Just some questions for 5.3.

ArminPasalic · January 23, 2011, 10:14am

I’m using and I love how it protects me! From Sandbox to Cloud Scanning.

But, I have few questions…

This morning, I downloaded an .exe, I ran it and it was partically limited, what does this mean? It was closed after a moment.
This file was scanned online and found Malicous, what will it do with the file?
If the file was found ‘clean’ on the online scanner, would’nt it be added to SAFE APPLICATIONS/PROGRAMS wich is dangerous - I’m just curios, I’m scared if this happens.
I also downloaded another file ones that said: “You PC will shutdown in less than a minute” and it was Partically limited by Comodo, but it restarted my PC… I was scared, and I thought it could Drop-Files, but would’nt Comodo block the Dropped files if the APPLICATION is running in Sandbox? Hopefully, I came back to the PC and scanned with MBAM, and everything seemed clean.

deadman · January 23, 2011, 10:48am

As Partially Limited, it was allowed to Access all the operating system files and resources. Modification of protected files/registry keys wasn’t allowed. Privileged operations like loading drivers or debugging other applications were also not allowed.

If the executable is deemed a threat, then it will be automatically quarantined or deleted. This threat report is also used to update the global black list databases and therefore benefit all CIS users.

If no malicious behavior is recorded, then the file is placed into ‘Unrecognized Files’ (for execution within the sandbox) and will be submited to the Comodo technicians for further checks.

The answer is same, as for the first question.

miloszcz · January 23, 2011, 10:53am

4. I also downloaded another file ones that said: "You PC will shutdown in less than a minute" and it was Partically limited by Comodo, but it restarted my PC... I was scared, and I thought it could Drop-Files, but would'nt Comodo block the Dropped files if the APPLICATION is running in Sandbox? Hopefully, I came back to the PC and scanned with MBAM, and everything seemed clean.

Can you send me this file?

ArminPasalic · January 23, 2011, 11:12am

How can I send?

miloszcz · January 23, 2011, 11:25am

Just upload for example on sendspace.com and give me a link to download.

MOVEAX · January 23, 2011, 11:26am

normal behavioral for partialy limited … comodo can’t sandbox .bat.

ArminPasalic · January 23, 2011, 11:32am

You should have recieved a PM with the link… hope it helps. Please give back any results to me.

miloszcz · January 23, 2011, 7:11pm

Hi
I’ve already checked this, and here is the results:
1.Virus uses shutdown.exe to shuts down the system.
2. It creates file in C:\User\
3.It adds this file to autostart entry.
4.After 5 sec there is a reboot
5.With system start there is a window with russian something(virus gets rights - Debug and sets global hook, so you can’t use your mouse, only keyboard[to insert code from SMS], all system is locked)
6.You must send SMS to unlock the screen

http://www.bankfotek.pl/thumb/872847.jpeg

It’s a typical behaviour for Trojans from Ransom’s family.

Regards,
Morphiusz

icr · January 24, 2011, 3:04pm

I also came across this malware. And comodo did a good job in protecting. When Sandboxed the PC just reboots but the screen is not seen so in short I am not infected ;D ;D ;D