F-secure doesn't detect Win32/Ramnit.A, didn't protect my machine
We have a 3 user license for F-Secure and it was installed and up to date. The system logs show it downloading an Aquarius update just before the system became infected with Ramnit:
2013-04-10 14:43:33.343 [0718.076c] I: Connecting to guts.sp.f-secure.com (no BW proxy, no HTTP proxy)...
2013-04-10 14:43:38.765 [0718.172c] I: Downloaded 'F-Secure Aquarius Update 2013-04-10_06' - 'aquawin32' version '1365595929' from guts.sp.f
-secure.com, 291302043 bytes (download size 348101 bytes)
2013-04-10 14:43:38.875 [0718.076c] I: Update check completed successfully.
2013-04-10 14:44:47.640 [0718.063c] I: Installation of 'F-Secure Aquarius Update 2013-04-10_06' : Success
2013-04-10 15:43:33.343 [0718.076c] I: Connecting to guts.sp.f-secure.com (no BW proxy, no HTTP proxy)...
2013-04-10 15:43:36.390 [0718.076c] I: Update check completed successfully. No updates are available.
2013-04-10 16:43:33.343 [0718.076c] I: Connecting to guts.sp.f-secure.com (no BW proxy, no HTTP proxy)...
2013-04-10 16:43:34.453 [0718.076c] I: Update check failed. There was an error connecting guts.sp.f-secure.com (Connection refused)
2013-04-10 16:44:34.500 [0718.076c] I: Connecting to guts.sp.f-secure.com (no BW proxy, no HTTP proxy)...
2013-04-10 16:44:35.593 [0718.076c] I: Update check failed. There was an error connecting guts.sp.f-secure.com (Connection refused)
Ramnit messed around with the DNS resolved and broke ability to connect to guts.sp.f-secure.com and other antivirus websites, meaning that updating was no longer possible.
F-secure did not detect or prevent this infection. I had to install MS Security Essentials to remove it.
Some infected files were still on the system and I found copies of them in System Restore. I submitted a sample to F-Secure's online service, and it is detected as a virus:
Trojan.GenericKDV.935179 Aquarius F-Secure
However, the online check gives the system a clean bill of health. MS Security Essentials still detects and blocks the virus in the copy I made in c:\. I reinstalled F-Secure and it still DOES NOT detect the virus or protect the system:
Scanning Report 28 April 2013 19:29:09 - 19:29:11 Computer name: VALERIA Scanning type: Scan target Target: C:\A0098457.exe Result No malware found Statistics Scanned: Files: 1 Not scanned: 0 Result: Viruses: 0 Spyware: 0 Suspicious items: 0 Riskware: 0 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Quarantined: 0 Failed: 0 Boot Sectors: Scanned: 0 Infected: 0 Suspicious items: 0 Disinfected: 0 Options Definitions version: Viruses: 2013-04-26_04 Spyware: 2013-04-26_04 Scanning Engines: F-Secure Hydra: 5.10.8626, 2013-04-26 F-Secure Online: 13.22.19120, 0-00-00 F-Secure Gemini: 3.02.161, 2013-04-17 Scanning options: Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 TMP VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Scan inside archives Actions: Viruses: Ask after scan Spyware: Ask after scan Copyright © 1998-2012 Product support | Send virus sample to F-Secure
Also it does not even seem to use the Aquarius engine. Is that why it's not detected?
Anyway I cannot trust f-secure to protect this computer. It still does not detect the virus.