I think i need to say that i use CIS 5.3 with default settings.
This is a Russian (i suppose, because I saw some gibberish) full screen high-jacker that tookover my desktop, demanding to send an sms to unlock it (i think).
I use Win 7 64 bit, so I could press ctlr-alt-delete to get my task manager in order to close this application. In task manager I saw that i have CIS cloud scanner message, but couldnāt see it because this full screen malware on my desktop. When I closed it, i could see the cloud scanner pop up about some malicious file and deleted it.
After that my tool bar disappeared, but i saw start button so i restarted windows. After the restart all was fine. Scans with MBAM and Hitman pro didnāt detect anything.
So, on one side comodo did a great job and protected me against a very nasty zero-day malware.
But on the other hand this file could start itself (i donāt know if it was sandboxed, because i restarted my computer). Is it possible to prevent such hijackers from starting totally?
Egemen already knows this, i discovered this virus today and wrote to him;).
Iāve said it several times : CIS should warns when app want to go into full screen mode.
Sorry if I spammed something that was already known :embarassed:
Anyway this is another reason for me to love Comodo. may be itās not ideal (nothing is ideal ;)) but it has a great community that makes huge efforts to make it better :110:
Thatās why I say that Comodo saved me, but frankly I had a very unpleasant moment
I checked now my D+ events logs and I see that the file was sandboxed. But then i see a modify key action: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\Current Version\Winlogon\Shell
Then another flag that file was scanned online and found malicious.
So does it mean the malware still managed to modify a key?
Do a scan with MBAM, HITMAN PRO and Norton Power Eraser. See what they will find. MBAM handles registry, if thereās something malicious, it will find it.
Youāre using 64-bit Windows, PatchGuard could also save you a lot of troubleā¦
Thanks Melih! I know that I can be calm with Comodo. Thatās why when i get bored i run sometimes malicious files on my main system (i know itās not so smart but i want a little extreme :embarassed: and with this malware i really got it LOL).
P.S. Where else can you see a CEO who talks to users, explains them and helps them :rocks:
So good news that I can declare after 2 checks with MBAM and Hitman Pro and a check with SuperAntispyware that my system is clean and Comodo protected me even on default settings.
I am an amateur in computer security but may be only safe application should be allowed to go full screen mode?
Because if this malware did not took over my desktop i could just neutralize it (cloud scanner detected it 2 seconds after the start, but i just could not reach the pop up to delete what it detected).
Also some good news that AV already detects this malware file! So really impressive and fast job of the AV team who responsible for the database :-TU
Rollback Rx is a good program that takes snapshotsā¦ it basically will save you from any kind of disaster except hard drive failure.
But I use Acronis True Image for a daily partition image that backs up my partition I have windows and programs on. All my data is located on a different partition which I back up a few important folders in a separate back up task. I would like to use both a snapshot program along side Acronis True Image. But there is some possible conflicts with the mbr[master boot record] in which you may have to repair it if you used Acronis to restore from an image from a system that uses snapshots. I may be wrong but I read it on other forums. :-X EDIT: [I read that if you do a sector-by-sector image it will contain all the snapshots and all is cool.]
I would probably use/try Comodo backup but as far as I know I donāt think you can restore an image partition if your windows crashes because it does not include a disaster/recovery boot up disc. Please correct me if I am wrong.
