Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

Prevent antivirus 2010 from getting on systems

We run mcafee 8.7i and we have a number of systems that got crippled by this malware/virus. How can I prevent it and why doesn't mcafee find it?

1 Solution
MichaelSystems EngineerCommented:
McAfee for some reason doesn't block these "Scareware" trojans/viruses. You can compliment the system by adding Malwarebytes. If it does not install or run with the viruses on it, you may have to go into safemode with networking and install/run the program.

Note that you may have to have the full purchased version of MalwareBytes, because the free version will only clean it after it's been infected.  Full version has a realtime scanner that works a little better.

You may also want to check into a little better AV solution, I personally like Kaspersky.  Having said that, choosing an antivirus solution is matter of preference and could be (and has been) a topic of it's own many times!  :)


I agree the paid version of malwarebytes is the best way I know of.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

MichaelSystems EngineerCommented:
Agreed as well, but in this instance, the free version will suffice. The only difference is, the paid will update itself and actively scan any and all files like a regular antivirus would.
Ken, I have to respectfully disagree.  In this instance, the question as asked was how to prevent it.  The free version will not do that, it will only clean it after being infected.

Thomas Zucker-ScharffSystems AnalystCommented:
McAfee is not my favorite either.  My personal preference is ESET Security Suite 4 or ESET NOD32 with a perimeter firewall.  I run WinPatrol Plus as well, for hosts file and run-on-boot monitoring.

That said, I believe a mix of several good products, as long as only one does on-access scanning, is the best way to go (unless you are not connected to the internet).
MichaelSystems EngineerCommented:
@ ks_admin,

I stand corrected. As antivirus goes, my personal favorite (because of blocking these types of viruses) would be Vipre antivirus.
A resident antivirus(Kaspersky or not) even with their sophisticated heuristic detection can not protect the system against rogues which is what Antivirus 2010 is(it's just one of the family of rogues).
Some AV can't even detect it, mainly because it is not a virus, it camouflage as a legit program.
As already suggested, MalwareBytes is the best one out there to detect and remove rogues as mbam is designed for that particularly.
But it also doesn't mean that just because you have MalwareBytes real-time protection you are protected 100%.

I have MalwareBytes Pro protecting my PC but over few weeks ago one rogue (anti-malware doctor) was able to infect the system with the user's help.
So you could have all the basic security programs installed and nasties can still get in when the user is not security-wise.
User-education should also be one of the priorities of the list of preventative measures.
I have found no defense against these scareware / drive-by download infections.  There is some promising work being done with something called B.L.A.D.E.  http://www.blade-defender.org/  which appears to be a joint project with the department of defense.  But the web site hasn't been updated in months so I can't tell if anyone is still working on it or not.

I fix these scareware infections several times a week and the only defense I've been able to come up with is to set the browser security settings such that they won't run any scripts (which isn't really practical) or educate the users to recognize when that initial scareware window that pops up and to turn off their machine (killing browser process also works) immediately and do not click on anything - not even the X button at the top - left of the scareware window as clicking anywere in the window will download the rest of the crap.

"... How can I prevent it and why doesn't mcafee find it?..."

Best prevention is user education. Most people who work on a computer all day find it very hard to  understand the concept that the internet might contain danger.  They see the online world as being about emails and relaxed web-surfing to find information (and entertainment).  So it isn't surprising when they randomly click on links, or download from spurious sites, or respond to scam emails.

If you can try to get your end users into the mindset that they should not click on ANYTHING unless they know what will happen next, that will go  a long way to preventing these type of infections. Try to get them to understand that the internet is like the wild west - it is completely unpoliced and everything is up for grabs.

Something I do is tell customers to close any rogue popup window by pressing Alt + f4.  They really like the novelty of a keyboard shortcut, and it makes them far more vigilant about what is appearing on their screen.
rdefinoAuthor Commented:
Even though this won't fully prevent them. It is a good start.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now