a window wider and wider, every day that the tool is not updated, that would allow newer malware to infect your machine.

When malware wins

But even if you keep your anti-malware tools updated, there is still a window of opportunity for the newest malware to make it through. As I said earlier, not all malware tools catch all malware. It's an unfortunate side effect of exactly how malware and anti-malware tools are written.

I have an article, "I have an anti-virus tool. Why do I still get infected?" It basically covers exactly this topic and why it might happen.

The best thing you can do besides re-enabling your firewall (which I think is a fantastic idea) is to make sure that you're doing all of what it means to "be safe on the internet" correctly. That does include firewalls and anti-malware tools - but it also includes behavior. It also includes making sure you're not inviting malware on to your machine.

No anti-malware tool can prevent you from installing malware on your machine deliberately. Even though you might not think it's deliberate. If you download an attachment and open it and run it - there's a very good chance that you've just bypassed all of your security.

So, those are the things that I would have you think about. Those are the things that I would have you look and make sure that Avast is up to date and make sure that its database is getting updated frequently as well.

(Transcript lightly edited for readability.)

Article C6312 - February 15, 2013 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

6 Comments
Hal
February 19, 2013 11:28 AM

I Still get phone calls from Microsoft "APPROVED TECHS" WANTING TO CLEAN mY "new P.c, SAYING I HAVE mULTABLE INFECTIONS etc. hOW THE HELL cAN I gET THIS STUFF stopped??.I THINK THEY "sabatoge MY PC . TO START WITH?!

David Jones
February 19, 2013 12:31 PM

There is a large difference between malware and ransomware. When I got hit with ramsonware, after a bit of time of ranting, I realized that the creators had to have a way to undo their damage to stay in business. This means that the even slightly geeky users can figure out the fix. Also, the firewall and virus protection developers have fixes for these problems. Most of the time these are free to get you to look at their product. All in all, I would much prefer a ransomware hit to a real malware one.

Mark J
February 19, 2013 3:09 PM

@Hal
Like Spam and telemarketers, there's not much you can do other than to ignore them and hang up in their ear, unless you prefer to have fun leading them on.

Mark J
February 19, 2013 3:23 PM

@David
That might be true of some ransomware, but if the ransomware encrypts your data with strong key, even a very good hacker wouldn't be able to decrypt it.

johnpro2
February 19, 2013 9:11 PM

Use Sandboxie to protect your browser.
No malware will be installed or saved on your hard drive after closing the sandbox protected browser.
Of course if you choose to save outside the sandboxed browser this could possibly obviate the solid protection provided.
Sandboxie is free apart from a minor 5 second buy nag screen after trial use expires .
No updating to find the latest virus definitions is required
Jp

Billy Bob
March 3, 2013 5:46 PM

David Jones, I disagree.

They are not looking for repeat customers or good word-of-mouth. Just a one-time payment. They really have no reason at all to actually fix or unlock your computer after you pay up.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.