Just got Infected

[Phage]

With this Trojan.

https://www.theregister.co.uk/2017/0...ner_downloads/

Avast didn't pick it up at all, but Malwarebytes did.
What's the current thinking on free AV ? Do I have to bite the bullet and pay ?

If so, recommendations gratefully received.

[Flibb]

Some bank accounts offer free AV, think Barclays give free McAfee

Sent from my SM-G950F using Tapatalk

[Phage]

Good call. I'll check.
(Lloyds btw)

EDIT: Apparently not.

[Andy14]

This may not be too helpful (sorry) but many of the big AV names give very sizeable discounts over the Black Friday / Monday period coming up soon. But, lasts a year, do same again the next year.

In the meantime there there a many good free alternatives. If you google Free AV reviews there will be a lot of information on the best ones.

[virtuo]

Can we ask what you were doing when you picked it up? I find the free AVs are good enough, especially combined with some common sense/best practice when browsing/downloading.

[Phage]

It's in the article I linked to above. Essentially a software provider (now owned by Avast !) was compromised and it's servers dished out infected updates.
Quite similar to the Ukrainian attack recently.

[Jonj1611]

Barclays give Kaspersky

Have Kaspersky running on the kids pc's and Norton on mine(laugh if you will)

[DanceswithUnix]

If so, recommendations gratefully received.

I think it is just a mess, to the point that some are saying you can be better off without it: https://arstechnica.co.uk/informatio...ivirus-is-bad/

Until they messed up recently, I was tending towards "just use what Microsoft ships, at least it integrates properly".

So bad luck this time, better luck next time, but AV seems to be a bit of a dice roll.

Or you can switch to Linux, forget about AV and have a whole bunch of different problems

My Windows boxes use Avast but I don't install any of the addons, so *hopefully* I got away with it this time.

[Lloyd_mcse]

My advice would be get yourself Norton, I can't recommend many others as many others* install their own Certificate Authority which breaks various protections server admins add to their server (HPKP), and if you remember this is basically what the Lenovo Superfish was, so they could inject ads into encrypted sites.
I also use the Premium version of Malwarebytes as it has Anti-Exploit (Like EMET) as a second layer of protection.

*Kaspersky, BitDefender, AVG, Avast (from memory)

Kind regards

Lloyd

(No I don't work for Norton lol)

[Pob255]

I gave the free thing my bank keeps bugging me to use every time I log in (ibm trusteer rapport) . . . it increased the load time of every web page by 2-5 seconds.

It could well of been conflicting with something else, I'd not be surprised, but that makes it worse and it didn't stay on my pc for long.

when you say Avast didn't spot it, was that after a manual scan of your system, or just the active, running in the background

[Smudger]

I knew there was a reason I was ignoring the CCleaner update notifications... Looks like I might have dodged a bullet here, but I'll have to check when I get home. It comes to something when an AV company is delivering trojans to you...

[Phage]

I gave the free thing my bank keeps bugging me to use every time I log in (ibm trusteer rapport) . . . it increased the load time of every web page by 2-5 seconds.

It could well of been conflicting with something else, I'd not be surprised, but that makes it worse and it didn't stay on my pc for long.

when you say Avast didn't spot it, was that after a manual scan of your system, or just the active, running in the background

Neither I'm afraid. Not when running in the background, nor when I did a manual scan yesterday

[Pob255]

Neither I'm afraid. Not when running in the background, or when I did a manual scan yesterday

not great
Still that's why I keep malwarebytes around the free manual scan only version.

Although on a side note I updated malwarebytes recently and it automatically upgraded to a free trial of the paid for active version, it's easy to downgrade back, something too keep an eye out for.
multiple active AV is a fast recipe to cripple the performance of any machine.

[satrow]

Trusteer's Rapport can be a nightmare, esp. where any non-mainstream software/drivers are involved. Might be okay on managed corporate machines but I don't recommend it for home use.

My understanding is that the Ccleaner infection only affected a proportion of x86 installs; only the Cloud version was auto-infected and only if the update check was connected to one compromised Piriform server. The manual update infections also required a download from the same infected server, though some 3rd party software hosting sites also had/have the infected version. x64 Windows installs were not infected.

Nothing detected this infection for weeks; though a good firewall/HIPS should have prevented the connection being made to the C&C server. Free/paid AV/security is still a lottery, nothing will detect all Zero days and overall detection rates will vary according to how good the detection engine is and how good the latest definitions are. You can build a free security 'suite' that's as good as, maybe better than, a paid suite - but it takes a lot of time and experience to research the options and regular free time to ensure each piece of the jigsaw is updated at least once per day.

For the companies that are now claiming their 'advanced heuristics' are the best thing since sliced bread - remember that heuristics = guesswork and watch out for unrelated false positives, esp. where non-mainstream software is flagged up.

[Phage]

Ahem - This is a x64 machine

[satrow]

Ahem - This is a x64 machine

So the detection was of the installer, not the infection?

Do you have an HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo key?