Do you know any free software to protect against fileless malware attacks?

Prayag

Level 4
Thread author
Verified
Well-known
Mar 27, 2017
160
I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
 

Janl1992l

Level 14
Verified
Well-known
Feb 14, 2016
648
I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
Comodo firewall will protect u against fileless malware. The Autosandbox will care about any infection. :)
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Most any reputable AV will be able to remove the memory process if detected but no AV will be able to cleanup the keys that the dropper wrote to the registry after a successful infection.
Something like Comodo Firewall (using cruelsister's settings) will automatically sandbox the process the dropper uses or AppGuard with its MemoryGuard feature can prevent malware from reading/writing to another processes' memory.
 

Prayag

Level 4
Thread author
Verified
Well-known
Mar 27, 2017
160
Comodo firewall will protect u against fileless malware. The Autosandbox will care about any infection. :)
actually, i have tried cfw many times but didn't find it much good to be used in daily life.It slowed down my system very badly and also auto sandboxed all of my apps which i use daily which is quite frustrating.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Did you use my settings? Cruel Comodo will be as light as a feather. And the sandbox will only react to unsigned applications. It is childsplay to just tap on the "Do Not Virtualize" popup to take care of this issue.
 

JHomes

Level 7
Verified
Well-known
Jul 7, 2016
339
Avast will do the trick, don't know what your config is like but you might also want to grab a backup utility like Rollback Rx or Macrium Reflect after
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
You see, "fileless" malware has to start somewhere.
1 A malicious file was executed on your disk.
2 Your browser (or maybe your PDF reader, etc) was exploited.

Number 2 is very unlikely. You are running Windows 7, which is a decent operating system, and I assume you are also running a decent web browser, etc, and that you keep things updated. So number 2 is about as likely as a bolt of lightning from heaven striking you down. Might happen, but probably won't.

Number 1 is back to the same old story. You have AV programs, you have stuff like VoodooShield, etc.

But the main thing is to practice proper user habits. Think before you click. Mind over mouse.
And make regular system backups...
 
5

509322

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.

Poweliks is not limited to fileless (memory-only)

A Poweliks infection can be caused by:

1. A successful exploit followed by execution of malicious code via an interpreter (e.g. PowerShell); and
2. A file that got onto your system by a means other than an exploit and it was executed

The detection will be the same regardless of the manner in which Poweliks got onto the system.

Look at @Andy Ful 's Hard_Configurator here at MT.

If I recall correctly you can disable the PowerShell, Windows Scripting Host, and other shells.

Ask @Andy Ful - he will provide infos if you ask. Hard_Configurator is freeware.

Also, use EMET which is free.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Poweliks, hides itself in the Windows registry trying to evade antivirus controls, it checks for the presence of PowerShell and all the actions of the malware are stored within the registry, and the core is saved in a coded key not accessible to the user: the key code is binary and is carried out at each reboot.

Antivirus should intercept the initial infected file before it is executed, or, as a further line of defence, it should detect the exploit after the execution of the file or, as a last step, antivirus must detect abnormal behaviour in the Windows registry by blocking the corresponding processes by warning the user.

I think this last phase of the registry monitoring, is part of the active protection of most of the behavioral protection of the common AVs like Emsisoft, Kaspersky, etc. but essential has to be the user's interpretation of the antivirus alarm.
 

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
If you already got infected, no AV will save you in the future I can tell you that.

And the "trojan poweliks: fileless malware" dates from 2015 according to Symantec. I don't know how people really get infected, first step will be an non sandboxed browser I think.

"I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks."

What to do want? there is no such thing as 100% protection. Don't ask the impossible.

Comodo Firewall with proper settings or any other respectable software like Voodooshield or default deny configuration will keep your pc safe most of the time. The rest is up to your surf habit, your personal security moves such as what emails do you open, do you run your browser sandboxed, etc.
 
Last edited:

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
Hey, we all live and learn. Let's not take a dark attitude.

It's not a dark attitude. But if you got infected, you can't blame your AV or security setup. It ain't any fairy tail story. He said he got infected and then he asks for "Free software to protect against it", he wants software to fix he's issue. That's a lot to ask in my opinion.
 

Prayag

Level 4
Thread author
Verified
Well-known
Mar 27, 2017
160
If you already got infected, no AV will save you in the future I can tell you that.

And the "trojan poweliks: fileless malware" dates from 2015 according to Symantec. I don't know how people really get infected, first step will be an non sandboxed browser I think.

"I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks."

What to do want? there is no such thing as 100% protection. Don't ask the impossible.

Comodo Firewall with proper settings or any other respectable software like Voodooshield or default deny configuration will keep your pc safe most of the time. The rest is up to your surf habit, your personal security moves such as what emails do you open, do you run your browser sandboxed, etc.
hey, i run my browser sandboxed and there is no use of whitelisting software to me as i am mostly offline and whitelisting software always asks or blocks my files.I am using many softwares,even one of my drive totally includes softwares only and this is quite painful and i can't recommend such products to my friends for the same reason.If one needs to run any app blocked by such products,then he has to unblock it,then there is no actual use of such softwares.
 

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
hey, i run my browser sandboxed and there is no use of whitelisting software to me as i am mostly offline and whitelisting software always asks or blocks my files.I am using many softwares,even one of my drive totally includes softwares only and this is quite painful and i can't recommend such products to my friends for the same reason.If one needs to run any app blocked by such products,then he has to unblock it,then there is no actual use of such softwares.

I also have a lot of software and at the same time I run Comodo FW with the strongest settings and have no issues. Of course, I had to add some rules to the "Containment" module in order to have smooth software performance. I added all folders which needed to be excluded from such feature; like games and legit software that I run in my computer. I think I added like 12 folders in total after running every app and using windows for a few days in training mode, "for the HIPS". It's matter of context where this setup will work for anyone else. If my machine gets infected by malware that somehow was able to do damage through my security config either I'm rich and somehow a target for advanced hacking "not the case" or I just screwed it up. I tested my config in VM and couldn't throw a sample that was able to do damage, the HIPS worked great after all "In paranoid mode".
If you in this case for example got infected somehow by a fileless malware attack as you called it, then most AV's that rely on signatures and that do not offer additional modules such as behavior or HIPS or strong advanced heuristics or Virtualization won't help you that much in terms of security. You asked for free software to protect against fileless malware attacks, I don't think you could achieve that solid wall vs malware if you don't play enough with the "Free options" left.
PD: I hope you find the software you are looking for ;) MT is the best place to find it!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top