CryptoLocker Ransomware

As we all know, the deadly Ransomware - CryptoLocker has found it’s way in the online world. My question is, does Comodo 6.3 auto-sandbox protect against this horrible virus, if so, what level should I set e.g., Limited, Restricted etc.,??

As a layer of CryptoLocker Prevention, you can download & install the CryptoLocker Prevention Tool here which should work just fine along side of CIS 6> http://www.npinc.ca/protect-yourself-against-cryptolocker/?fb_ref=recommendations-bar

PS: Dear Mods, If I posted this in the wrong thread, please feel free to put it in the correct thread, thanks. :smiley: :-TU

Hello! Yes CIS can protect you. Limited, Restricted, etc or anything above will protect you. As partially limited can be bypassed under certain conditions. FV protect you as well.

CIS can protect you unless the file is considered safe.
That can happen and in that case it will be allowed to do the damage.

Which is why I’ve set up HIPS to protect sensitive folders like backup folder even from trusted applications (except backup program). 88) It took quite some work but got it set up nicely.

That’s great! Thank-you! I have Comodo 6 Complete and upload all my file(s) to ccloud; are my files safe?

Basically, they should be.

Yes I am using HitmanPro.Alert with ransomware protection, plus CryptoPrevent Anti-Malware – d7xTech.com (formerly Foolish IT)

Me too. :slight_smile:

im working on setting up my VM so i can test this. I think i already know whats going to happen but im still going to test it

this is the sample i have

I just installed CIS on my virtual machine (win 7 64 bit) in default settings. i disabled the AV and file lookup so the file wouldnt get quarantined. the file was sandboxed as partially limited and didnt do any harm to the computer. it just stayed running in memory and kept trying to create a startup key in the registry but CIS blocked it.

i copied over a bunch of pics and documents for test but none of my documents were encrypted

if anyone else has a different sample they want me to test send it to me over PM

Thank you, wasgij6!

+1 :-TU
Keep 'em coming!

Yep…thanxxx wasgij6 :-TU

Antivirus blocks it at all settings. :-TU

[attachment deleted by admin]

I have my BB set at untrusted - I think with HitmanPro.Alert and CryptoPrevent from foolish IT it should lock the system down. Nick Shaw from Foolish IT said that CryptoPrevent will also provide protection against other additional malware; which is a good thing!!!

:-TU

That is in fact a HIPS warning and not an antivirus alert.

we are testing the sandbox not the HIPS. disable the hips first then run the sample

wasgij, check out whether your sample of cryptolocker is still active - disable CIS completely or run in on a clean system. Check if it will encrypt any files.

do they deactivate after so long?