Other issues in this category (59)
How not to lose your anti-virus
Another complaint from a dissatisfied user:
Drweb missed a Trojan that encrypted all the files it was able to get its hands on.
A request submitted to Doctor Web's Technical Support Service
Our support engineers requested additional information:
The information you have provided is insufficient. Please download the dwsysinfo.exe, utility and run it on the compromised PC to generate a report. Attach the report to your next message.
Further investigation revealed that:
The anti-virus failed to detect the encryption ransomware because the anti-virus wasn't installed on the infected PC. On 11.07.2018 the anti-virus agent had been removed from the computer.
Of course, there was no way to tell who actually uninstalled it, but the fact remains. How could that happen? At least two possibilities exist:
- Someone who had access to the computer took advantage of the fact that Dr.Web's settings weren't password-protected and removed the software;
- Someone exploited a vulnerability and/or took advantage of the fact that the remote access features weren't disabled and/or a weak password was being used and ran the installation wizard to delete the Dr.Web software.
- Set a password to protect the anti-virus's settings—that's easy. Important: different passwords must be used to protect the settings and to access the PC.
- Lock the screen before leaving your PC.
- Install all security updates—nobody should be able to sneak into your PC through any loopholes.
- Disable the features you do not use.