Cryptowall 2 -- Does MBAM Premium block stop this malware in real time from encrypting files?

[jwongrolle]

Cryptowall 2 seems to be especially scary. It is executed via a phony .pdf. Does MBAM Premium stop this?

[Firefox]

Without having the physical sample it is had to say 100% for sure, but having Malwarebytes running in active mode, full Premium, it will go a long way in helping you from getting infected in the first place, of course working side by side with a good robust Antivirus program.

[jwongrolle]

This is a well known threat and a very serious one.

 

Here is some more information. http://news.softpedia.com/news/CryptoWall-2-0-Available-In-the-Wild-Has-New-Obfuscator-460927.shtml

 

What I need to know is if specifically MBAM Premium stops this file before it executes and starts to encrypt my files.

[exile360]

Absolutely, if we detect the installer/dropper for the malware, then Malwarebytes Anti-Malware Premium will stop it in its tracks before it can ever execute thus preventing the encryption of any of the files on your system.

[jwongrolle]

Thanks that is what I want to hear. This particular malware has already hit quite many people and organizations. Would be good to get the word out that Malwarebytes Premium protects against Cryptowall2.

[exile360]

Yes, and particularly for variants you describe which use a Trojan disguised as a PDF but in reality are executables (EXEs), Malwarebytes Anti-Malware is excellent at detecting those as we have extensive heuristic detection capabilities in our databases which target such trojans. The same goes for fake Word documents (.DOC, .DOCX etc.) as well as other fake file types used by such malware droppers/installers.

[flrancid]

Yes, and particularly for variants you describe which use a Trojan disguised as a PDF but in reality are executables (EXEs), Malwarebytes Anti-Malware is excellent at detecting those as we have extensive heuristic detection capabilities in our databases which target such trojans. The same goes for fake Word documents (.DOC, .DOCX etc.) as well as other fake file types used by such malware droppers/installers.

Just to clarify, you definately, 100% detect and block against CryptoWall 2.0? the one that just came out a day or two ago? Our network was just hit and we have your software on all of our machines.. Theres a chance it wasn't running on the one user who was infected, however. I just want to make sure that you guys are aware of CyptoWall 2.0 (the new version)

 

It's pretty nasty. Started encrypting data on that users local machine and all network drives mounted to a drive letter

[jwongrolle]

Yeah this is important stuff and MBAM need to know for certain it they are or are not protected from this specific malware/virus.

[AdvancedSetup]

We detect the droppers created to get you infected. There is always a possibility that some new dropper is created that we do not detect. However one should be running a good up to date live antivirus program as well and have all Windows critical updates installed at all times.

 

 

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

 

[jwongrolle]

I run MBAM Premium and I encourage the practice of safe computing. This question is not about that.   It is a specific question about a specific threat - Cryptowall 2 that has recently been released and has caused significant damage already. What I want to know is whether or not MBMA has identified this specific threat and included measures to block it in its most recent database updates.

[AdvancedSetup]

And we have answered your question. There is no one, let me repeat no one that can 100% guarantee that you will not ever get infected with Cryptowall 2 period unless you shut off the computer and never turn it on.

 

As said we will protect the computer from every currently known dropper that allows it to get installed. Next week, next month though someone could find or devise a way to bypass the detection and infect your computer. That's why following good safe computing practices and backing up your data is important.

 

Thank you again

[soloman02]

Does MBAM Premium prevent the new method by which Cryptowall 2.0 is infecting PCs via compromised web advertisements?

 

Now running adblock plus and noscript should in theory stop compromised web ads from infecting you but many people don't want to run no script because it significantly downgrades the web experience. It is also a more advanced addon and thus "dumb" PC users will be confused by it.

 

My roommate was running Chrome and adblock plus and still got it (luckily he knew the signs of it and stopped it in its tracks before it could take hold) so adblock alone wont prevent it because ot all webads are stopped with adblock.

News article on the new method of attack: http://threatpost.com/malvertising-campaign-on-yahoo-aol-triggers-cryptowall-infections/108987

[digmorcrusher]

I think that MBAM may stop it but not 100% guaranteed. To be safe I would use additional protection such as Hitman Pro Alert, Cryptoprevent or Appguard.

[1PW]

Hello Soloman02 and

Malwarebytes Anti-Exploit (MBAE) and Malwarebytes Anti-Malware (MBAM) Premium together used with a high-quality installed anti-virus application is particularly effective against malware of many varieties. Without exact hashes of questionable files and other detailed information regarding the precise identity of a particular malware's variant, your question is not answerable.

 

And at this point, discussion of what would or would not defend against an unverified/unidentified infection is totally non-productive. Stopping working malware at human speeds is fairly unlikely if the malware is, or has, progressed at computer speeds.

 

Identification and malware removal actions are not permitted in this sub-forum. I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

 

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

 

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste (not attach) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic.

 

Thank you.

[thegregster]

Thank you for this post! It has made my decision for purchasing MBAM Premium. 

Now all you guys need is a comparison chart showing differences between;

 

MBAM Premium  and MBAM anti-exploit Premium

 

Thanks

[daledoc1]

Now all you guys need is a comparison chart showing differences between;

 

MBAM Premium  and MBAM anti-exploit Premium

 

 

They are different, complementary and mutually compatible applications.

Simply put, MBAM blocks the WHAT of malware, while MBAE blocks the HOW.

So, it would be good to have both of them.

 

Cheers,