CryptoLocker Ransomware

tsgc84 · November 26, 2013, 4:53pm

As we all know, the deadly Ransomware - CryptoLocker has found it’s way in the online world. My question is, does Comodo 6.3 auto-sandbox protect against this horrible virus, if so, what level should I set e.g., Limited, Restricted etc.,??

Cyber_Defender911 · November 26, 2013, 5:17pm

As a layer of CryptoLocker Prevention, you can download & install the CryptoLocker Prevention Tool here which should work just fine along side of CIS 6> http://www.npinc.ca/protect-yourself-against-cryptolocker/?fb_ref=recommendations-bar

PS: Dear Mods, If I posted this in the wrong thread, please feel free to put it in the correct thread, thanks. :-TU

Seany007 · November 26, 2013, 5:20pm

Hello! Yes CIS can protect you. Limited, Restricted, etc or anything above will protect you. As partially limited can be bypassed under certain conditions. FV protect you as well.

siketa · November 26, 2013, 5:31pm

CIS can protect you unless the file is considered safe.
That can happen and in that case it will be allowed to do the damage.

SanyaIV · November 26, 2013, 5:34pm

Which is why I’ve set up HIPS to protect sensitive folders like backup folder even from trusted applications (except backup program). 88) It took quite some work but got it set up nicely.

tsgc84 · November 26, 2013, 6:45pm

That’s great! Thank-you! I have Comodo 6 Complete and upload all my file(s) to ccloud; are my files safe?

spywar · November 26, 2013, 7:12pm

Basically, they should be.

tsgc84 · November 26, 2013, 8:04pm

Yes I am using HitmanPro.Alert with ransomware protection, plus CryptoPrevent Anti-Malware – d7xTech.com (formerly Foolish IT)

siketa · November 26, 2013, 9:41pm

Me too.

wasgij6 · November 26, 2013, 10:10pm

im working on setting up my VM so i can test this. I think i already know whats going to happen but im still going to test it

this is the sample i have

wasgij6 · November 27, 2013, 12:40am

I just installed CIS on my virtual machine (win 7 64 bit) in default settings. i disabled the AV and file lookup so the file wouldnt get quarantined. the file was sandboxed as partially limited and didnt do any harm to the computer. it just stayed running in memory and kept trying to create a startup key in the registry but CIS blocked it.

i copied over a bunch of pics and documents for test but none of my documents were encrypted

if anyone else has a different sample they want me to test send it to me over PM

SanyaIV · November 27, 2013, 2:52am

Thank you, wasgij6!

siketa · November 27, 2013, 7:29am

+1 :-TU
Keep 'em coming!

spywar · November 27, 2013, 7:57am

Yep…thanxxx wasgij6 :-TU

military1 · November 27, 2013, 9:08am

Antivirus blocks it at all settings. :-TU

[attachment deleted by admin]

tsgc84 · November 27, 2013, 4:28pm

I have my BB set at untrusted - I think with HitmanPro.Alert and CryptoPrevent from foolish IT it should lock the system down. Nick Shaw from Foolish IT said that CryptoPrevent will also provide protection against other additional malware; which is a good thing!!!

:-TU

Mrarnold · November 27, 2013, 6:02pm

That is in fact a HIPS warning and not an antivirus alert.

wasgij6 · November 27, 2013, 8:28pm

we are testing the sandbox not the HIPS. disable the hips first then run the sample

miloszcz · November 27, 2013, 8:31pm

wasgij, check out whether your sample of cryptolocker is still active - disable CIS completely or run in on a clean system. Check if it will encrypt any files.

wasgij6 · November 27, 2013, 9:29pm

do they deactivate after so long?