DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
AntiVirus 2010 can a Vigor Stop it from being downloaded ?
- jnewgas
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
22 Feb 2010 10:41 #60679
by jnewgas
AntiVirus 2010 can a Vigor Stop it from being downloaded ? was created by jnewgas
AntiVirus 2010 is a nasty piece of malware which pretends to be an anti-virus program for XP and Vista. It is becoming quite common and seems to spread by getting users to click on a fake pop-up which then downloads AntiVirus2010.exe or AV2010.EXE
Any ideas on using the filters on a Draytek 2800 or 2820 to stop this from downloading:?:
John in London
Any ideas on using the filters on a Draytek 2800 or 2820 to stop this from downloading
John in London
Please Log in or Create an account to join the conversation.
- kc_
- Offline
- Junior Member
Less
More
- Posts: 83
- Thank you received: 0
22 Feb 2010 23:05 #60697
by kc_
Replied by kc_ on topic AntiVirus 2010 can a Vigor Stop it from being downloaded ?
train the users ;)
Please Log in or Create an account to join the conversation.
- jnewgas
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
23 Feb 2010 00:44 #60699
by jnewgas
Replied by jnewgas on topic AntiVirus 2010 can a Vigor Stop it from being downloaded ?
I have sent out a note to those I advise. However this has happened here at home and my normally aware daughter knew that there was a new Microsoft Anti-Virus and thought I had put it on her machine.
A constructive solution would be a good use of the filtering ability, for when someone is careless or inattentive - I am sure others would find it worth addying to their Vigor filters.
A constructive solution would be a good use of the filtering ability, for when someone is careless or inattentive - I am sure others would find it worth addying to their Vigor filters.
Please Log in or Create an account to join the conversation.
- cifer
- Offline
- Junior Member
Less
More
- Posts: 21
- Thank you received: 0
24 Feb 2010 11:04 #60744
by cifer
Replied by cifer on topic AntiVirus 2010 can a Vigor Stop it from being downloaded ?
Blocking an exe by name is all well and good untill it changes name, which AV2010 does alot, not forgetting all the variants that now exists. web proxying would be the only way to prevent somthing like this with all traffic being scanned for malwar/virus/trojans.
Please Log in or Create an account to join the conversation.
- cocospm
- Offline
- Member
Less
More
- Posts: 100
- Thank you received: 0
24 Feb 2010 22:54 #60763
by cocospm
While the particular variants you have experienced may happen to have the filenames you mention, using filenames to stop such threats is a non-starter. If you want such threats stopped at the firewall, you will need to go for a UTM (Universal Threat Management) firewall device, of which the Vigor routers are not. UTM devices come at a much higher price than the Vigors.
That said, UTM devices - like client (or server) security software - are regularly missing these kinds of threat just now. They are very sophisticated 'polymorphic' threats which mutate regularly, getting themselves past signature-based security software with ease.
As kC_ suggested, the only effective way to deal with these threats is to educate the user. Put simply, make the user familiar with what security software is installed on his/her computer, such that he/she can properly identify an alert window as being from that software. Then any other security alert is, by definition, malicious. If an alert pops up that cannot be positively identified as coming from their own security software, ensure they know to (a) avoid clicking on or otherwise interacting with the alert window in any way, and (b) go to the start button/orb and immediately restart the computer. This is not by any means foolproof but will, in conjunction with sensible security measures, very often prevent the threat taking hold.
Whatever you do, do not kid yourself into believing you can 100% secure a computer against such threats, save for throwing it in the nearest deep lake.
Replied by cocospm on topic Re: AntiVirus 2010 can a Vigor Stop it from being downloaded
AntiVirus 2010 is a nasty piece of malware which pretends to be an anti-virus program for XP and Vista. It is becoming quite common and seems to spread by getting users to click on a fake pop-up which then downloads AntiVirus2010.exe or AV2010.EXEjnewgas wrote:
Any ideas on using the filters on a Draytek 2800 or 2820 to stop this from downloading:?:
John in London
While the particular variants you have experienced may happen to have the filenames you mention, using filenames to stop such threats is a non-starter. If you want such threats stopped at the firewall, you will need to go for a UTM (Universal Threat Management) firewall device, of which the Vigor routers are not. UTM devices come at a much
That said, UTM devices - like client (or server) security software - are regularly missing these kinds of threat just now. They are very sophisticated 'polymorphic' threats which mutate regularly, getting themselves past signature-based security software with ease.
As kC_ suggested, the only effective way to deal with these threats is to educate the user. Put simply, make the user familiar with what security software is installed on his/her computer, such that he/she can properly identify an alert window as being from that software. Then any other security alert
Whatever you do, do not kid yourself into believing you can 100% secure a computer against such threats, save for throwing it in the nearest deep lake.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek