* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 20, 2013, 03:48:45 PM

Login with username, password and session length

663281 Posts
70512 Topics
153430 Members
Latest Member: Yurkvikvk

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Security Products & Services
| |-+  Comodo Internet Security - CIS
| | |-+  News / Announcements / Feedback - CIS
| | | |-+  bypass comodo v5.10 (.hta file)		 « previous next »
Pages: [1] Go Down Print
Author Topic: bypass comodo v5.10 (.hta file)  (Read 2454 times)
a256886572008
Star Group
Comodo's Hero
*****
Offline Offline

Posts: 781
« on: June 03, 2012, 02:44:21 AM »
1.I open the url with opera.



2.I open the url with IE 8.

After that, comodo does not popup any alert window.



3.I check the active process list.

comodo trusts the malware.



4.I check the autoruns.





https://valkyrie.comodo.com/Result.html?sha1=481244a8ddf8eab998be4f45ae398680af1038d2&&query=0&&filename=consumer742tY.dic

5.environment:

Windows XP SP3 32bit

IE 8.0.6001.18702

the configuration is "internet security"
« Last Edit: June 03, 2012, 03:18:37 AM by a256886572008 » Logged
nizarawi
Malware Research Group
Newbie
*****
Offline Offline

Posts: 22
« Reply #1 on: June 03, 2012, 06:44:05 AM »
helloo
can you send me the simple
Logged
Ronny
Product Translator
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 13180


Volunteer Moderator
« Reply #2 on: June 03, 2012, 07:00:14 AM »
What effect where left after a reboot?
Logged
Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!
a256886572008
Star Group
Comodo's Hero
*****
Offline Offline

Posts: 781
« Reply #3 on: June 03, 2012, 07:26:14 AM »
Quote from: Ronny on June 03, 2012, 07:00:14 AM
What effect where left after a reboot?

The process is still active.



process tree:
svchost.exe --> mshta.exe --> wmMsgSvr.exe( wscript.exe)

(1) mshta.exe created an autorun entry
Quote
2012-06-03 21:38:48   C:\WINDOWS\system32\mshta.exe   Modify Key   HKUS\S-1-5-21-448539723-261903793-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\opposf Passace

(2) comodo did not sandbox the process, mshta.exe

(3)the service for the svchost.exe is "DCOM Server Process Launcher"
« Last Edit: June 03, 2012, 12:08:09 PM by a256886572008 » Logged
Chiron
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 5570
« Reply #4 on: June 03, 2012, 12:16:58 PM »
Can you please send me a link to the site?
Logged
How To Install Comodo Firewall

How To Stay Safe While Online
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.059 seconds with 21 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com