Cryptowall V3.0 Virus Renders Bitdefenderfree (bdf) Useless
I got a PC from a user that has BitDefenderFree (BDF) v1.0.21.1099 installed but it had been totally rendered useless by the cryptowall v3.0 ransom ware virus. This virus took over the entire computer system and easily shut down and locked BDF from operating. Even after removing the virus with MWB you could not run, uninstall, or re-install BDF. When you tried to do so, you would get the following error message: "Windows cannot open this program because it has been prevented by a software restriction policy".
I ran tweaking all in one utility to restore the policies modified by the virus, but it did not fix this problem. After running several other utilities the only fix that I found that was able to remove the restriction policies preventing BDF from running was ComboFix. After running the fix file with ComboFix, and rebooting the PC, BDF started up again after booting.
I can't believe how easily this virus was able to render BDF totally ineffective. What ever happened to the self protect module that is supposed to keep something like this from happening? BDF was totally defeated without a fight.
Comments
-
It is time to understand that anti-virus is not the only protection against malware. If a user who has the virus disabled BDF worked in an account with the user, or at least not disable UAC and respond to its requests, then all that has happened would not have happened. It is also time to clarify for myself that until now there is no anti-virus, which would be 100% protection system.
0 -
You are assuming. There was no interaction with the user to turn off anything including using UAC. In fact there were no signs that anything was happening until the notice to pay showed up on the desktop.
0 -
In the case of the cipher UAC and standard user rights certainly will not help. But that would not shut off anti-virus malware is a good way to protect.
Protection cryptographers at the moment is the only backup.0