Jump to content

Doesn't prevent infection after reboot


Recommended Posts

See http://imgur.com/a/b9oEa. Last image is after the reboot.

Looks like it stops it from cryptolocking all the files at run time, but despite the popup, the UI doesn't show anything in quarantine.

It also doesn't seem to remove the autorun registry entry, which I guess is why it can't stop cryptowall on a reboot after infection.

 

The sample I used was this: https://malwr.com/analysis/MDQ2YjNhMmQzNTM3NGIyODk0MzRhZGYyMWViNTdkNWM// https://www.hybrid-analysis.com/sample/50b011838c687a7c1cd225c23522ee969596735248e040a6561d07533bd95dd6

It looks like a newer variant of cryptowall4?

 

https://malwr.com/analysis/ZDhiNWYyMWFkMzhjNGE5YThiOWIwZWRkOTMyNmU4M2I/is the bootup entry

 

https://www.virustotal.com/en/file/50b011838c687a7c1cd225c23522ee969596735248e040a6561d07533bd95dd6/analysis/

 

I can provide the initial sample if needed. (This was run on an unpatched windows 7 box running nothing but anti-RW)

 

post-198441-0-94763300-1453797360_thumb.

post-198441-0-39228200-1453797368_thumb.

post-198441-0-46123900-1453797376_thumb.

post-198441-0-84616900-1453797364_thumb.

post-198441-0-34887300-1453797372_thumb.

Link to post
Share on other sites

Thanks for the report kyhwana. We do block this but there's a bug which will be fixed in beta2 to be released tomorrow.

 

Please re-test with beta2 and thanks again for your help in improving this product!

Link to post
Share on other sites

Thanks for the report kyhwana. We do block this but there's a bug which will be fixed in beta2 to be released tomorrow.

 

Please re-test with beta2 and thanks again for your help in improving this product!

Question, how will the updates be rolled out with MBARW, auto update or manual? How will it work  Because I see no place in the UI that states "update" ?

Link to post
Share on other sites

Malwarebytes Anti-Ransomware Beta 2 has been released, download or update now!

(If you have MBARW installed it should prompt to update)

Information:

Malwarebytes Anti-Ransomware (BETA) 0.9.5

Improvements:

• Improved rules to prevent false positives on legitimate software

Issues Fixed:

• Fixed issue that interfered with proper detection of latest CryptoWall 4 variant

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.