I'm wondering if any AV suite is capable of detecting Virtumonde before it installs and does its damage? I'm using an older version of Norton. I keep my definitions up to date. But this obviously didn't work.

My Norton subscription expires in a few days. I will probably end up reformatting my hard drive, as I'm not optimistic about fixing the infection. So I should have a clean slate to start from.

Has anybody ever halted an attempted Virtumonde installation before it could happen? If so, which AV were you using?

Thanks!

Some programs that include HIP (Hosts Intrusion Prevention) can prompt you the nanosecond that some change has occurred. So take for example (just an example), Defense+ in Comodo Pro Firewall is a HIP feature. So it'll prompt you on changes.

To the point. The general idea of an anti-virus is to prevent malicious changes and intrusion. So you have to make sure their Resident Sheids (Active Real-Time Protection) is active. So it would be like, if you should accidentally open a malicious file your AV will prompt you and alert that a trojan/virus has been executed, however your AV stopped it from doing any damage. It will move it to a Quarantine etc.

If you have a Virtumonde infection, you can always ask for help in the Malware Removal Forums here for free.

Virtumonde might install through vulnerabilities and exploits. Like a dated version of Java. In other cases, it might install with something malicious that piggy-backed a download you received online.

melbeach's malware forum topic. http://forums.spybot.info/showthread.php?t=37113 ;)

Some programs that include HIP (Hosts Intrusion Prevention) can prompt you the nanosecond that some change has occurred.

Thanks for the info. So that makes sense. Norton does have that type of protection though. I just don't think it has Virtumonde in it's database. Am I wrong about that? Well If anyone out there remembers his or her AV software stopping a Virtumonde infestation in it's tracks, I would love to hear about it. I would consider that a very ringing endorsement for that product.

As Tashi mentioned, I have another thread open for my infection. So I should probably funnel my energy over there: http://forums.spybot.info/showthread.php?p=256743&posted=1#post256743. Thanks again!

So that makes sense. Norton does have that type of protection though. I just don't think it has Virtumonde in it's database. Am I wrong about that?
I'll just answer that part. Norton does have Virtumonde in it's database. But I'm not so familiar with Norton because I have not used NAV 07-09, so I'm not a fan.

Norton does not show any facility of a HIP feature, but it sure does have Real Time Protection.