Author Topic: bypass CIMA  (Read 8563 times)

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 951
bypass CIMA
« on: August 05, 2011, 10:49:33 PM »
1.CIMA report:
http://camas.comodo.com/cgi-bin/submit?file=594c2b1d6505e6965e714e7c2b3314bb613bd8fa23af1378f51ca34fd1c61765

the result is Undetected

-----------------------------------------------
2.I double click on the malware.

defense+ events:

Quote
2011-08-06 11:32:48   C:\Documents and Settings\Roger\桌面\virus\B1CBDBE\B1CBDBE.EXE   Sandboxed As   Partially Limited   

 2011-08-06 11:33:18   C:\WINDOWS\system32\reg.exe   Sandboxed As   Partially Limited   

 2011-08-06 11:33:20   C:\WINDOWS\system32\conime.exe   Sandboxed As   Partially Limited   

 2011-08-06 11:33:23   C:\WINDOWS\system32\shutdown.exe   Sandboxed As   Partially Limited   

2011-08-06 11:33:23   C:\WINDOWS\system32\reg.exe   Modify Key   HKUS\S-1-5-21-1390067357-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\667527096   

 2011-08-06 11:33:23   C:\WINDOWS\system32\cmd.exe   Sandboxed As   Partially Limited   

2011-08-06 11:33:31   C:\WINDOWS\system32\shutdown.exe   Access COM Interface   LocalSecurityAuthority.Shutdown   

 2011-08-06 11:33:31   C:\WINDOWS\system32\cmd.exe   Modify File   C:\Documents and Settings\Roger\桌面\virus\B1CBDBE\B1CBDBE.EXE   
« Last Edit: August 07, 2011, 09:14:30 PM by a256886572008 »

Offline a256886572008

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 951
Re: bypass CIMA
« Reply #1 on: August 07, 2011, 09:13:47 PM »
another one

1.CIMA report:
http://camas.comodo.com/cgi-bin/submit?file=7b91386671a3a1333636381bf4400abf8c3d55f8aa7776159a33bcb445b8c1fd

the result is Undetected

2.I double click on the malware

defense+ events:
Quote
2011-08-08 09:51:53   C:\Documents and Settings\Roger\桌面\virus\driverc\driverc.exe   Sandboxed As   Partially Limited   

2011-08-08 09:52:20   C:\Documents and Settings\Roger\桌面\virus\driverc\driverc.exe   Modify File   C:\Documents and Settings\All Users\Application Data\Lupita\Lupita.exe   

 2011-08-08 09:52:48   C:\Documents and Settings\Roger\桌面\virus\driverc\driverc.exe   Modify Key   HKUS\S-1-5-21-1390067357-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\DesignerLG.exe   



Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3940
Re: bypass CIMA
« Reply #2 on: August 07, 2011, 09:15:05 PM »
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek