Hi, I have tested Comodo Cloud Antivirus 1.1.387596.183 with default settings, against Crypt0L0cker/TorrentLocker,
Windows 7 32Bit VirtualBox
(have Submited this file and reported it to Comodo Blacklist)
SHA256: d5b35d55be8f392b89da3e29880a4563d45bdc59cfc4cbba29796f77d4ad65f7
https://www.virustotal.com/sv/file/d5b35d55be8f392b89da3e29880a4563d45bdc59cfc4cbba29796f77d4ad65f7/analysis/1464297867/
The Ransomware was sandboxed at first, however the files became encrypted a few seconds later
and the Ransomware Notice stay sandboxed.
Didn't know where to post it so i posted it here.
Edit: found a post/blog about this Crypt0L0cker/TorrentLocker
https://heimdalsecurity.com/blog/torrentlocker-spoofs-telia-ransomware-attack/
Viruscope remained asleep;
The problem of the CIS, and other CCAV suites allow safe procedures, certificates ... allowed success in implementing the "trojancrypt";
In proac- configuration kept secure system but allowed safe processes run. This can be misleading, incluive I;
At least in virtualization, the CIS the main machine has not delivered an alert when the "trojancrypt" was performed with the CCAV and CIS virtual machine, the malware was able to encrypt main machine files.
A viable solution was to block any file access folders and files
Edit: Trojancrypt can encrypt files on shared networks (at least in procedures done by virtual machines, it is proven). So safe applications or certificates will never be reliable and should be blocked access to folders and files, either by direct memory access, instance, folders, injection ..;
Processes are the main problems of this type of malware. It is through these processes residing in memory and are considered safe, that run in the background and allow malware to gain success in their implementation. This should never happen!
Edit 2:encrypted files in the shared folder, allow unrestricted access trusted file is safe? (see image)
[attachment deleted by admin]
