Author Topic: Stories of heroism and victory....against malware using KillSwitch :)  (Read 82852 times)

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #45 on: January 04, 2011, 04:01:51 PM »
simple, kill the malware with killswitch. Then do a custom scan with CCE and select everything other then scan memory ( so you don't require a restart) and don't scan for viruses ( because we want to scan for viruses). This should let you scan the system.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #46 on: January 04, 2011, 04:12:46 PM »
Well, too late for that now.... :-[
simple, kill the malware with killswitch.
Solid copy
Then do a custom scan with CCE and select everything other then scan memory ( so you don't require a restart)
Lima Charlie
and don't scan for viruses( because we want to scan for viruses)
This part I don't understand well...

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #47 on: January 04, 2011, 04:17:38 PM »
check everything in custom scan except "scan memory" and "don't scan for viruses"
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #48 on: January 04, 2011, 04:20:16 PM »
Got it....  :-TU :-TU :-TU

Offline wj32

  • Comodo's Hero
  • *****
  • Posts: 387
    • Process Hacker
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #49 on: January 04, 2011, 05:00:55 PM »
Yeah, but "technical" term is called patching ;-)

Well, I just wanted to know how the malware was actually doing it in your case, since your use of the term "patching" was quite vague. ;)
MCTS: Windows Internals
Process Hacker, a free and open source process viewer.

Offline kagun

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 1141
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #50 on: January 04, 2011, 05:05:02 PM »
I'm not malware hunter, but I figure it is adding registry key to make EXE association with himself, makes a tie with it....
The fix could be here  ;)
http://www.dougknox.com/xp/file_assoc.htm

Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1162
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #51 on: January 28, 2011, 01:09:36 AM »
Not sure they have a whitelist like ours or have the ability to "show untrusted processes" only. (patented)..



http://www.anvir.com/ has a bad web of trust rating. it says this site distributes rougeware. please check out this company thoroughly  before whitelisting this company.

see the full raiting here:

http://www.mywot.com/en/scorecard/anvir.com#comment

click the long comments to extend them an show the full comment. if it's in another language hit the translate button under the comment. you will have to extend the long comments to see the translate button under the comment

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #52 on: January 28, 2011, 11:17:19 AM »
http://www.anvir.com/ has a bad web of trust rating. it says this site distributes rougeware. please check out this company thoroughly  before whitelisting this company.

see the full raiting here:

http://www.mywot.com/en/scorecard/anvir.com#comment

click the long comments to extend them an show the full comment. if it's in another language hit the translate button under the comment. you will have to extend the long comments to see the translate button under the comment

Actually, the WOT rating is good...

Yes, a few users have negative comments, but like Wikipedia, since absolutely anyone can give input, you need to view WOT with a certain amount of skepticism.

URLVoid only shows 1 detection out of 16 scanners.

Offline trscsaeg

  • Comodo's Hero
  • *****
  • Posts: 1162
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #53 on: February 03, 2011, 06:43:54 PM »
Actually, the WOT rating is good...

Yes, a few users have negative comments, but like Wikipedia, since absolutely anyone can give input, you need to view WOT with a certain amount of skepticism.

URLVoid only shows 1 detection out of 16 scanners.

i'm not saying wot is accurate. i'm just saying it should be checked out thoroughly brfore being whitelisted. a while back something called safeapp llc got put on the whitelist and if you google that, you will see a lot of safeapp sites with different names distributing malware. i just want comodo to get more aggressive with it's whitelisting process

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2325
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #54 on: February 24, 2011, 03:41:05 PM »
Quote
I'm not malware hunter
I like to play with malware outside of a sandbox and virtual machine.  sandbox and virtual Aware malware got nothing against my machines.  Malware always show their face when I run it.  :o ;D
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline icr

  • Newbie
  • *
  • Posts: 18
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #55 on: March 06, 2011, 12:16:01 AM »
I was testing CCE and KillSwitch with some malware samples, I installed this rouge and after reboot it won't allow anything to be executed.
Hitman Pro : failed (renaming it also failed)

SAS Portable : failed (renaming did help me bypass the rogue but eventually it detected and abnormally terminated the process)

CCE : failed

GMER : partially failed coz sometimes it got caught by that rouge, after successful attempts I browsed through running processes but some how the target rogue process was not terminating.

KillSwitch : With name KillSwitch.exe it didn't get executed so I renamed with some random name and after some attempts it got executed and I swiftly executed the terminator option for the target rogue process and then I manually deleted the malware. ;)

Offline Arkose

  • Comodo Member
  • **
  • Posts: 43
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #56 on: March 06, 2011, 01:53:26 AM »
I was testing CCE and KillSwitch with some malware samples, I installed this rouge and after reboot it won't allow anything to be executed.
Hitman Pro : failed (renaming it also failed)
To get around blocking with Hitman Pro you just need to launch it in Force Breach mode. To do this hold down left ctrl before starting Hitman Pro and keep it held down (including during the UAC prompt) until the Hitman Pro window appears. I have yet to find a sample that Force Breach can't get past.

Rogues usually don't run while in Safe Mode so performing the scan there is an option for the other products.

Offline icr

  • Newbie
  • *
  • Posts: 18
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #57 on: March 06, 2011, 11:00:53 AM »
To get around blocking with Hitman Pro you just need to launch it in Force Breach mode. To do this hold down left ctrl before starting Hitman Pro and keep it held down (including during the UAC prompt) until the Hitman Pro window appears. I have yet to find a sample that Force Breach can't get past.

Rogues usually don't run while in Safe Mode so performing the scan there is an option for the other products.

Thanks I never tried the force breach mode though, and regarding that rogue it did got executed in safe mode also ;)

Offline Graham1

  • Comodo's Hero
  • *****
  • Posts: 1890
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #58 on: April 27, 2011, 03:47:23 PM »
Finally got to see KillSwitch in action today ;D. Had a computer infected with "My Security Shield" (malware which prompts for payment to clean system, which isn't really infected >:-D ).

So I thought I would give KS a go having previously done a full scan with McAfee VirusScan with up-to-date definitions which didn't detect anything :embarassed:. KS found and highlighted the rogue process in memory, I pressed delete and voila... no more malware :). Thank you KillSwitch :-TU.

:)
Ubuntu 20.04 LTS | Chromium | uBlock Origin | Privacy Badger | HTTPS Everywhere
https://www.thevenusproject.com | Beyond Politics Poverty and War

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: Stories of heroism and victory....against malware using KillSwitch :)
« Reply #59 on: April 27, 2011, 10:56:58 PM »
Finally got to see KillSwitch in action today ;D. Had a computer infected with "My Security Shield" (malware which prompts for payment to clean system, which isn't really infected >:-D ).

So I thought I would give KS a go having previously done a full scan with McAfee VirusScan with up-to-date definitions which didn't detect anything :embarassed:. KS found and highlighted the rogue process in memory, I pressed delete and voila... no more malware :). Thank you KillSwitch :-TU.

:)

thats exactly why KillSwitch was designed ;)

thanks for sharing that.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek