I double clicked on the malware.
I open opera
The situation of IE8 is the same as above.
The malware enabled the proxy server successfully.
CIMA report:
http://camas.comodo.com/cgi-bin/submit?file=e9adc11cf8dcd43960816aa70f708d572c735fa3c88b20b2bcf5100d4e114e90
environment:
XP SP3 32bit
You might try the below as a fix to block changes to proxy settings (not sure if this will work, but worth a shot). I realize you are probably not asking for help on this, but I would be interested to know if it blocks it with this in place.
For opera, I find out this one. ;D
2011-11-18 12:00:27 C:\Documents and Settings\Roger\桌面\virus\readme\readme.exe Modify File C:\Documents and Settings\Roger\Application Data\Opera\Opera\operaprefs.ini
Nice, so all you need to do is place that file in Protect Files/Folders. Thanks, that post made me realize I need to do the same for FireFox.
Windows XP? - %APPDATA%\Mozilla\Firefox\Profiles(profile folder)\prefs.js
Windows 7 - %APPDATA%\AppData\Roaming\Mozilla\Firefox\Profiles(profile folder)\prefs.js
Incase anyone needs it.
For IE8
2011-11-18 15:01:58 C:\Documents and Settings\Roger\桌面\virus\readme\7A5.exe Modify Key HKUS\S-1-5-21-1993962763-796845957-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
Did it block it now that your have Opera protected?
It is all about proxy settings, not browser.
