CCE V/S MBAM + HitmanPro

[Guest]

[naren]

XP SP3 Real System
XP FW Enabled
No AV
60 Zero-Day Malware dated 18 & 19 on MDL, MBL, Malc0de & CleanMX

Ran all the 60 malware & created a restore point with CTM Beta

The collection of malware was damn good & the system was heavily infected.
A lot of things were changed in the system & a lot of things could not be started. Specially C drive, all the folders were turned into exe type, clicking on program files, windows etc gave the window like I was opening some exe app.

Ran MBAM full scan & quarantined all the threats found & restarted the system.
Ran HitmanPro & qurantined the threats found & restarted the stytem

Result - I could see malware still there. C dive had only 1 folder left named autorun with 0 bytes. I cleaned malware manually whatever I could but still I couldn't get C drive contents.

Restored the system back to infected state with CTM & cheked if all the infection are the same way & they were.

KillSwitch - Killed all the Malware, Camas.Suspicious & FLS.Unknown processes carefully. Also Killed 2 safe processes which MBAM had found malware in its scan.
Ran CCE full scan & cleaned the threats found & restarted the system. CCE detected FP's for 4 CTM files, 1 file of CCE itself. I hate when Comodo gives FP's for any of Comodo's own products.
Checked again with KillSwitch & killed any dangerous processes found
Quick Repaired all the things changed with Quick Repair
Deleted all the malware, camas.suspicious & FLS.Unknown & carefully. Also deleted quite a few safe entries app. 8 which malwarebytes & hitman had found malicious in their scan. Restarted the system
Checked again with KillSwitch, QR & Autorun. Nothing malicious found.

I could see malware still present. 2 malicious startup entries & C drive with few folders, clicking on any folder opened like I was opening any exe app. Deleted manually whatever I could but could not get the C drive contents.

So I ran MBAM & Hitman & quarantined the threats found which were quite a lot but nothing seem active to me but inactive malware. Restarted the system

2 malicious startup entries were still there, C drive was still the same with nothing accessible & few other probs.

Restored the system to clean state with CTM & everything was fine.

So who won?

I guess both lost & CTM WON

Thanxx
Naren

[EricJH]

Thanks for the test. I pointed egemen to this topic as I think he may be interested in that persistent malware that none of the programs was able to remove.

[naren]

Thanks for the test. I pointed egemen to this topic as I think he may be interested in that persistent malware that none of the programs was able to remove.

I restored the system to clean state with CTM & deleted the restore points & then created a new base point.
So I dont have the collection of malware now coz it wiped off with the restore points.

Next time I will try to save the samples & send it.

[Tags:]