Author Topic: Stories of heroism and victory....against malware using KillSwitch :)  (Read 26043 times)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 10938
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #30 on: December 29, 2010, 09:29:47 PM »
So this is the core of killswich? "show only the untrusted processes in memory" jajajaja are you telling me that this is the super revolutionary technology the only and most important thing?
Well, that's my favorite part. You can quickly look at it (after hiding known safe files) and easily discover whether you're infected or not.

The only part I'm not sure about is the effect if there was a rootkit on the system.

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3940
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #31 on: December 29, 2010, 09:35:38 PM »
Well, that's my favorite part. You can quickly look at it (after hiding known safe files) and easily discover whether you're infected or not.

The only part I'm not sure about is the effect if there was a rootkit on the system.

I am going to do personal testing against rootkits. I will test not only killswitch but also CCE against them.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline wj32

  • Comodo's Hero
  • *****
  • Posts: 387
    • Process Hacker
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #32 on: December 29, 2010, 09:37:05 PM »
Hopefully the devs will allow users to contribute code so at least some of these features will actually get implemented. It's one of the awesome things about free and open source software, and SourceForge.net.
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.

Offline bobad

  • Comodo Loves me
  • ****
  • Posts: 111
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #33 on: December 30, 2010, 11:05:51 AM »
Why I would want to kill any unknown process? very stupid option,

That's your opinion, not to be confused with facts.

The fact is, when you have a computer that's infected with who-knows-what, it can take hours and many re-boots to identify and tease out all the malware. I appreciate a quick solution to get the computer up and running so you can finish disinfecting it. I think MANY OTHERS appreciate it too.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13533
    • Video Blog
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #34 on: December 30, 2010, 11:09:09 AM »
That's your opinion, not to be confused with facts.

The fact is, when you have a computer that's infected with who-knows-what, it can take hours and many re-boots to identify and tease out all the malware. I appreciate a quick solution to get the computer up and running so you can finish disinfecting it. I think MANY OTHERS appreciate it too.

+1

this is a very useful feature for all the real world malware hunters out there!

Offline alve67

  • Newbie
  • *
  • Posts: 3
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #35 on: December 30, 2010, 12:47:48 PM »
I didn't know other process managers have the ability to verdict a file?
Can you pls show me which Process Manager have this ability? thanks
 

SpyDLLRemover seems to be similar... But I am no expert  ;D

http://www.rootkitanalytics.com/userland/spy-dll-remover.php

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #36 on: January 04, 2011, 06:42:41 AM »
Two weeks ago I need to manage two notebooks infected with Sality.
One had Kaspersky installed. The other, Avira.
I've used all weapons I know, from bootable CDs (like Kaspersky, AVG, Avira and Bitdefender). In one of them I've managed to install avast and run a boot time scanning.
Man, I've lost time... No way... Sality always come back.
I wish I could have tested KillSwitch on them. I reformated :'(
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline phalanaxus

  • Newbie
  • *
  • Posts: 12
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #37 on: January 04, 2011, 07:30:13 AM »
Not exactly related to KillSwitch but I find Dr.Web Boot CD the most effective for cleaning sality and virut infections, followed by a scan with HMP and MBAM. Haven't tried KillSwitch for this purpose yet, though.

Offline dave1234

  • Comodo's Hero
  • *****
  • Posts: 474
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #38 on: January 04, 2011, 07:36:39 AM »
Hi Tech. Could you have used CTM to go back to a point where you were not infected, rather than a tedious reformat?.I say this because you seem by your posts, to have been a user for some time.Oh, by the way before i got CTM i was also infected with sality and tried every possible way to remove it that i could think of and yes i reformatted eventually. Wish Killswitch was around then!.This was on a machine with Avast as the Av and Threatfire covering behaviour.

Neither are installed now, Cis and all its bells and whistles on both machines, should have known better and had Cis on both from the start.

Regards
Dave1234

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #39 on: January 04, 2011, 07:55:40 AM »
Hi Tech. Could you have used CTM to go back to a point where you were not infected, rather than a tedious reformat?
CTM was not installed in that notebooks.
CTM is currently not installed in my notebook as it is instable and the development is doing to slow. I work in a production machine and work at it. I need it, at least, without BSODs and data losing.

This was on a machine with Avast as the Av and Threatfire covering behaviour.
avast clean it but it reapers... I couldn't find exactly what was going on. The cleaning procedure was unsuccessful.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #40 on: January 04, 2011, 02:09:55 PM »
Just got an rogue infected laptop which patches exe's, it's called Antivirus Scan, killed the damn thing easily with KillSwitch, updated cce and now performing full system scan....
KillSwitch can even survive patching!
 :-TU

Edit: Initiating full scan restarts the computer with rogue then active in memory again, thus patching killswitch, but at least cce is active and scanning....
« Last Edit: January 04, 2011, 02:20:49 PM by GakunGak »

Offline wj32

  • Comodo's Hero
  • *****
  • Posts: 387
    • Process Hacker
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #41 on: January 04, 2011, 03:11:57 PM »
Just got an rogue infected laptop which patches exe's, it's called Antivirus Scan, killed the damn thing easily with KillSwitch, updated cce and now performing full system scan....
KillSwitch can even survive patching!
 :-TU

What do you mean by "patching"?
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #42 on: January 04, 2011, 03:15:48 PM »
You know, when you try to open an exe and instead rogue is activated/displayed on screen

EDIT: Well, I hate to say it, but after "cleaning" 3 trojan downloaders and restart, the virus was still there.
What cleaned the system was HitmanPro 3.5....
It also had proxy change detection [127.0.0.1:8074]....

 :-X
« Last Edit: January 04, 2011, 03:43:13 PM by GakunGak »

Offline knk2006

  • Comodo's Hero
  • *****
  • Posts: 540
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #43 on: January 04, 2011, 03:50:17 PM »
You know, when you try to open an exe and instead rogue is activated/displayed on screen

EDIT: Well, I hate to say it, but after "cleaning" 3 trojan downloaders and restart, the virus was still there.
What cleaned the system was HitmanPro 3.5....
It also had proxy change detection [127.0.0.1:8074]....

 :-X

I'm not in a position to judge but that " as far as I know " is not achieved using patching or whatever , I think it installs some sort of hooks. :) so that every time u try to run an application , the rogue intercepts it and run itself or shows a scanning progress window or whatsoever.

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #44 on: January 04, 2011, 03:53:55 PM »
Yeah, but "technical" term is called patching ;-)
I know it can be fixed using registry, I just wanted to see how it would do this way...
Even hitman had trouble starting so what I did was disable startup in msconfig, cleaned it with hitman, now using malwarebytes to finish the job and in the end norton power eraser, just to be sure...

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek