Prayag

Level 4
I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
 

Janl1992l

Level 13
Verified
I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
Comodo firewall will protect u against fileless malware. The Autosandbox will care about any infection. :)
 

Arequire

Level 23
Verified
Content Creator
Most any reputable AV will be able to remove the memory process if detected but no AV will be able to cleanup the keys that the dropper wrote to the registry after a successful infection.
Something like Comodo Firewall (using cruelsister's settings) will automatically sandbox the process the dropper uses or AppGuard with its MemoryGuard feature can prevent malware from reading/writing to another processes' memory.
 

shmu26

Level 83
Verified
Trusted
Content Creator
You see, "fileless" malware has to start somewhere.
1 A malicious file was executed on your disk.
2 Your browser (or maybe your PDF reader, etc) was exploited.

Number 2 is very unlikely. You are running Windows 7, which is a decent operating system, and I assume you are also running a decent web browser, etc, and that you keep things updated. So number 2 is about as likely as a bolt of lightning from heaven striking you down. Might happen, but probably won't.

Number 1 is back to the same old story. You have AV programs, you have stuff like VoodooShield, etc.

But the main thing is to practice proper user habits. Think before you click. Mind over mouse.
And make regular system backups...
 
5

509322

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
Poweliks is not limited to fileless (memory-only)

A Poweliks infection can be caused by:

1. A successful exploit followed by execution of malicious code via an interpreter (e.g. PowerShell); and
2. A file that got onto your system by a means other than an exploit and it was executed

The detection will be the same regardless of the manner in which Poweliks got onto the system.

Look at @Andy Ful 's Hard_Configurator here at MT.

If I recall correctly you can disable the PowerShell, Windows Scripting Host, and other shells.

Ask @Andy Ful - he will provide infos if you ask. Hard_Configurator is freeware.

Also, use EMET which is free.
 

Winter Soldier

Level 25
Poweliks, hides itself in the Windows registry trying to evade antivirus controls, it checks for the presence of PowerShell and all the actions of the malware are stored within the registry, and the core is saved in a coded key not accessible to the user: the key code is binary and is carried out at each reboot.

Antivirus should intercept the initial infected file before it is executed, or, as a further line of defence, it should detect the exploit after the execution of the file or, as a last step, antivirus must detect abnormal behaviour in the Windows registry by blocking the corresponding processes by warning the user.

I think this last phase of the registry monitoring, is part of the active protection of most of the behavioral protection of the common AVs like Emsisoft, Kaspersky, etc. but essential has to be the user's interpretation of the antivirus alarm.
 

darko999

Level 17
Verified
If you already got infected, no AV will save you in the future I can tell you that.

And the "trojan poweliks: fileless malware" dates from 2015 according to Symantec. I don't know how people really get infected, first step will be an non sandboxed browser I think.

"I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks."

What to do want? there is no such thing as 100% protection. Don't ask the impossible.

Comodo Firewall with proper settings or any other respectable software like Voodooshield or default deny configuration will keep your pc safe most of the time. The rest is up to your surf habit, your personal security moves such as what emails do you open, do you run your browser sandboxed, etc.
 
Last edited:

Prayag

Level 4
If you already got infected, no AV will save you in the future I can tell you that.

And the "trojan poweliks: fileless malware" dates from 2015 according to Symantec. I don't know how people really get infected, first step will be an non sandboxed browser I think.

"I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks."

What to do want? there is no such thing as 100% protection. Don't ask the impossible.

Comodo Firewall with proper settings or any other respectable software like Voodooshield or default deny configuration will keep your pc safe most of the time. The rest is up to your surf habit, your personal security moves such as what emails do you open, do you run your browser sandboxed, etc.
hey, i run my browser sandboxed and there is no use of whitelisting software to me as i am mostly offline and whitelisting software always asks or blocks my files.I am using many softwares,even one of my drive totally includes softwares only and this is quite painful and i can't recommend such products to my friends for the same reason.If one needs to run any app blocked by such products,then he has to unblock it,then there is no actual use of such softwares.
 

darko999

Level 17
Verified
hey, i run my browser sandboxed and there is no use of whitelisting software to me as i am mostly offline and whitelisting software always asks or blocks my files.I am using many softwares,even one of my drive totally includes softwares only and this is quite painful and i can't recommend such products to my friends for the same reason.If one needs to run any app blocked by such products,then he has to unblock it,then there is no actual use of such softwares.
I also have a lot of software and at the same time I run Comodo FW with the strongest settings and have no issues. Of course, I had to add some rules to the "Containment" module in order to have smooth software performance. I added all folders which needed to be excluded from such feature; like games and legit software that I run in my computer. I think I added like 12 folders in total after running every app and using windows for a few days in training mode, "for the HIPS". It's matter of context where this setup will work for anyone else. If my machine gets infected by malware that somehow was able to do damage through my security config either I'm rich and somehow a target for advanced hacking "not the case" or I just screwed it up. I tested my config in VM and couldn't throw a sample that was able to do damage, the HIPS worked great after all "In paranoid mode".
If you in this case for example got infected somehow by a fileless malware attack as you called it, then most AV's that rely on signatures and that do not offer additional modules such as behavior or HIPS or strong advanced heuristics or Virtualization won't help you that much in terms of security. You asked for free software to protect against fileless malware attacks, I don't think you could achieve that solid wall vs malware if you don't play enough with the "Free options" left.
PD: I hope you find the software you are looking for ;) MT is the best place to find it!