bypass CIMA

a256886572008 · August 6, 2011, 3:49am

1.CIMA report:
http://camas.comodo.com/cgi-bin/submit?file=594c2b1d6505e6965e714e7c2b3314bb613bd8fa23af1378f51ca34fd1c61765

the result is Undetected

2.I double click on the malware.

defense+ events:

2011-08-06 11:32:48 C:\Documents and Settings\Roger\桌面\virus\B1CBDBE\B1CBDBE.EXE Sandboxed As Partially Limited
2011-08-06 11:33:18 C:\WINDOWS\system32\reg.exe Sandboxed As Partially Limited

2011-08-06 11:33:20 C:\WINDOWS\system32\conime.exe Sandboxed As Partially Limited

2011-08-06 11:33:23 C:\WINDOWS\system32\shutdown.exe Sandboxed As Partially Limited

2011-08-06 11:33:23 C:\WINDOWS\system32\reg.exe Modify Key HKUS\S-1-5-21-1390067357-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\667527096

2011-08-06 11:33:23 C:\WINDOWS\system32\cmd.exe Sandboxed As Partially Limited

2011-08-06 11:33:31 C:\WINDOWS\system32\shutdown.exe Access COM Interface LocalSecurityAuthority.Shutdown

2011-08-06 11:33:31 C:\WINDOWS\system32\cmd.exe Modify File C:\Documents and Settings\Roger\桌面\virus\B1CBDBE\B1CBDBE.EXE

a256886572008 · August 8, 2011, 2:13am

another one

1.CIMA report:
http://camas.comodo.com/cgi-bin/submit?file=7b91386671a3a1333636381bf4400abf8c3d55f8aa7776159a33bcb445b8c1fd

the result is Undetected

2.I double click on the malware

defense+ events:

2011-08-08 09:51:53 C:\Documents and Settings\Roger\桌面\virus\driverc\driverc.exe Sandboxed As Partially Limited
2011-08-08 09:52:20 C:\Documents and Settings\Roger\桌面\virus\driverc\driverc.exe Modify File C:\Documents and Settings\All Users\Application Data\Lupita\Lupita.exe

2011-08-08 09:52:48 C:\Documents and Settings\Roger\桌面\virus\driverc\driverc.exe Modify Key HKUS\S-1-5-21-1390067357-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\DesignerLG.exe

http://i.imgur.com/7pK1J.png

languy99 · August 8, 2011, 2:15am

submit it to http://valkyrie.comodo.com/