I dont think you know what the function of Sandboxie is.
Hi Vette, Dark might be in line for insight concerning Sandboxie, give him the straight poop dude.
Cheers, weekend :■■■■
Xman :-TU
Be sure I know it …
Xan
■■■■■■!!!
I ran Emsisoft a-squared Hijack Free, a tool similar to Hijackthis, but only better and the panorama is alot worse than SAS predicted!!!
Alot worse, trust me. lol
Going to perform some house keeping… Will tell you some news later. 
Hi Dark, hope you were taking about a broom dude, sounds desperate to me…
Again good luck dude you’ll need it, god speed for your Computer…
Xman :■■■■ (:KWL)
I just don’t get it. The system clearly is infected. That I know for a fact.
But, after analyzing the a-squared Hijack Free’s log, I checked the system with a-squared Anti-Malware and it found nothing at all.
Right now, I am going to check with Sunbelt’s VIPRE. I have already used it before, but 15 days is so little time… I’ll see how it behaves. Then I’ll go for Rise antivirus… and who knows … chinese people do know how to program a decent antivirus ;).
So far I tested with:
SAS - first detected 10 and then 13 malware. Does not eliminate them, though.
Spybot S&D - nothing
Spyware Doctor - nothing
MalwareBytes Anti-Malware - nothing
Lavasoft Ad-aware - nothing
AVG 8.0 Free - nothing
Comodo Boclean - gives no alarm
CFP with Defense+ - gives no alarm and the AV section, detects nothing
Eset NOD32 - nothing
Kaspersky on-line scanner - nothing
I will try a few more options. I don’t want to format before trying everything I can. Also, because formatting does not necessarily means that the malware will be gone as well.
Only if I knew how to manually delete this ■■■■…
Do the Rising dance with bootup scan on initial install , but install the whole thing in safe mode dude, then let it ride and do its’ thing, don’t forget to get the latest updates from Rising before scanning! post back for heavens’ sake…
Good luck again man
Xman :-TU :-TU :-TU :-TU :-TU (:KWL)
When i used to surf into dark side i used to Geswall free and Returnil free activated,hehehe…
Now i switched to Linux and now i surf calm and safe without AV. My Windows PC only for my old PC games.
I miss CFP in GNU, i need a Ubuntu version,hehehe.
Hey Raf, were you trying to contribute to Darks’ woes or just antagonize his present situation? If so you’re of no help to him, be constructive dude not fatalist to his concerns We appreciate your current setup security wise but it’s of no help to our fellow member at this point in time.
Regards
Xman :-TU
Hi Gibran, Dark’s infected, what’s up with the totally beside the point questions you’re asking him? Lets help him clean up first & then offer up the air tight security required thereafter, seems to me suggestions for disinfection would be more effective at this point, agreed dude?
Regards
Xman… (:NRD)
Can you provide more details?
What browser did you use?
What D+ policy you assigned to that browser?
Do you have Comodo memory firewall or Safesurf Installed?
Since I use no AV at the moment and I rely on CFP + Safesurf and other security practices these info could profe useful and informative.
Hello Gibran,
I use Opera browser all the times, which kinda surprised me, but not even Opera is that unbeatable.
I use CFP with D+ set in Safe Mode, with Opera’s policy set to “Web Browser”.
Along side with CFP, I use NOD32 3.0 (latest version), CMF, Comodo Boclean and SUPERAntispyware Pro.
Besides all that I have my own customized Hosts file with more than 89.000 entries there, all updated and verified every day.
Also got a list of known hosts and IPs to be bad and are blocked.
I did notice that in my hosts file I got these 2 entries:
0.0.0.0 powerantivirus2009(dot)com
0.0.0.0 www(dot)powerantivirus2009(dot)com
The problem is that the link I accidentally clicked redirected me to scanner(dot)powerantivirus2009(dot)com, hence not being able to prevent such initial “attack”.
And what freaks me out, and I believe you have been reading all comments behind, is that I analyzed the log provided by a-squared HijackFree at the emsisoft site and it found some nasties. I believe those are accurate, after all would be a tremendous coincidence, and SAS also detects a few and can’t eliminate them.
But as soon as I verified my system with A-squared Anti-malware, found nothing at all. Nothing seems to find nothing, but SAS and the analyzed log of HijackFree.
GMER also found 4 rootkits, but since I first tried to eliminate the malware with SAS, never finds them again.
I also considered, yesterday, to go for the 30-day trial removal offered by Comodo, but a credit card number is needed and I don’t have one.
I honestly don’t know what else to do… and formatting is no guarantee that the malware will be wiped as well.
I installed a few additional layers of security at the moment, specially an extra behavior analyzer, along side with D+ HIPS. Just in case… Not that it might block something, but offers more security at the moment, until I solve this.
Then that worrisome for me. I use opera to lessen exploitability chances and Safesurf like CMF to prevent drive-by downloads.
I guess you assigned Opera a D+ custom policy too.
Since D+ didn’t catch it maybe it was a BO exploit that was able to operate in the context of D+ opera policies.
As I read that those site redirect to a different exploit page I feel a little frustrated.
If CFP protection was bypassed then Comodo developer could have examined the specific page to assess the infection mechanism and address it.
It could prove useful to create a separate topic in Leak Testing/Attacks/Vulnerability Research to address this vulnerability.
Maybe those exploit pages are cycled through a limited set and a developer could spot the specific page that caused the infection.
Thanks for these infos
Hey Dark,
Have you tried f-secure`s blacklight it may be worth a try.
Yes, I have. Also checked with AVG Antirookit, Rootrepeal (but I can’t intrepert the results), Rootkit Revealer (but the system freaked out and had to close it).
I was wondering if any of you guys knows how to interpret, in-depth, the a-squared HijackFree results and give me some hints on how to manual remove these nasties.
The log will be on-line for 7 days, I think, on the emsisoft servers, so perhaps any of you guys could assist me? Dont know… am out of ideas.
I could PM a mod to tell them which links I came across with. Or is it fine to put them here? Of course, I would write something like www(dot)nastiesaremean(dot)com.
Then you guys could report to Comodo developers.
Tell me the best way. 
Have you tried Dr WebCurit?
Totally forgot about it. I am downloading latest version now… will see what finds… thanks.
I will get in touch with other mods even though there has been a precedent for malware with unclickable URLs we didn’t ban.
Hi Dark, how is coming along dude? did you try killing it with Rising AV or are you going to keep it optional as a last ditch effort?
Regards
Xman (:KWL)