Taking up residence invisibly in the recycle bin is a very common approach for Password Stealers/Backdoors/Botnets/Rootkits. As far as no autorun entry being present, I really don’t know what you mean as this particular malware will stay lodged in the bin on every reboot, so indeed it does start with Windows. Also, as you have noted yourself in the CAMAS report, files were compromised, registry keys created.
The only way to detect and clean the infection proper is with a second opinion scanner, and this will only clear the malware itself, but not reverse changes made.
But to Comodo’s credit, all 3 samples I provided were detected either by the cloud or in the def set within 12 hours of submission.
With the upcoming versions of CIS be prepared to see full BB + virus reverser
“If you install an app and later find its malware CIS will be able to reverse all the actions made by the malware. Im thinking this combined with the BB will be extremely powerful. It will fix the problem with dropped files when a piece of malware runs as partially limited”.
I don’t know anything about the above but I would recommend against assuming that it will be in THE next version, spywar says "upcoming versions and “be prepared” so while it seems it’ll come eventually, it doesn’t sound like the very next version. Just to avoid any disappointments if the next version comes without these features.
Windows 7 32 bit was used. The reason of the 32bit use was that yesterday when we ran our tests there was a number of 32 bit specific malware available.
Also, changing CIS settings to Safe mode and the inclusion of the C:/? in Protected files will obviously have no effect.
CIS is a superb product already and the fact that they were within hours of after first detection in providing definitions for these malware samples to my mind totally puts to rest the misconception that the AV is not strong. To expand on this, these samples were part of a malware package we collected- it totaled 1150 unique samples from zero day to D+3. CIS detected all but 65 via Cloud/AV. Sixty-two were rendered harmless by D+, leaving only these 3 not stopped. I would consider this ratio nothing short of superb.
But we should all try to attain perfection, thus my bringing this up.
iv been testing CIS in default settings against this zeroaccess. CIS successfully blocked the rootkit. It was able to drop some files in the recycle bin but the rootkit never runs in memory and isnt allowed to create a registry key to run at boot so the files are sitting there harmless.