How to protect from FUD Virus

[Soving]

Hello i want to know, how to protect myself against FUD (fully undetected) Keyloggers/trojan/RAT's.

Some people make a virus FUD to send it to someone, so that the antivirus doesn't detect it as a virus.

How to protect myself against this kind of things?

[exile360]

A HIPS application/software firewall would likely stop something like this in its tracks. Of course, just using a good AV+MBAM PRO would also likely stop such a threat thanks to heuristics.

[Soving]

What's a HIPS application and how it works.

But i have seen on youtube some video's about a FUD Crypter than Crypt the Keylogger/RAT and it's just bypassing the antivirus/firewall because it's crypted.

[exile360]

Being "crypted" (encrypted/packed) doesn't matter if the encryption type of the file is heuristically detected (something that MBAM and AV's do with certain types of packing/encrypting on files, detecting them as "suspicious"), not to mention the fact that even if encrypted/packed, it has to unpack/decrypt to execute, so it still gets caught when it tries to enter memory.

As for HIPS, I don't use one myself, but you can find a bit of info about what it is and what it does here.

You also have to remember that just because the YouTube video showed something as being undetected, doesn't mean it will be undetected forever, or that the security software they used was up to date with the latest definitions. Detections change daily (and for MBAM, even more frequently since on a typical day we update our database 5-8 times). Some AV's update their database hourly, so what wasn't detected earlier today, may possibly be detected now.

[Soving]

Nice nice MR.exile360 thanks for sharing that.

[exile360]

You're welcome, I hope that cleared things up a bit .

Trust me, infecting computers is big business, so if there were any full proof method of making an infection truly "undetectable" then every infection out there would be using it. Crypting files to obscure their contents is old hat and has been used for many years and all the security software vendors are well aware of this tactic (it's also frequently used by polymorphic infections to try and make creating definitions for them more difficult, again, this is where heuristics comes into play because if done right, it can often still detect a polymorphic infection when it changes).

[Soving]

So exile by updating the Anti-Malwarebytes daily and updating my anti-virus. (Microsoft Security Essentials+ free avast anti-virus) daily. I will not have any Virus like a 'FUD' keylogger/RAT? By the way thanks for helping me!

[exile360]

No protection is 100%, but doing so will most likely keep you clean. Also remember to keep Windows up to date along with any browser add-ons you use, such as Adobe Flash Player, Adobe Reader and Java.

Surfing safe goes a long way too, avoiding shady sites on the web and avoiding downloading stuff with P2P software (torrents etc.).

[Soving]

You're welcome, I hope that cleared things up a bit .

Trust me, infecting computers is big business, so if there were any full proof method of making an infection truly "undetectable" then every infection out there would be using it. Crypting files to obscure their contents is old hat and has been used for many years and all the security software vendors are well aware of this tactic (it's also frequently used by polymorphic infections to try and make creating definitions for them more difficult, again, this is where heuristics comes into play because if done right, it can often still detect a polymorphic infection when it changes).

Sorry for posting that, because of your quick reply that i didn't see, i don't needed to write this:

'So exile by updating the Anti-Malwarebytes daily and updating my anti-virus. (Microsoft Security Essentials+ free avast anti-virus) daily. I will not have any Virus like a 'FUD' keylogger/RAT? By the way thanks for helping me! '

[exile360]

No problem, I responded to that question here .

[Soving]

To not to be infected, I not will open what i download like .exe / .com / .scr . Can a .jpg or a image be infected too?

[exile360]

Absolutely. Files like pictures, videos and audio can all be crafted in such a way to disguise them and they can contain infections (again, this is something that MBAM checks for and so do AV's) .

[Soving]

I'm now doing the Full scan on MBAM (before that i updated the version), after it i will do the flash-scan but what are the differences?

When i used the MBAM the first time, 10 things where infected.. including a ardamax keylogger. i delete them all thanks to MBAM.

My anti-virus said before i scanned my PC with MBAM, it was Safe. So i trust MBAM more now!

Now after 3 days i scan my PC again with MBAM (till now noo infectss )

thankss

[Soving]

Sorry for my bad english

[exile360]

Here's the different scan types in MBAM and what they do:

• Quick Scan - This is the default and recommended scan type. It checks all the known locations where infections like to actually install on your system, including program folders, system folders and the registry (and many more). Every time we find infections installing in a new location, it automatically gets added to the Quick Scan . It checks everything that the Flash Scan checks and a lot more.
  
• Flash Scan - This is a very quick check of your system for active infections running in memory, the registry as well as a heuristics check to look for new/unknown threats. It is less comprehensive than a Quick Scan, but is useful if you just updated MBAM and want to make sure that nothing that was added to the current update but wasn't detected by the previous database has infected your system (this is why we have an option for it to run after a successful update in the Scheduler if you have the PRO version of Malwarebytes' Anti-Malware).
  
• Full Scan - This is the last resort. This is what you use when you suspect your system is infected, but the infection was not found by a Quick Scan. It will check all locations on your computer, not just the locations where threats are known to install. It is generally not needed, but can be useful for finding dormant traces as well as infection installers/droppers that might be saved in a location that is not checked by the Quick Scan (if, for example, you save your downloads to a custom folder somewhere etc.).
  

[Soving]

Thanks i let to type to mutch, i'm sorry

Just Finished the Full + Flash Scan with the newest version of MBAM with no infections

The first time i used MBAM before 3 days with the full scan, 10 risks/detections deleted thanks to MBAM including a ardamax keylogger.

But before that i scanned my PC with my standard AV (Free Avast with the updated version) It didn't detect one of the 10 !

Soo MBAM i advise it to everything, it seems more better than AV's lol.

[Soving]

EDIT: everything = everyone

[karthik]

if u use mse and avast free, u r not protected because they r all based on traditional signature based security. avast is better than mse. but use comodo internet security, it has defence+ technology(HIPS) with mbam. no virus can't do any harm to ur computer with these two in action. but u have to learn how to use comodo internet security, so watch youtube videos on comodo internet security. its the BEST combination to protect ur computer. i am using comodo and mbam and i frequently test these two with zero-day threats which are very very latest like 1hour or something like that. finally u have to decide. but mse is waste, if u don't believe watch mse test and reviews on youtube.

[Soving]

Thanks for the information, can u reply on that Pm please

[AdvancedSetup]

@karthik

I'm happy that you like and enjoy Commodo but please do not post Malware detection or removal advice here on the forum. Only authorized and trained helpers are allowed to provide such advice in the HJT forum.

Your multiple posts about Commodo are now bordering on advertising spam on the forum. If you really wish to help out then please sign up at one of the schools for training.

Please see here as well.

The following are websites who host training facilities: United Network of Instructors and Trained Eliminators

• Bleeping Computer
  
  
• Geeks to Go
  
  
• SpywareHammer
  
  
• Malware Removal
  
  
• What the Tech
  
  
• Spyware Info Forum
  
  
• That Computer Guy
  
  
• Tech Support Forum

Thank you

[karthik]

sorry advancedsetup, i am new member to this forum, so i don't know about that and one thing i am not advertising comodo because my search for the best security stopped when i installed MBAM and comodo. so i want to help others if i can.

But any way, i am a normal member so i won't reply to those type of topics ever. Thanks for the telling.