Author Topic: Reporting Malware (ZeroAccess)  (Read 3151 times)

Offline SectorA

  • Newbie
  • *
  • Posts: 1
Reporting Malware (ZeroAccess)
« on: April 29, 2013, 10:56:58 AM »
Hi!

I'm sorry for this *hit and run* post if it's not in the correct forum.  It's because I won't be active here. Just this thread I guess. I just want to say that I'm not satisfied with these results...

My OS: Windows Server 2012 for Datacenters (Malwarefree and legal copy from MSDN)
Evaluating: Comodo Endpoint Security Manager Free - 10 endpoints, fully featured trial
Browser: Dell KACE Security Browser (https://www.kace.com/products/freetools/secure-browser/)
Ethernet: 100 mbps down, 10 mbps up

Settings

UAC: Yes
Firewall: Windows
HIPS: Yes, by CESM
Updates: All updates

- Windows
- Comodo

Malware

Link: http://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99

NOT detecting:

- HIPS not responsive
- ESET Online Scanner (http://www.eset.com/us/online-scanner/) (1 full scan used)
- Sophos Virus Removal Tool
- Quick scan by Comodo AV for Servers (included in Endpoint Manager)
- Full scan by Comodo AV for Servers (included in Endpoint Manager)
- Cloud Scan freezing or not being responsive (or just extremly slow)

Extra info:

- Browser Virtualization by Dell browser doesn't seems to work out correctly. So you can count on it's not a working virtualized solution.

Detecting: McAfee Rootkit Remover (http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx)

Just to say... This is just a low level threat. BUT if Comodo isn't responsive to this threat it may not be responsive on any Blackhole Exploit Kit (or similar) malware that take advantage of browser security. This is crucial.

[attachment deleted by admin]
« Last Edit: April 29, 2013, 11:02:48 AM by SectorA »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25669
Re: Reporting Malware (ZeroAccess)
« Reply #1 on: April 29, 2013, 01:48:11 PM »
Do I understand correctly you had an infection in your system which was not found when scanning with Comodo, Eset and Sophos? Only McAfee found it?

I assume that your system was infected before you installed Comodo AV. Is that correct?

Please notice that a HIPS is about preventing. Once you allowed malware after HIPS alerts there is nothing a HIPS can do. It is then to the detection based layer.
« Last Edit: May 07, 2013, 02:55:31 PM by EricJH »

Offline MichelB

  • Comodo's Hero
  • *****
  • Posts: 516
Re: Reporting Malware (ZeroAccess)
« Reply #2 on: May 07, 2013, 06:22:01 AM »
Hi SectorA,

Could you please run Comodo Cleaning Essentials on that box? http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

Please take great care when modifying files on a server though.

Please advise your findings...

Thank you,
Michel.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek