Man that stinks.
You have a couple of options. Hopefully you have an image and can revert back to that. Try booting into safemode and running a few on-demand scanners like MBAM, emsisoft emergency kit, superantispyware, kaspersky AVP.
If not, then you have to get a boot time CD like avira or kaspersky. You can also try Dr web cureit. Let that do its thing.
Next I would grab GMER, process hacker and unlocker. Make sure that there is nothing else that attached itself to your HDD or Boot.
If none of that helps, for the sake of convenience and security, back everything up, format the drive and start over again.
well of course “blocked” will stop this cause it doesnt even allow the file to run but an average user will most likely have the defaults and they will get infected
Yes, i know. I am just asking this because nothing is 100%, just because it says “blocked” it does not mean that it will be able to block. For example SRP can be bypassed because it does not work at the kernel level.
but an average user will most likely have the defaults and they will get infected
I agree with you and morphiusz 100%
EDIT: It is a targeted attack, but that is because is not economically beneficial to “build” such malware, because most people never heard of SRP much less using it. That is why i love security by diversity 8). Comodo+SRP+SUA
Thanks for the analysis Languy. So it exploits JAVA and drops malware. Then the malware is executed. After the execution, it seems to be copying an executable to adobe plugins folder and
We will need to further anlayze whats going on. It seems it is trying to drop some files to adobe plugins folder and create shell keys. All of these would be blocked by CIS normally.
However there may be something iit is using that we must understand. Once we know what it is doing, i will let you know.
Be assured that if there are any problems in HIPS to lets such an infection, it will be fixed immediately to prevent this threat.
What is the present status of CIS 5.8.2 latest beta against it?
Why does CIS go with weak defaults? (Partially Limited), if it is clearly known that it is weak. (It does not increase the usability either)
Just out of curiosity,
Why is CIS HIPS not including protection against GPCode or Blackday or any such attacks even after the failure has been brought to their notice many a times.
Is it impossible for CIS to implement protection against such attacks?
or
Just CIS does not want to do that?