ı suggest you to this settings https://www.youtube.com/watch?v=vktNQCwB2UY
ı think with this settings you dont encounter any infection and see cruelsisters other videos for what capable of comodo with this settings
Depending how the file was put onto the machine, will depend if the settings in that video would have protected the OP.
I.e. If the file was put onto the computer by any other means than Google Chrome (or which ever browser you decide to set to be run as virtualised) then a false-negative would have still been able to avoid the sandbox and potentially infect the machine.
This is because the sandbox config in that video, from what I can tell (due to the default proactive setting being activated, then the youtuber showing which settings they then changed), should still be allowing applications to bypass the sandbox if it is rated ‘Trusted’ that come from any other source than Chrome.
I think you are all missing the point here. Of course I know how to open or run any file with sandbox.
But this was not the case. I was distracted, tired and incautious.
I just right clicked to the file and scanned with comodo. It just showed no threats found. So I opened and allowed to run the macro. That was of course stupid for an experienced person. But stupid things happens and we learn from them.
Why I posted here is simple. I know that comodo cannot bring my files back. My intend was only to warn comodo users and make comodo aware about this malware/trojan.
To rescue my files I need to use the rescue disk of course. But if latest signature is not able to detect this malware, what will be the point of using comodo rescue disk to clean my system? Therefore I used several different alternatives.
Finally I hope comodo updates its signatures soon with this malware so no comodo users shall be in my shoes.
comodo s signatures are the not the best we use it for default deny and ı understand your sitiuation but ı already say in my post off topic ı m saying these for you wont encounter like this problem again
If such a thing happens to you you should follow this steps.
If you detect anything unusual in the computer, such as suddenly a *.txt files appears, or some programs does not function properly, in my case all add-ons of my chrome was either deactivated or corrupted, the suffix of a file is changed with something non-recognizable, in my case it was *.adrn, immediately close the computer. This is the only way to make sure the encryption program does not wok anymore. If you are quick enough you can save your files. Otherwise it is too late. I was lucky that the encryption trojan was busy by encrypting big video files, which were not important to me.
After you close your system get a rescue disk ready, use several different antivirus rescue disk. Don’t stuck only with comodo or any other one.
Boot from the rescue disk. Backup your non-encryrpted files to a harddisk. Back up your encrypted files onto another harddisk (if they are important for you. Otherwise antivirus program may recognize them as malicious and delete them. In that case you can not use a future decyrptor program to save those files)
Scan your computer and clean backup harddisk with different antivirus software using their free rescue disks. Make sure that the malware is totally cleaned.
You should scan your dirty harddisk as well but make sure that the antivirus program does not deletes anything automatically.
Finally format and reinstall your OS.
This is the path that I’m following.
I hope this protocol helps if this happens to someone.