Author Topic: Stories of heroism and victory....against malware using KillSwitch :)  (Read 25072 times)

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
My colleague gave me his PC infected with trojan last night.
It disabled Task Manager, Registry Editor, Safe Mode and System Restore.
Tried HitmanPro with Force Breach. scanned but couldn't clean. Abort.
Tried to install Malwarebytes, get error during arround 50% install. Abort.
Started CCE, updated, full scan, found 125 threats, all related to problem. Cleaned, computer works.
Very old machine, XP SP2, 240MB Ram, 40ish GB HDD... Scan done of over 4 million files in 3 hours.
One false positive [heuristics high] for old printer driver file, submitted as false positive.
Verdict: Awesome!  :-TU

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11417
  • Linux is free only if your time is worthless.;-)
My colleague gave me his PC infected with trojan last night.
It disabled Task Manager, Registry Editor, Safe Mode and System Restore.
Tried HitmanPro with Force Breach. scanned but couldn't clean. Abort.
Tried to install Malwarebytes, get error during arround 50% install. Abort.
Started CCE, updated, full scan, found 125 threats, all related to problem. Cleaned, computer works.
Very old machine, XP SP2, 240MB Ram, 40ish GB HDD... Scan done of over 4 million files in 3 hours.
One false positive [heuristics high] for old printer driver file, submitted as false positive.
Verdict: Awesome!  :-TU

Nice!!  :-TU :-TU :-TU It's not half bad, is it?  ;)

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
It did the job what was supposed to do  8)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13444
    • Video Blog
This is only the start of a one good cleaning product ;)

we will continue to improve it!

Melih

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Is there a way to test the capabilities of KillSwitch to kill running malware?
I mean, of course, something like disabling the resident antivirus and then running eicar test and kill it by KillSwitch? Is there any other way to test it?
Of course I can test KillSwitch with clean processes. But I can't kill protected processes for instance. KillSwitch does nothing against them.
I'm just thinking what will happen when I try to kill a resistant malware running ::)
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Did you try right click>terminator option?

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Did you try right click>terminator option?
To what? A clean process? It will work for sure.
What can it do against a protected process?
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Go to services and stop avast service....
Then delete service.
Then go to processes and if still running, try again to terminate it.

Offline JoWa

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3539
What can it do against a protected process?
Terminate it, the driver is loaded. ;)
Right-click on the process you want to terminate, select Terminator. Run all and post the result here.
Thanks. :)
Ubuntu 14.04, 64-bit | Chrome 35β | HTTPS Everywhere
Forum Policy | Comodo Product Help

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Go to services and stop avast service....
Then delete service.
Then go to processes and if still running, try again to terminate it.
Eh eh... It's not that easy... You can't terminate malware that easy... as you can't stop avast that easy...
Windows cannot stop avast service without user interaction. Malware can block this option...
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Terminate it, the driver is loaded. ;)
Right-click on the process you want to terminate, select Terminator. Run all and post the result here.
Thanks. :)
With driver loaded, you can't terminate any type of malware as you can't terminate the antivirus (that easy)...
I'm laughing on "process is terminated" message... The first run could only win at stage CH1. Then running each test individually get the "ok" status... But the process stays there, running, not a signal of being really killed.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3940
I killed avast pretty easy. What I did is that I killed the UI first using terminator, then I used terminator to kill the service. It restarted a few times but after killing it two or three times it stopped restarting and it was gone for good.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline JoWa

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3539
Thanks for the screenshot. Actually (Not available) for TP3 and TT3 indicates that the driver is not loaded.
From wj32, developer of Process Hacker:
You can clearly see "(Not available)" next to TP3 and TT3, which indicates the driver isn't loaded or can't be connected to.
Ubuntu 14.04, 64-bit | Chrome 35β | HTTPS Everywhere
Forum Policy | Comodo Product Help

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
I killed avast pretty easy. What I did is that I killed the UI first using terminator, then I used terminator to kill the service. It restarted a few times but after killing it two or three times it stopped restarting and it was gone for good.
Mine happened the same. avast indeed is being killed if you run more than once.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline knk2006

  • Comodo's Hero
  • *****
  • Posts: 540
I haven't seen a better killer than the terminator in D+, I've killed kaspersky with it :) , I would assume Avast! will fail easily...

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek