Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Just hit by teslacrypt, considering antivirus software

  • Please log in to reply
1 reply to this topic

#1 DukeBob


  • Members
  • 13 posts
  • Local time:10:08 PM

Posted 24 December 2015 - 12:20 PM

As the title said, I just got hit by teslacrypt. Fortunately, as the PC hit had nothing valuable on it, the virus didn't do any significant damage (more details here: http://www.bleepingcomputer.com/forums/t/575875/new-teslacrypt-version-released-that-uses-the-exx-extension/?p=3893231).


Due to this experience, I want to get a solid protection tool. I used free Malwarebytes and Hitman for scanning for traces of that virus and I'm considering upgrading to the premium versions. So I have some questions:


 Can you make Hitman scan only a specific drive/partition? In malwarebytes that is possible, but I have not seen any such option in Hitman.

Also, I see that malwarebytes seems to be the most recommended software of this kind in these forums. Is malwarebytes the "go to" tool for getting rid of malware and viruses?

Also, how good are Hitman and Kaspersky?

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:08 PM

Posted 24 December 2015 - 02:40 PM

To protect yourself from ransomware (crypto malware infections), the best defensive strategy is a comprehensive approach...make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software, disable VSSAdmin.exe and routinely backup your data. You should also rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.

Some anti-virus and anti-malware programs include built-in exploit protection. For example, Emsisoft Anti-Malware uses advanced behavior blocking analysis which is extremely difficult to penetrate...it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. Emsisoft also has the ability to detect unknown zero-day attacks without signatures. ESET Antivirus and Smart Security uses Exploit Blocker which is designed to fortify applications that are often exploited, such as web browsers, PDF readers, email clients or MS Office components.

As with most ransomware...the best solution for dealing with encrypted data is to restore from backups. Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.


Prevention Tips to Avoid Malvertising, Exploits & Crypto malware:


Ransomware Prevention Tools:


Keep in mind that some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can hamper the effectiveness of Return-oriented programming (ROP) and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running.

While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs.

Use an Anti-Exploit Program to Help Protect Your PC From Zero-Day Attacks

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users