My colleague gave me his PC infected with trojan last night.
It disabled Task Manager, Registry Editor, Safe Mode and System Restore.
Tried HitmanPro with Force Breach. scanned but couldn’t clean. Abort.
Tried to install Malwarebytes, get error during arround 50% install. Abort.
Started CCE, updated, full scan, found 125 threats, all related to problem. Cleaned, computer works.
Very old machine, XP SP2, 240MB Ram, 40ish GB HDD… Scan done of over 4 million files in 3 hours.
One false positive [heuristics high] for old printer driver file, submitted as false positive.
Verdict: Awesome! :-TU
Nice!! :-TU :-TU :-TU It’s not half bad, is it? 
Ewen 
It did the job what was supposed to do 8)
This is only the start of a one good cleaning product
we will continue to improve it!
Melih
Is there a way to test the capabilities of KillSwitch to kill running malware?
I mean, of course, something like disabling the resident antivirus and then running eicar test and kill it by KillSwitch? Is there any other way to test it?
Of course I can test KillSwitch with clean processes. But I can’t kill protected processes for instance. KillSwitch does nothing against them.
I’m just thinking what will happen when I try to kill a resistant malware running :
Did you try right click>terminator option?
To what? A clean process? It will work for sure.
What can it do against a protected process?
[attachment deleted by admin]
Go to services and stop avast service…
Then delete service.
Then go to processes and if still running, try again to terminate it.
Terminate it, the driver is loaded.
Right-click on the process you want to terminate, select Terminator. Run all and post the result here.
Thanks.
Eh eh… It’s not that easy… You can’t terminate malware that easy… as you can’t stop avast that easy…
Windows cannot stop avast service without user interaction. Malware can block this option…
[attachment deleted by admin]
With driver loaded, you can’t terminate any type of malware as you can’t terminate the antivirus (that easy)…
I’m laughing on “process is terminated” message… The first run could only win at stage CH1. Then running each test individually get the “ok” status… But the process stays there, running, not a signal of being really killed.
[attachment deleted by admin]
I killed avast pretty easy. What I did is that I killed the UI first using terminator, then I used terminator to kill the service. It restarted a few times but after killing it two or three times it stopped restarting and it was gone for good.
Thanks for the screenshot. Actually (Not available) for TP3 and TT3 indicates that the driver is not loaded.
From wj32, developer of Process Hacker:
Mine happened the same. avast indeed is being killed if you run more than once.
[attachment deleted by admin]
I haven’t seen a better killer than the terminator in D+, I’ve killed kaspersky with it , I would assume Avast! will fail easily…
It’s not a matter of failure. Every antivirus will fail. This was extensively discussed in a reserved part of avast forums and the technical conclusion is that, once loaded, the driver could do anything at kernel level.
What you really need (as opposed to want) is feedback about problems and perceived issues…
Seems like a great program but to be truthful i am not too sure what one does with KillSwitch so I don’t use it…
Couldnt have said it any better! The time it takes to hunt down a bad process with this tool is cut down to nothing compared to hunting manually! I cant thank Comodo enough for all these great programs they provide for free!
you are very welcome!
this is exactly what KillSwitch was designed to do.
thank you for your appreciation guys, it makes us feel good…
thank you
Melih