Jump to content


Photo

Can MB stop the FBI hostageware from entering the PC?

FBI Hostageware

  • Please log in to reply
14 replies to this topic

#1 mikeruth

mikeruth

    New Member

  • Members
  • Pip
  • 7 posts

Posted 28 March 2013 - 01:15 PM

My question is the subject, Can the full paid, properly installed, clean to begin with PC be protected from this type of infection>?

Thanks

Mike R

#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,000 posts
  • Gender:Male
  • Location:USA

Posted 28 March 2013 - 01:21 PM

Hello and :welcome:

In a nut shell, not one product can keep you protected 100%. Having an up to date antivirus along with Malwarebytes Pro can reduce the risk of getting infected in the first place. Not only do you have to have these to programs updated, but you also need to have all your software on your system up to date including Windows, Office, Java, Flash, etc. just to name a few.

Malwarebytes Pro together with its Web Blocking feature should help prevent you from getting infected.

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 mikeruth

mikeruth

    New Member

  • Members
  • Pip
  • 7 posts

Posted 29 March 2013 - 02:51 PM

Hello and :welcome:

In a nut shell, not one product can keep you protected 100%. Having an up to date antivirus along with Malwarebytes Pro can reduce the risk of getting infected in the first place. Not only do you have to have these to programs updated, but you also need to have all your software on your system up to date including Windows, Office, Java, Flash, etc. just to name a few.

Malwarebytes Pro together with its Web Blocking feature should help prevent you from getting infected.


AS I thought, Nothing at this point is 100% against this paticular infection.
Very frustrating.

It is interesting that the infection seems to come from drive bys and our systems allow the initial file to be written to the hard drive and then run without any alert!

I'm thinking that a third party firewall program such as Zone Alarm or comparable would at least advise of a programs intent before execution.

#4 TeMerc

TeMerc

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 2,018 posts
  • Gender:Male
  • Location:Phx. AZ. USA
  • Interests:Formula 1 Auto Racing, Computer Security, Entertainment, Sci-Fi, SuperHeroes

Posted 29 March 2013 - 03:24 PM

AS I thought, Nothing at this point is 100% against this paticular infection.

There is no program that exists that will be able to block, detect and remove all infections, it's a statistical impossibility. But that won't ever stop us from trying.

Our teams work 24\7 working to add detections to or database and create new detection and removal routines. That's why we update as many as a dozen times per day.

The days of weekly updates are long gone and any security tool that does that is behind the curve by a huge margin IMHO.
Tom Mercado
Product Support Team Lead

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 29 March 2013 - 04:29 PM

A bit of additional info. The FBI (and other types of) ransomware which use exploits to infiltrate systems are something we're specifically focused on very highly right now and have parts of our Research team dedicated to nothing more than finding the latest variants and adding detection for them, including enhancing our heuristics to detect new and as of yet unseen variants so I'm pretty confident in our ability to stop such infections from getting in at this point.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 29 March 2013 - 05:16 PM

...we're specifically focused on very highly right now and have parts of our Research team dedicated to nothing more than finding the latest variants and adding detection for them, including enhancing our heuristics to detect new and as of yet unseen variants ...


image029.gif
David H. Lipman
DLipman@Verizon.Net

#7 melboy

melboy

    True Member

  • Experts
  • PipPipPipPip
  • 333 posts

Posted 29 March 2013 - 06:15 PM

What MBAM Pro can do is potentially block Ransomware threats on three fronts -

1. The IP of the exploit. (Website Blocking)
2. The IP of the payload. (Website Blocking)
3. The payload itself. (Filesystem Protection)

Add to that the advice above to keep all your software up to date - especially those programs with browser plugins - then you stand a better chance than if you didn't have this protection.

#8 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,101 posts
  • Gender:Male
  • Location:US

Posted 29 March 2013 - 06:24 PM

Don't forget data backups to external media that is not connected at all times. If an infection happens and the backup device is connected it can potentially attack your backups. Just had a case this week where the user brought me the computer and yep data had been encrypted on the local drive and on the backup drive. Luckily the user had made some backups to an obscure folder name that was not a Special folder so it left it alone.

Once the backup is done if it's on an external USB drive then disconnect the drive until the next backup. If you ever suspect that your computer is infected then do not connect the USB drive until you're certain you've cleaned the infection.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#9 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 29 March 2013 - 10:06 PM

1. The IP of the exploit. (Website Blocking)
2. The IP of the payload. (Website Blocking)
3. The payload itself. (Filesystem Protection)


@ melboy , we added a 4th in V 1.7 :)

4. Heuristics that target executables that drop from exploitable processes.
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 29 March 2013 - 10:18 PM

@ melboy , we added a 4th in V 1.7 :)

4. Heuristics that target executables that drop from exploitable processes.

Hehe, yes, and that one is only available in the Pro version because it requires catching the malware in the act of trying to launch prior to infection by our protection module.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 melboy

melboy

    True Member

  • Experts
  • PipPipPipPip
  • 333 posts

Posted 30 March 2013 - 03:12 AM

It just gets better & better. ;)

#12 kelleysmarine

kelleysmarine

    New Member

  • Members
  • Pip
  • 2 posts

Posted 02 April 2013 - 10:10 AM

I received the FBI virus, I utilized the Malwarebytes anti-malware software to remove it, worked great. Then the first time I shut down the computer then the system rebooted normally and then went to a solid white screen. I could not do anything but task manager and F8 safe mode with command prompt only, I entered 'explorer.exe' and ran Malwarebytes again it detected two infected lines and quarantined them, I rebooted and everything seemed normal but now I have a solid black screen. Anyone one have any idea how I can correct this?

#13 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,000 posts
  • Gender:Male
  • Location:USA

Posted 02 April 2013 - 10:12 AM

Hello and Welcome to Malwarebytes kelleysmarine

Being that you are probably still infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#14 mikeruth

mikeruth

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 April 2013 - 11:44 AM

Very encuraging to read the above posts. I have a client that seems to be able to find the FBI haostagware infection on a very regular basis. I'll install MB pro and see what happens.

Thx, Mike R

#15 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,000 posts
  • Gender:Male
  • Location:USA

Posted 04 April 2013 - 09:29 AM

Very encuraging to read the above posts. I have a client that seems to be able to find the FBI haostagware infection on a very regular basis. I'll install MB pro and see what happens.

Thx, Mike R

Great, but also make sure he has an updated antivirus, and has all other software updated as well, such as flash, java, windows updates and such...

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users