Comodo Internet Security 7 (REVIEW)

[Cats-4_Owners-2]

cruelsister,
your Backdoor Crime Scene Investigation was impressive!

This is something that has been around for quite a while. It's a Backdoor that when running the parent file (server.exe) will spawn a payload daughter as well as a few registry entries, one of which will start the daughter (trojan.exe) on reboot.

..I was relieved to read the parent file spawned 'a payload daughter...a few registry entries, one of which will start the daughter (trojan.exe)' rather than a cruel-'sister' (trojan)!

 

[nissimezra]

So you want to blame UAC for not protecting you when you failed to keep Windows updated? You were using out-dated version of Internet Explorer and since you don't have Windows Updates on automatic MSE was probably not updated either. What did you expect to happen? CIS would not have protected you either because it can not block exploits in Windows OS kernel, only Windows Updates can.

Keeping Windows up to date is most important thing you should do for security, no AV or any other type of security software products can protect you from Windows vulnerabilities. There is a reason Microsoft puts so much work into Windows Updates, new vulnerabilities are found all the time. Your story sounds much more believable now since you admit that you were running everything out-dated, probably flash player and Java as well. If you leave your doors open then the flies will come in, that is your fault.

That link you posted means nothing now, you you realize how many vulnerably patches have been applied since Nov. 2009?

Keep Windows and your software updated if you don't want this to happen again. Move to a more secure browser like Firefox or Google Chrome and add security extensions. You can create a thread with your config here and members will help you.

Enjoy!!

I am not blaming UAC in anything.
I just told you my story letting you know that it's possible to bypass UAC, it doesn't matter whether the sys is up to date, UAC is suppose to ask me if to let changes take place. in my case it didn't

Java was not up to date

flash I'm not sure

adobe reader i never update

MS office never update

MSE was up to date, you don't have to turn on auto update for MSE to be able to update it in win 7

OS was not up to date and IE was not up to date but 2 years ago i dont think ie was updated

I am not surprised that i got infected and it is not a problem for me getting infected as i explained above

thanks and good night

 

[illumination]

why?
I have no problem getting infected, it will take 20 minutes to recover my system back. I always have an image ready. I have 2 partitions one for the OS and one for data, i have scheduled backup on a network pc that back up my data partition to another pc.
in 95% of the time the only partition that get infected is the OS so any virus is welcome

why to be bother with UAC and automatic update?

in the last five years on 10 family computers i had around 2 infection, one mention here and the other one was 5 months ago, i'm not sure it was infection but lets assume so.
does it really worth all the bugging?

My question to you would be, why are you hanging around a security forum, if you consider securing your system "bugging"?

I could give you a full list of reasons, but im not going to, i think this one should suffice.

Why waste time "not to mention wear and tear on your system" reformatting every time your system becomes "unstable" or "infected" from lack of "security and Stability" patches from windows.

 

[illumination]

I am not blaming UAC in anything.
I just told you my story letting you know that it's possible to bypass UAC, it doesn't matter whether the sys is up to date, UAC is suppose to ask me if to let changes take place. in my case it didn't

A seatbelt in an automobile is supposed to protect you also, but if your driving your car at speeds over 130MPH and drive off a cliff, it probably will not

 

[nissimezra]

My question to you would be, why are you hanging around a security forum, if you consider securing your system "bugging"?

I could give you a full list of reasons, but im not going to, i think this one should suffice.

Why waste time "not to mention wear and tear on your system" reformatting every time your system becomes "unstable" or "infected" from lack of "security and Stability" patches from windows.

Well, do you know that updates making a lot of problems?
In my opinion it is not a good idea to update the sys every day it is better to do once a month or 2
and getting ready for problem by creating sys restore point

I never reformat just restoring IMAGE it takes 20 minutes

 

[Cats-4_Owners-2]

I am not blaming UAC in anything.
I just told you my story letting you know that it's possible to bypass UAC, it doesn't matter whether the sys is up to date, UAC is suppose to ask me if to let changes take place. in my case it didn't

Java was not up to date

flash I'm not sure

adobe reader i never update

MS office never update

MSE was up to date, you don't have to turn on auto update for MSE to be able to update it in win 7

OS was not up to date and IE was not up to date but 2 years ago i dont think ie was updated

I am not surprised that i got infected and it is not a problem for me getting infected as i explained above

thanks and good night

Well, it's a good thing you are prepared with proper backup. Not everyone can recover as easily. Whichever was the cause that let in the back door trojan, I feel sorry it happened, but not as sorry as the people of Troy must have been all those years ago when someone decided to roll that horse in through the gates. Too bad they couldn't 'backup' their city.
Thank you for your story, nissimezra. Like you, I neither do automatic updates as often as some nor do I wait as long as others, but I have read IE is more secure than ever! We all really want the same thing here, you know. Systems to be more secure, and The World Government not to take away our freedoms by giving us Trojan Horses we can't take for rides without getting infected! In the meantime, I'll look forward to more stories you'll share!

 

[Deleted member 178]

I am not blaming UAC in anything.
I just told you my story letting you know that it's possible to bypass UAC, it doesn't matter whether the sys is up to date, UAC is suppose to ask me if to let changes take place. in my case it didn't

Java was not up to date
flash I'm not sure
adobe reader i never update
MS office never update
MSE was up to date, you don't have to turn on auto update for MSE to be able to update it in win 7
OS was not up to date and IE was not up to date but 2 years ago i dont think ie was updated

looks like a cracked OS , not updated , most critical known malwares vectors has holes widely open for penetrations , i even wonder if UAC is even really active.

Well, do you know that updates making a lot of problems?
In my opinion it is not a good idea to update the sys every day it is better to do once a month or 2
and getting ready for problem by creating sys restore point

i updated every day , never had any issues since win98; restore points are useless.

 

[nissimezra]

looks like a cracked OS , not updated , most critical known malwares vectors has holes widely open for penetrations , i even wonder if UAC is even really active.




i updated every day , never had any issues since win98; restore points are useless.

not cracked OS, new pc with genuine operating system.

if you don't know there are good crack that you can fully update the system

i just don't believe in updates I think thats that what microsoft want u to believe so you'll buy their products. and it's sure working

 

[Deleted member 178]

not cracked OS, new pc with genuine operating system.

if you don't know there are good crack that you can fully update the system

i just don't believe in updates I think thats that what microsoft want u to believe so you'll buy their products. and it's sure working

i know about crack , but mostly people that don't update are those using pirated version.

there is a difference between updating the OS and upgrading the OS; updates are free and really fix security holes.

when i read your post , i see : "hi, my car has no working breaks and seatbelts because i dont like them"

 

[nissimezra]

i know about crack , but mostly people that don't update are those using pirated version.

there is a difference between updating the OS and upgrading the OS; updates are free and really fix security holes.

when i read your post , i see : "hi, my car has no working breaks and seatbelts because i dont like them"

yep, I've seen more problem caused by updates then a virus

I worked on a big company and more problem are from update.

you dont have to update windows to keep safe, if it make you feel more secure do it
I'ts only about what you feel

 

[Deleted member 178]

normally in a company, the IT if competent enough, should not have update issues; he just have to update the main "ghost" and install it to all computers when the employees are out.

and NO, updates are holes fixes, everytime a hole is discovered by 3rd parties, microsoft patches it. I don't mention optional updates.

 

[nissimezra]

Well, it's a good thing you are prepared with proper backup. Not everyone can recover as easily. Whichever was the cause that let in the back door trojan, I feel sorry it happened, but not as sorry as the people of Troy must have been all those years ago when someone decided to roll that horse in through the gates. Too bad they couldn't 'backup' their city.
Thank you for your story, nissimezra. Like you, I neither do automatic updates as often as some nor do I wait as long as others, but I have read IE is more secure than ever! We all really want the same thing here, you know. Systems to be more secure, and The World Government not to take away our freedoms by giving us Trojan Horses we can't take for rides without getting infected! In the meantime, I'll look forward to more stories you'll share!

you shouldn't mix your OS with your personal data, if you are a user who know what he's doing then you can use any OS without updating.
a lot of ways to create an image and these days very easy to create a partition. you can even move your desktop to the safe partition.

if you want tuotorial let me know i'll give you links

 

[Nico@FMA]

I am not blaming UAC in anything.
I just told you my story letting you know that it's possible to bypass UAC, it doesn't matter whether the sys is up to date, UAC is suppose to ask me if to let changes take place. in my case it didn't

Java was not up to date

flash I'm not sure

adobe reader i never update

MS office never update

MSE was up to date, you don't have to turn on auto update for MSE to be able to update it in win 7

OS was not up to date and IE was not up to date but 2 years ago i dont think ie was updated

I am not surprised that i got infected and it is not a problem for me getting infected as i explained above

thanks and good night

Maybe iam putting this wrong here, but how about those nasty virusses? The ones like rootkits which can survive partition wipe?
It seems that you only did have 2 infections, which is not true and let me tell you why, any computer on the internet is a target for virusses.
And given the fact yours is not patched, you can be sure that a good antivirus program could point out a few more virusses.
Having a backup is great, however it only takes care of 30% of the problem, the other 50% would be your security software and the last 20% are the updates.
So it seems that you got lucky all this time, because friend one day you get this little harmless (or not so ^^) trojan dropper and a exploit will inject a nice piece of code into your core files, and then its bye bye computer as your bios just got rewritten (without you being able ever to repair this)
And if you look around on the forum you see that 80% of all the people asking for malware removal are guys like you (With all respect)
You do not need a super duper antivirus protection and bla bla bla but the basic layers should be in place, and in the very near future banks and payment companies online are going to force the user to keep a updated computer, otherwise they will block you from the payment system. (Law is being drafted here in Netherlands, EU and US will probably follow soon) And they will do this because people like you (With respect) are the ones that cause secure systems like that of your local bank to break down as your (The client) computer is infected then due to the secure channel you can actually infect the bank network. (Just a little example)

So why do you not do your self a favor, update your pc, install a base line AV and avoid risking a damaged pc.

 

[ifacedown]

LB- Here is a file that you requested:

http://www.adrive.com/public/kM2xQf/Server.7z

Password is infected

Please note that I grabbed this file from the malware pack kindly supplied today by friend Yigido here:

http://malwaretips.com/threads/2014-04-13-20.25413/#post-183484

This is something that has been around for quite a while. It's a Backdoor that when running the parent file (server.exe) will spawn a payload daughter as well as a few registry entries, one of which will start the daughter (trojan.exe) on reboot. It will connect to Control over the Internet to send/receive data. For this particular trojan Command is located in Baghdad, Iraq (specifically IP 37.236.31.34).

I tested this file in 2 scenarios- One was a Win7 in a VM, the other was Win8.1 non-virtualized. In both cases:

1). Security Center Enabled
2). Windows Defender Enabled
3). Windows Firewall Enabled
4). UAC set to Maximum (Always Notify)

When these settings were made Windows was rebooted. Upon startup UAC was verified to be operational by running Malwarebytes and Killswitch (UAC notifies for each).

In both the Win7 and Win8.1 systems when the malware sample was run there were NO UAC alerts; there was also no Firewall alert when the daughter connected to Iraq.

On reboot trojan.exe was resident in memory and it had established an outbound connection to Command in Iraq.

I also ran this trojan on a system protected by Comodo Firewall. Even at the default Partially Limited setting the malware was contained in the sandbox and the autostart registry entries were suppressed, with no resultant system infection occurring.

Hello,

To be honest, I have an answer here from a anti-executable software developer. He says confidently that their product blocked the malware, but the same malware sample DID bypass the UAC.

He was using Windows 7 64-bit, but NOT updated. He says that UAC is not being updated by Windows nontheless, as much as he knows.

 

[illumination]

Hello,

To be honest, I have an answer here from a anti-executable software developer. He says confidently that their product blocked the malware, but the same malware sample DID bypass the UAC.

He was using Windows 7 64-bit, but NOT updated. He says that UAC is not being updated by Windows nontheless, as much as he knows.

Ok folks...

UAC "front Door of house with a Guard".... Unpatched windows, "Hole in a wall of the back of the house" behind the guard.....

Make sense yet?

Even if you have the best internet security there is, and you do not keep your windows patched, you will become eventually infected.

 

[nissimezra]

Maybe iam putting this wrong here, but how about those nasty virusses? The ones like rootkits which can survive partition wipe?
It seems that you only did have 2 infections, which is not true and let me tell you why, any computer on the internet is a target for virusses.
And given the fact yours is not patched, you can be sure that a good antivirus program could point out a few more virusses.
Having a backup is great, however it only takes care of 30% of the problem, the other 50% would be your security software and the last 20% are the updates.
So it seems that you got lucky all this time, because friend one day you get this little harmless (or not so ^^) trojan dropper and a exploit will inject a nice piece of code into your core files, and then its bye bye computer as your bios just got rewritten (without you being able ever to repair this)
And if you look around on the forum you see that 80% of all the people asking for malware removal are guys like you (With all respect)
You do not need a super duper antivirus protection and bla bla bla but the basic layers should be in place, and in the very near future banks and payment companies online are going to force the user to keep a updated computer, otherwise they will block you from the payment system. (Law is being drafted here in Netherlands, EU and US will probably follow soon) And they will do this because people like you (With respect) are the ones that cause secure systems like that of your local bank to break down as your (The client) computer is infected then due to the secure channel you can actually infect the bank network. (Just a little example)

So why do you not do your self a favor, update your pc, install a base line AV and avoid risking a damaged pc.

Thanks

I'have never heard of a virus that stay on the drive after doing low-level format, it is possible after formating but no way after low-level format.

as for the bios I never heard about a virus that wiped a bios, even though it is possible from the os to kill the bios.

as for people who using online banking or paypal in this case it is highly recommended to keep everything up to date, but for home user who know what thy doing come on.

remember that auto update in windows taking a lot of resources, even with duel core it's affecting people's work, so if you r using pentium 4 and running auto update the you can't work. and there are people who are still using old pc's.

disabling auto update after fully updating the system is a good idea

I've seen many computers with the best security softwers and up to date that got infected and had fishing coze the av didn't detect the fishing site.

so for advance user it is not nececery to live auto update on, to update the system once after installing windows and after that once in 6 month enough

 

[illumination]

Thanks
so for advance user it is not nececery to live auto update on, to update the system once after installing windows and after that once in 6 month

There is a big difference between an advanced user and a lazy user. Also a big difference from those that know, and think they know.

An advanced user will make sure everything is patched on their system, not just windows operating system, but all programs as well. They would also use complete common sense in how they interact with those programs and the internet, as well as others on the internet.


I truly hope you are the only person on your network, and that others are not vulnerable from your perspective.

 

[Koroke San]

Thanks

I've seen many computers with the best security softwers and up to date that got infected and had fishing coze the av didn't detect the fishing site.

so for advance user it is not nececery to live auto update on, to update the system once after installing windows and after that once in 6 month enough

yup, in 2012 i was using pre-cracked window 7 with updates disabled & was using AVG internet security 2012. i faced many viruses but AVG dealt with them. Though it's not necessary to update everything from window update, but it's good if u install critical updates & security patches for ur pc.

 

[kjdemuth]

Low level rootkit, Badbios virus and Moon worm (router virus). Just name a few.

 

[nissimezra]

thank you all for the info, I learned something new that i wasn't aware of.

I've just updated my pc and i will do it again within the next month