Perhaps Daniel San can step in and explain this better, but from what I saw in Rack911labs’ demo video on windows. Running voodoo along side the antivirus of your choice will prevent this kind of attack in always on mode. Because this exploit requires the use of a command line and every windows system file is protected by voodoo against those kinds of things.
|VPN(paid)|VoodooShield(Paid)|SecureAPlus (Paid,Pro)|Sandboxie Plus, by Xanasoft|HitManPro.Alert!(Paid)|