I got hit with the FBI Ransom last week. I was able to remove it with the Hitman approach. My question is why didn't McAfee real-time scan and McAfee Firewall catch it. Secondly has McAfee updated their protocals so I am covered in the future?
I moved this to Malware Discussion as a more appropriate spot. No antivirus stops those things because of the way they work, needing human interaction to activate.
If you had hard powered off without touching any key or the mouse it wouldn't have taken hold and you could then have booted into Safe Mode and used System Restore to go back to before it all started.
Useful to know in future encounters with that and similar ransomware.
McAfee does have specialist tools that work outside the normal antivirus parameters and may catch these things if used before they take hold (which is difficult). Stinger for one. See the last link in my signature below.
Here are a few of the best removal guides on the web for that particular item, and they have lots more for other types:
.Message was edited by: Ex_Brit on 28/08/13 9:21:37 EDT AM
Malicious software authors are constantly changing their malware to evade detection. No single AntiVirus can detect 100% of the threats that come out in real time. Your best bet is to keep you antivirus up-to-date (usually automatic) and practice safe computing habits. I checked the Hitman Pro site and it claims to be a "Second Opinion Scanner" with a good explanation to what it's used for. Hitman Pro also uses multiple antivirus vendor engines to help detect what might be commonly missed between other AntiViruses.
McAfee is constantly updating their database files with new detections added daily. If/when McAfee is able to capture a sample of the virus and analyze it, future database updates will allow McAfee to detect and clean these new threats.
hottuna222, as Ex_Brit and secured2k said, cybercrooks decrypt their malware all the time not be detected by antiviruses. It becomes detectable only after infected user sent malware signature to antivirus vendors and they add it to their virus bases. So, anyone can catch 0-day java or flash exploit and get this scam. I spent several days discovering FBI ransomware and wrote 2 big articles on this:
and can say one thing - ANY antivirus won't protect you, you can only remove it post factum.
Thanks for the useful input.
I removed your signature as advertising links are not permitted in the forum Terms of Service (or links that look like they're advertising).
I put a link in your profile 'Home Page URL' to that page.
Their rules, not mine, sorry.
Message was edited by: Ex_Brit on 28/08/13 9:35:11 EDT AM