A couple of years back I installed Comodo on a friend’s system before I moved out of state. Today he called me becasue he was hit with the FBI moneypak virus. Why would Comodo miss this? I walked him over the phone into safe mode and used Comodo’s online scanner. He’s suppose to call me back when it’s done scanning. Will this be able to clean it completely or should I have him install CCE too? Is there anything else that should be done?
I’ve used Comodo for years and never ran into a problem like this. Is there anything additional that can be done to avoid something like this in the future? Thanks.
Update… Comodo online scanner failed to find anything. Rather not re-image the drive since he doesn’t have anything to back up his data. Any suggestions on what we could try next?
I would advise that he scan his computer with Malwarebytes followed by Hitman Pro. Then see if there are any symptoms remaining.
If he can get into normal windows mode after that he can follow my guide about How to Know If Your Computer Is Infected to ensure that everything is indeed removed.
Please let me know if you have any other questions.
Its hard to say how your friend became infested. What version of CIS are they using? What configuration are they in, i.e., What level of D+?
What are the execution control and sandbox settings?
I don’t understand how ransomware can take over given the comprehensive nature of CIS D+ HIPS without some alert being generated, unless CIS is detuned OR the user permitted an alerted action.
Thanks guys for your feedback. I passed the information on to him and now he’s contemplating whether or not to go through the procedure or to just take the time to backup everything and re-image the drive.
WxMan1: His version is 5.08x with everything iset to default because he hasn’t taken the time to learn how to fine tune the app yet. I too am baffled on how this virus could get pass D+ in the first place. He said that Comodo didn’t warn him on anything. And then being in safe mode, to have Comodo’s online scanner come back as clean is a mystery too. What a tiring day.
“he hasn’t taken the time to learn how to fine tune the app yet.”
Your friend is ■■■■■■■ unless you rush to the rescue.
My 70 y/o mother knows how to backup the registry beehive via NTBackup, image %sysdrive% via Ghost 2003, and the difference between full and differential backups (NTBckup). All by herself she upgraded Flash, Shockwave & JRE.
She accuses me of being ■■■■ retentive w/regards to PC security. But when the latest security breaches came out, i.e, Java, and latest IE, she took it upon herself to ensure her system was backed up. Then she did the updates of everything WITHOUT TELLING ME!!! I konw she did this cause the update shields for virtually EVERYTING no longer were in the system tray.
You’re right the version is v5.8x but even at its default settings, D+ still should have squashed it before it did any harm. I wish I could have sat in front of the machine to observed what was happening - I find it a little unsettling. In the end, he decided to re-image and now the wireless nic doesn’t see the router. Oh joy, what fun I’m having today. lol
With default settings all versions of CIS, at least up until V6, did not protect users from all types of ransomware. Some can slip through. This is an issue which has been discussed at length and for which there are many workarounds, such as I advise in my article but sadly the default settings do not protect against all ransomware.
Please advise your friend to configure it as I suggest in my article.
Truly, I wasn’t aware of that and I have setup so many with the default settings. Essentially, I gave users a false sense of security, because the whole time they really weren’t protected very well. I hope Comodo considers tightening things up in the near future. Slight annoyance in the app getting to know your habits, is far better than dealing with something like the FBI virus.
Thanks Chiron.
I emailed the article link to those who I know use the default settings.
Yes, I just got hit with this. I’m using Comodo Internet Security Premium 6.1.276867.2813. I am “Secure” according to it. Thankfully I have another account on this computer and was able to log in from that one and download a different antivirus program.
