- Mar 7, 2020
- 67
Bitdefender Antivirus Plus vs CXK-NMSL ransomware
- Thread starter dark_wielder
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Apr 28, 2015
- 8,656
- Nov 8, 2016
- 574
- Dec 12, 2016
- 1,148
- Apr 13, 2013
- 3,143
Vitali- CF will block malware such as this without issue. Comodo has a setting (in Advanced Protection) for Script Analysis to be performed. This is enabled by default and will automatically shunt Scriptors of any sort into Containment. So while many must burden themselves with shutting off things like wscript, powershell, python, vbs, etc, CF already has protection against the malicious actions of these Scriptors.
Speaking specifically about CXK-NSML malware, understand that this thingy utilizes only valid Windows commands to do the damage and most Anti-Malware applications will be oblivious to any malicious actions by this script. CF, however, will laugh at it.
As an example of how various AV products handle batch scripts like CXK-NSML, you can test this easily (and safely) for yourself by running a simple Loop script. For instance, try running a simple batch file that does nothing other than open up an infinite number of calculators:
@ECHO off
:top
START %SystemRoot%\system32\calc.exe
GOTO top
Copy the above and save it as calc.bat
Run it (If the calculators start popping up on your desktop, a simple reboot will terminate the script without any ill effect).
This totally innocuous script will be ignored by most security products as it is legitimate (but really so is the certutil command of the CXK-NMSL malware) and will demonstrate a weakness in most AV products that is most definitely NOT shared by CF.
M
Speaking specifically about CXK-NSML malware, understand that this thingy utilizes only valid Windows commands to do the damage and most Anti-Malware applications will be oblivious to any malicious actions by this script. CF, however, will laugh at it.
As an example of how various AV products handle batch scripts like CXK-NSML, you can test this easily (and safely) for yourself by running a simple Loop script. For instance, try running a simple batch file that does nothing other than open up an infinite number of calculators:
@ECHO off
:top
START %SystemRoot%\system32\calc.exe
GOTO top
Copy the above and save it as calc.bat
Run it (If the calculators start popping up on your desktop, a simple reboot will terminate the script without any ill effect).
This totally innocuous script will be ignored by most security products as it is legitimate (but really so is the certutil command of the CXK-NMSL malware) and will demonstrate a weakness in most AV products that is most definitely NOT shared by CF.
M
- Mar 16, 2019
- 3,633
Avast's behavior blocker blocks the sample cruelsister shared for testing in hub which I believe is like a variant of this ransomware.
- Aug 21, 2018
- 505
How it can be detected, if its using legitimate certutil via .bat file? Most of the AV's does not scan inside .bat files, so they fail miserably.
Pretty much the same, if you rapidly encrypt small files with winrar or dos version of it. You can encrypt whole system easily, especially using DOS version of Rar.
Pretty much the same, if you rapidly encrypt small files with winrar or dos version of it. You can encrypt whole system easily, especially using DOS version of Rar.
- Aug 17, 2014
- 10,151
Please take the time to show me the hash of your claimed old Chinese Ransomware?
You probably just don't know what you are talking about...
Similar threads
