mikeruth

Can MB stop the FBI hostageware from entering the PC?

15 posts in this topic

My question is the subject, Can the full paid, properly installed, clean to begin with PC be protected from this type of infection>?

Thanks

Mike R

Share this post


Link to post
Share on other sites

Hello and :welcome:

In a nut shell, not one product can keep you protected 100%. Having an up to date antivirus along with Malwarebytes Pro can reduce the risk of getting infected in the first place. Not only do you have to have these to programs updated, but you also need to have all your software on your system up to date including Windows, Office, Java, Flash, etc. just to name a few.

Malwarebytes Pro together with its Web Blocking feature should help prevent you from getting infected.

Share this post


Link to post
Share on other sites

Hello and :welcome:

In a nut shell, not one product can keep you protected 100%. Having an up to date antivirus along with Malwarebytes Pro can reduce the risk of getting infected in the first place. Not only do you have to have these to programs updated, but you also need to have all your software on your system up to date including Windows, Office, Java, Flash, etc. just to name a few.

Malwarebytes Pro together with its Web Blocking feature should help prevent you from getting infected.

AS I thought, Nothing at this point is 100% against this paticular infection.

Very frustrating.

It is interesting that the infection seems to come from drive bys and our systems allow the initial file to be written to the hard drive and then run without any alert!

I'm thinking that a third party firewall program such as Zone Alarm or comparable would at least advise of a programs intent before execution.

Share this post


Link to post
Share on other sites
AS I thought, Nothing at this point is 100% against this paticular infection.

There is no program that exists that will be able to block, detect and remove all infections, it's a statistical impossibility. But that won't ever stop us from trying.

Our teams work 24\7 working to add detections to or database and create new detection and removal routines. That's why we update as many as a dozen times per day.

The days of weekly updates are long gone and any security tool that does that is behind the curve by a huge margin IMHO.

Share this post


Link to post
Share on other sites

A bit of additional info. The FBI (and other types of) ransomware which use exploits to infiltrate systems are something we're specifically focused on very highly right now and have parts of our Research team dedicated to nothing more than finding the latest variants and adding detection for them, including enhancing our heuristics to detect new and as of yet unseen variants so I'm pretty confident in our ability to stop such infections from getting in at this point.

Share this post


Link to post
Share on other sites

...we're specifically focused on very highly right now and have parts of our Research team dedicated to nothing more than finding the latest variants and adding detection for them, including enhancing our heuristics to detect new and as of yet unseen variants ...

post-14644-0-67536700-1364595374.gif

Share this post


Link to post
Share on other sites

What MBAM Pro can do is potentially block Ransomware threats on three fronts -

1. The IP of the exploit. (Website Blocking)

2. The IP of the payload. (Website Blocking)

3. The payload itself. (Filesystem Protection)

Add to that the advice above to keep all your software up to date - especially those programs with browser plugins - then you stand a better chance than if you didn't have this protection.

Share this post


Link to post
Share on other sites

Don't forget data backups to external media that is not connected at all times. If an infection happens and the backup device is connected it can potentially attack your backups. Just had a case this week where the user brought me the computer and yep data had been encrypted on the local drive and on the backup drive. Luckily the user had made some backups to an obscure folder name that was not a Special folder so it left it alone.

Once the backup is done if it's on an external USB drive then disconnect the drive until the next backup. If you ever suspect that your computer is infected then do not connect the USB drive until you're certain you've cleaned the infection.

Share this post


Link to post
Share on other sites
1. The IP of the exploit. (Website Blocking)

2. The IP of the payload. (Website Blocking)

3. The payload itself. (Filesystem Protection)

@ melboy , we added a 4th in V 1.7 :)

4. Heuristics that target executables that drop from exploitable processes.

Share this post


Link to post
Share on other sites

@ melboy , we added a 4th in V 1.7 :)

4. Heuristics that target executables that drop from exploitable processes.

Hehe, yes, and that one is only available in the Pro version because it requires catching the malware in the act of trying to launch prior to infection by our protection module.

Share this post


Link to post
Share on other sites

I received the FBI virus, I utilized the Malwarebytes anti-malware software to remove it, worked great. Then the first time I shut down the computer then the system rebooted normally and then went to a solid white screen. I could not do anything but task manager and F8 safe mode with command prompt only, I entered 'explorer.exe' and ran Malwarebytes again it detected two infected lines and quarantined them, I rebooted and everything seemed normal but now I have a solid black screen. Anyone one have any idea how I can correct this?

Share this post


Link to post
Share on other sites

Hello and Welcome to Malwarebytes kelleysmarine

Being that you are probably still infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Share this post


Link to post
Share on other sites

Very encuraging to read the above posts. I have a client that seems to be able to find the FBI haostagware infection on a very regular basis. I'll install MB pro and see what happens.

Thx, Mike R

Share this post


Link to post
Share on other sites

Very encuraging to read the above posts. I have a client that seems to be able to find the FBI haostagware infection on a very regular basis. I'll install MB pro and see what happens.

Thx, Mike R

Great, but also make sure he has an updated antivirus, and has all other software updated as well, such as flash, java, windows updates and such...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.