"FBI MoneyPak" Malware

[jlpeifer 0]

Is the FBI MoneyPak malware something that ESS guards against?  I have a client whose Win7 laptop is running ESET Smart Security v5.  Despite having a fully license, fully updated version of ESS his computer gets infected with this particular malware about once every 2 months.

 

(I'm in the awkware position of having to defend ESS's performance after I strongly recommended the product to guard his computer against infections)

[Marcos 5,070]

ESET is actually quite strong when it comes to ransomware detection. Of course, no security software offers 100% detection of malware, however, ESET uses mechanisms so that detection for newly emerging and unrecognized variants is added in the next update. If ransomware has made it to a computer and detection was added afterwards, the following procedure should work to clean it out:

- turn off / on the computer or restart it 

- after Windows starts, wait about 5 minutes so that the latest update is downloaded and a startup scan is run (even if the ransomware is active and blocking the screen and other actions, the process of updating and cleaning will be run in the background)

- turn off / on the computer

 

I'd also suggest trying v7 beta which has been running smoothly and only minor issues have been reported. It features Advanced memory scanner which helps to protect against zero-day malware, Vulnerability shield to detect and block attempts to exploit known system vulnerabilities and one more new feature to improve malware detection even more. That said, it will be much stronger than its predecessors v6, v5 or older.

[jlpeifer 0]

I'd like to say that the "turn off / on computer" method worked, but unfortunately that approach has never worked with regard the ransomware infections I've been asked to clean up (computers that had eset installed).

 

I'll download and install v6 to see if there's any improvement in detection and will download/install v7 after it has matured a bit.

 

Thanks.

[Guest mana]

Why don't you try HitmanPro.Kickstart or Kaspersky Rescue Disk. (free both of them)
Creates a USB Flash Drive that you boot into. USB Flash Drive is first in the boot order list in your BIOS Setup first to make sure you don't boot into the hard drive instead
just my 2 cents

[jlpeifer 0]

Guest_mana_ ... The issue raised in my original post wasn't "how to clean" but rather whether ESET protects against the infection in the first place.

[Guest mana]

"fully updated version of ESS his computer gets infected with this particular malware about once every 2 months."

 

I like to add one more thing.
Your client have to check computer usage habits (update softwares(windows, java, adobe flash), web surfing..etc)
 

[Arakasi 549]

In my experience, my customers who run Av products still like to visit the web url's and sites that have malicious programs.

I have learned in my years and years of working. You can never trust the user. Although up front you have to be courteous and understanding as well as professional.

You cannot accuse, blame, or insinuate that its there fault. You can only do as they ask and fix their issues while maintaining good rapport and a nice strong attitude.

 

My customers will turn off and disable their anti virus to visit the bad sites such as pirating and pornography websites.

 

Then, turn there AV back on after they have completed their tasks.

I highly suggest you strongly keep this in mind. However do not accuse or blame, only keep your calm and maintain your assertiveness that ESET has a strong virii engine for protection against most threats.

[TomFace 539]

In my experience, my customers who run Av products still like to visit the web url's and sites that have malicious programs.

I have learned in my years and years of working. You can never trust the user. Although up front you have to be courteous and understanding as well as professional.

You cannot accuse, blame, or insinuate that its there fault. You can only do as they ask and fix their issues while maintaining good rapport and a nice strong attitude.

 

My customers will turn off and disable their anti virus to visit the bad sites such as pirating and pornography websites.

 

Then, turn there AV back on after they have completed their tasks.

I highly suggest you strongly keep this in mind. However do not accuse or blame, only keep your calm and maintain your assertiveness that ESET has a strong virii engine for protection against most threats.

Point well made Arakasi. I believe it's called human nature. We all still have a bit of child left in us, as foolish as it can be at times. Learned (engrained) behaviors can be difficult to alter. And yes, customer service and respect should always be paramount.

 

Sincerely,

Edited July 28, 2013 by TomFace

[Guest concerned]

FBI MoneyPak malware is not a new item (even though could have different forms and shapes).

 

I am really not happy to hear again and again  about "no security software offers 100% detection of malware" and "customers will turn off and disable their anti virus "  to justify non-detection.

[Arakasi 549]

FBI MoneyPak malware is not a new item (even though could have different forms and shapes).

 

I am really not happy to hear again and again  about "no security software offers 100% detection of malware" and "customers will turn off and disable their anti virus "  to justify non-detection.

 

Hi Guest_concerned. My apologies if any offense has been portrayed, it was not my intention; as a public forum i was speaking out in assistance for jlpeifer , who is concerned about Eset's ability to protect against threats for his personal clients.

I wanted to ensure him he has great products installed; and maybe other methods of attack (helping his customer) may be needed to provide customer service.

 

The following links are to make aware that Eset is fully known of the infection of what no one seems to know is called more recently Reveton.A of ransomware.

We all call it Fbi moneypak nonetheless....

 

hxxp://www.virusradar.com/Win32_Reveton.A/description

 

Forms of fbi ransomware on eset virus radar:

hxxp://www.virusradar.com/en/search/all/fbi%20moneypak

 

Win32/TrojanDropper.Agent.FBI - Its true it has been a while for some time. 2008 , maybe earlier

hxxp://www.virusradar.com/en/Win32_TrojanDropper.Agent.FBI/description

 

As far as "no software provides 100%". I have to agree from long experience in repair.

The person behind the chair is always controlling the direction of his browser or mouse clicks. I am guilty myself.

There is an abundance of malicious software in the world, with high percentages of them, type that love to spread.

-When i clean computers for customers, i not only manually sift through their files for certain anomalies (after staring at windows directory for years you can actually memorize it by the thousands).

-I scan with multiple rootkit scanners

-Then with multiple virus/spyware programs

-Then remove PUA's through add/remove like toolbars,java,flash, and all outdated software

-Not in this order but i make sure all temp folders are dumped to increase vir rem and lower scan times

-I remove any anti virus at this point i feel may be insufficient.

-Upon removing PUA's I then scan with multiple malware/spyware/virus/trojan scanners AGAIN, possible with cloud scanners and onsite scans at the end.

- End with updating apps, and any i didn't..... forces the customer to go out and get the latest which would be patched, even if i didn't agree with it being installed.

 

Reason being [ all the different companies have different databases, and different definitions, some may have caught or seen that others have not - this could be due to location in the world or different cloud submissions from users]

At this point you have to decide what sort of protection are you going to give your client for preventative maintenance. *we wont be around when it comes to lurk its ugly head again.

So we opt for the best software with heuristics and real time file system protection to prevent.

I believe Eset has done a great job at naming itself a good active program and a cleanup program in one.. Both exists as separate tools/methods out in the wild.

 

Thanks guest_concerned for sharing your thoughts. I hope i helped a little from a techs mind-set.