- Jan 9, 2013
- 1,457
I was testing the Annabelle ransomware in Shadow Mode. Everything went fine until I decided to allow the execution of the malware to see how it attacks. It was blocked by 360TS on execution even though it wasn't detected by static scan. I got a BSOD 0x0F4. So I had to shut down and restart the PC by pressing the power button.
Booting with Shadow Mode off, what greeted me next is "Server execution failed" when I ran Explorer. This doesn't look good.
I did some troubleshooting and found out that my secondary drive is no longer detected. Not sure but I guess the malware trashed the MBR.
Why this thing happened? I don't know. I should be protected while in shadow mode.
Note: I've recovered all files in the HDD after about 10 minutes.
Booting with Shadow Mode off, what greeted me next is "Server execution failed" when I ran Explorer. This doesn't look good.
I did some troubleshooting and found out that my secondary drive is no longer detected. Not sure but I guess the malware trashed the MBR.
Why this thing happened? I don't know. I should be protected while in shadow mode.
Containment: Shadow Defender v1.4.0.665
Guest/OS: Windows 7 Ultimate 32 bit SP1
Product: 360 TS 9.6.0.1245 (Balanced setting)
Guest/OS: Windows 7 Ultimate 32 bit SP1
Product: 360 TS 9.6.0.1245 (Balanced setting)
Note: I've recovered all files in the HDD after about 10 minutes.