Hi.
1.
Tested CCE against Zero Access again.
Some facts:
Great job CCE team, that it is shielded up for ZA attack, but it cannot remove it (I suggested you an idea about removing during booting, like Comodo Program Manager does). I have this sample, it’s Dropper, after executing and restart rootkit ZeroAccess is infecting the system.
Recent variants of TDL4 test is in progress…
You mean that CCE was dead after restart and the malware survived on which system config did you test
That was Windows 7 x32 bit.
Confirmed detecting and removal of TDL4 rootkit. :-TU
So it can remove TDL4, but not Zero Access. Is that correct?
That is fully correct, sir :-TU
Thanks.
Have you found any rootkits that it can’t detect?
I found that CCE is able to detect almost all malicious MBR changes.
we want CCE to be the most effective cleaning tool for our users!
keep helping us improve it please.
thanks
Melih
With which ZA sample did you test?
Here it cleaned mine but unfortunately it “cleaned” also network connection since ZA infected afd.sys driver.
Can you please send the sample to me?
