bypass comodo, "partially limited", cycbot

I double clicked on the malware.

I open opera

The situation of IE8 is the same as above.

The malware enabled the proxy server successfully.

CIMA report:

FVS report:

XP SP3 32bit

You might try the below as a fix to block changes to proxy settings (not sure if this will work, but worth a shot). I realize you are probably not asking for help on this, but I would be interested to know if it blocks it with this in place.


For opera, I find out this one. ;D

2011-11-18 12:00:27 C:\Documents and Settings\Roger\桌面\virus\readme\readme.exe Modify File C:\Documents and Settings\Roger\Application Data\Opera\Opera\operaprefs.ini

Nice, so all you need to do is place that file in Protect Files/Folders. Thanks, that post made me realize I need to do the same for FireFox.

Windows XP? - %APPDATA%\Mozilla\Firefox\Profiles(profile folder)\prefs.js
Windows 7 - %APPDATA%\AppData\Roaming\Mozilla\Firefox\Profiles(profile folder)\prefs.js

Incase anyone needs it.

For IE8

2011-11-18 15:01:58 C:\Documents and Settings\Roger\桌面\virus\readme\7A5.exe Modify Key HKUS\S-1-5-21-1993962763-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

Did it block it now that your have Opera protected?

It is all about proxy settings, not browser.