bypass valkyrie (fake sysdef)

[Guest]

[a256886572008]

1.
6DSS92c31Apgjk.exe

https://valkyrie.comodo.com/Result.html?sha1=f8ffc42ace9a77d096af8d1de5a8667909d496df&&query=0&&filename=6DSS92c31Apgjk.exe

Final Result: Normal

2011-11-03 19:49:54   C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe   Sandboxed As   Partially Limited  

2011-11-03 19:50:45   C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe   Modify File   C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT  

 2011-11-03 19:50:45   C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe   Modify File   C:\Documents and Settings\Roger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT  

2011-11-03 19:51:05   C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu  

 2011-11-03 19:51:05   C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe   Modify Key   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Start Menu  

 2011-11-03 19:51:10   C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1601  

2.
dfsfss.exe

https://valkyrie.comodo.com/Result.html?sha1=4c47c04d7270a9be7af3502c1addca8d2f559ad9&&query=0&&filename=dfsfss.exe

Final Result: Normal

2011-11-03 19:46:17   C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe   Sandboxed As   Partially Limited  

2011-11-03 19:46:51   C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe   Access Memory   C:\Program Files\Opera\opera.exe  

 2011-11-03 19:46:56   C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System  

 2011-11-03 19:46:56   C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe   Modify File   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe  

 2011-11-03 19:46:56   C:\Documents and Settings\Roger\桌面\virus\dfsfss\dfsfss.exe   Modify Key   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GaRJGgXVekDX.exe

2011-11-03 19:46:51   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Sandboxed As   Partially Limited  

2011-11-03 19:47:36   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Control Panel\7f6b3266-31c5-43a8-9547-e7911ad6fb33  

 2011-11-03 19:49:29   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Access Memory   C:\Program Files\COMODO\COMODO Internet Security\cfp.exe  

 2011-11-03 19:49:37   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden  

 2011-11-03 19:49:37   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop  

 2011-11-03 19:49:59   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Modify Key   HKUS\S-1-5-21-1004336348-1383384898-1801674531-1003\Control Panel\bin  

 2011-11-03 19:53:34   C:\Documents and Settings\All Users\Application Data\GaRJGgXVekDX.exe   Access Memory   C:\WINDOWS\system32\taskmgr.exe
 
delete all shortcut files

[webbie146]

Valkyrie like all other scanners can be bypassed. Couldn't you just submit the file to the AV analysts?

[Siketa]

Hmmm....CAMAS didn't detect registry key modifications....

When those new sensors are going to become fully operational?

[Tags:]