about the protected registry keys and the protected files

I double clicked on the malware.

Then, reboot the system.

2011-11-13 23:52:29 C:\Documents and Settings\Roger\桌面\virus\lll3-6\lll3-6.exe Modify Key HKLM\SOFTWARE\Classes\exefile\DefaultIcon\

Please add one rule to the protected registry keys

FVS report:

CIMA report:

From the above report, we can find that it can delete all things in the local drive.

Please add a function to the auto sandbox,
“the sandboxed applications can not delete existed files and folders in the local drive.”

No, it cannot delete protected files. Extending this protection to the degree you suggest would mean that many sandboxed files could not function.

As I understand it, version 6’s virtualisation will extend this protection without this problem, as files created other than by the app itself will be protected.

I see that icons are changed for the files present in Comodo folder. Isn’t it supposed to protect the protected files/folder from any kind of alteration?


This one is about protected registry keys, not protected files.

2011-11-13 23:52:29 C:\Documents and Settings\Roger\桌面\virus\lll3-6\lll3-6.exe Modify Key HKLM\SOFTWARE\Classes\exefile\DefaultIcon\

Although it’s just a cosmetic issue, I agree that this area should be protected.
Thanks for sharing the sample.

Tested this malware with CIS 5.9 on win7 x64 with proactive settings antivirus and cloud scanner disabled
there were two alerts when executed the malware Sandbox / Allow / Block
When selected sandbox the malware executed so many Cmd.exe that the computer beacame unusable and hanged
so manually restarted
After restart All the files includind .exe and .msi were modified in such a way that everything includig files on other drives opened in notepad even CIS was modified and was unable to satrt it only executed in notepad
However Windows defender was able to run when manually started it through control pannel but was useless against the malware
Tried to start the computer in Safemode but failed
Tried to repair the system in any way possible but failed
Tried to repair using windows installation disk but failed
The only solution was to format the Computer

Hopefully the file was submitted to egemen prior before testing and hope he finds the solution

I think 5.9 release will have to wait for some more time
Anyways 5.9 passed with all other viruses and tests that were used against it

according to egemen the problem is now fixed and CIS 5.9 can now protect against such malwares

This malware can delete all files in the local drive.

Did CIS v5.9 block it?

this is the result with 5.9 which i am using

After egemen testing it he has added some registry key to protected files and folders he claims that now CIS 5.9 will be able to block
cannot conform since he did not test the fix on my pc