perfectly bypass comodo partially limited

I open the url

then, the malware is sandboxed as partially limited

I choose allow when 0.9345749707554332.exe wants to access network.

comodo popup an alert window

explorer.exe wants to …

the alert window disappear before I select…

cfp.exe is terned off.

now, the process of the malware can not be killed and cfp.exe can not be start

:embarassed: :embarassed: :embarassed: :embarassed: :embarassed: :embarassed:

please help me

[attachment deleted by admin]

FVS report:

http://valkyrie.comodo.com/Result.aspx?sha1=994ee08f39ea8113495f78f02e491bfc3cc85184&&query=0&&filename=0.9345749707554332.exe

What’s the situation after restart?

Use Comodo Cleaning Essentials.

cmdagent.exe is infected :o

FVS report:
http://valkyrie.comodo.com/Result.aspx?sha1=dbe7d49d0f170712efe467c22f20efe3877fc4f4&&query=0&&filename=cmdagent.exe

[attachment deleted by admin]

cmdagent.exe is infected by the malware, so the situation is the same after restart the system.

  1. I install comodo firewall only

2.sandbox enabled

3.XP SP3 32bit

What are your CIS settings?

default settings

install new beta with auto mode checked

Excellent.
I’m switching to OA.
cmdagent.exe got patched :o
Comodo, will you investigate this or maybe not?

site inspector report:
http://siteinspector.comodo.com/public/reports/246905

C:\WINDOWS\1365010728:3616973742.exe
virus total report:
http://www.virustotal.com/file-scan/report.html?id=0cd43e2e43806db119101bca97677336ef22c55f1e3385313678acd027fff9fb-1313832795

I’ve just tested it against OA and here is possible reason:


http://i.imgur.com/IaNHq.png

Trojan wanted to get list of the files…the same like gpcode and blackday…the same method we are talking about…the same which comodo cannot prevent.

So, now Comodo can you see? AV failed, AV is not enough, your product get bypassed again. It’s new malware so doesn’t get detected. What would you do if it would be new variant of gpcode/blackday also undetected?
Here you have real situation.
Defense + needs improvments.

Is it bypassed with Proactive/Untrusted settings?
Those are the settings that I use and recommend to other people…

BTw This is your host machine?
If yes, I have very bad news… you are infected with ZAccess rootkit, very hard to remove.

C:\WINDOWS\1365010728:3616973742.exe

CCE can not delete the malware.

KillSwitch can not kill the process of the malware.

:-X

Only bootable CD would help…maybe.

So, Comodo let serious infection in.

That’s why default settings should be changed or advised so during setup…

can you provide me a sample for testing? Please PM it to me. Thanks

CCE failed :‘( :’( :cry:

[attachment deleted by admin]

I was writing about that few days ago on this forum…
Use Avira AntiVir Rescue System - does not remove everything but you should turn off rootkit self protection (after this you can use other scanners)
I had this infection in last week, this rootkit can disable and damage most of the security programs and has strong mechanisms of self protection