The alert window is covered by the malware

a256886572008 · August 15, 2011, 11:17am

FVS report:
http://valkyrie.comodo.com/Result.aspx?sha1=a46baaa4788823450fe192ca62e587a0af65f7ab&&query=1&&filename=c2.exe

Please add an item to the settings of CIS,

“the alert window is always on top.”

[attachment deleted by admin]

miloszcz · August 15, 2011, 11:23am

I agree with you, CIS’ alert should have the highest priority :-TU

nunomiguel1975 · August 15, 2011, 12:15pm

hi guys

I apologize for my English

Morphiusz —2011-08-11 01:41:00---- Trojan blocker

nunomiguel1975— 2011-08-13 07:47:13— danger--------very inportant------- lock pc Trojan blocker

http://valkyrie.comodo.com/Result.aspx?sha1=c4f1409ddace8b44fa972b7702bdd7590db91607&&query=1&&filename=xxx_video.exe ---- Final Result: Malware

program are executed 08/15/2011— xxx_video.exe

run program does not detect viruses

The alert window is covered by the malware

[attachment deleted by admin]

wonderlust76 · August 15, 2011, 1:35pm

This is a very very nasty russian ransomware…someone suggested CIS should advertise user that an application wants to run in full screen mode (the tipical ransomware strategy to inhibit any termination attempt), to avoid these problems…even because if I remember properly, this malware prevents task manager and windows safe mode to work…

Whoop-dee-doo · August 15, 2011, 3:32pm

I see this as a major problem that Comodo must address. I had the same issue when testing CIS 5.8 Beta.

Here was my recommendation:
“Comodo needs to find a way to prevent a sandboxed malware from taking focus (full screen or not). When this happens, it often makes the PC unusable, especially when an undetected malware goes full screen (an undetected malware can take focus even after reboot). In my case, the heuristics detected the malware, and even though I blocked it, it ran in the sandbox and stole focus.”

Many users have requested a “full screen/steal focus” warning. Hopefully Comodo will find a way to address this!

kjdemuth · August 15, 2011, 5:08pm

Hey does anyone have a sample of this ransomeware? If so send it via PM. Please

captainsticks · August 22, 2011, 10:42am

Hi TurboRO,
Kjdemuth is a member of the MRG and he wasn’t asking for it to be posted on the Forum, he was asking for it via PM most likely for research purposes.

kjdemuth · August 22, 2011, 2:10pm

Sorry TurboRO. I didn’t want it to be posted just wanted a PM for a sample of it. I couldn’t find a sample of it anywhere. It’s sad when you want to get infected but can’t. I’m aware of the forum policy, next time I won’t post it in a thread.
Yes I was looking for it for research. Thanks captainsticks.

Citizen_K · August 24, 2011, 1:06am

I see no problem with disseminating a malware by pm in the public part of the forums. That’s a standing practice.