MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
 ·Bell Sympatico
 ·Cogeco Cable
1 edit | reply to MADx
Re: Latest Comodo BoClean Information
I broke down yesterday and downloaded the CBO_4.23 and installed it with out un-installing BOC 4.22 and i haven't had any problems with either one as of yet.
I only did this to see what all the fuss was about un-installing 4.22 before installing 4.23. |
|
buttoni
Premium
join:2005-08-16
Temple, TX
·AT&T Yahoo
·AT&T DSL Service
| reply to Rocky67
Thanks Grimy. Good to hear they work together OK. Sounds like I'm good to go. Actually, I just checked and Im running CS 2.1.946 (I forgot the last update). Think I'll give BOC a try!
Comodo will hopefully alert me if I need to change anything in my FW settings. Going to check over on the Comodo BOC forum to see if any settings recommendations are being recommended before installing. I pretty much have Comodo's default settings right now.
--
-------
WinXP Home SP2; Firefox 1.5.10; IE6; Comodo 2.4; Avast4; CounterSpy 2.0; SBC/ATT DSL 2Wire modem |
|
Rocky67
Pencil Neck Geek
Premium
join:2005-01-13
Orange, CA
·AT&T Yahoo
| You're gonna get multiple pop-ups from Comodo firewall asking if BOC and the BOC updater can connect out using several different TCP and UDP ports. Just give it permission and you're good to go.
--
"The Internet? Is that thing still around?" - Homer |
|
buttoni
Premium
join:2005-08-16
Temple, TX | Will do. Thanks again. |
|
testings_r_good
@net.au
 from:
dadkins 
| reply to MADx
I'm giving it a go, so far its 1/2 out of 3
1.. a new spambot was the first thing i tried after reading Kevin specifically say they miss and WE catch.
BZZT. complete fail detected no dropper and no DLL.
2.. a VUNDO.. BOClean stopped it ! but as someone has posted correctly it is having a problem removing the file. This is where a scanner can be used even if that has to occur in Safe Mode.. its something the user can do themselves. HALF POINT.
3.. a downloader.. FAIL.. and here comes lots of malware it downloaded.. a BZUB .. FAIL AGAIN.. this same BZUB is detected by AntiVir, AVG, BitDefender, KAV, Ewido, TrojanHunter and more and is days old
So far not impressed enough to bother going further.. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | said by testings_r_good :
I'm giving it a go, so far its 1/2 out of 3
1.. a new spambot was the first thing i tried after reading Kevin specifically say they miss and WE catch.
BZZT. complete fail detected no dropper and no DLL.
2.. a VUNDO.. BOClean stopped it ! but as someone has posted correctly it is having a problem removing the file. This is where a scanner can be used even if that has to occur in Safe Mode.. its something the user can do themselves. HALF POINT.
3.. a downloader.. FAIL.. and here comes lots of malware it downloaded.. a BZUB .. FAIL AGAIN.. this same BZUB is detected by AntiVir, AVG, BitDefender, KAV, Ewido, TrojanHunter and more and is days old
So far not impressed enough to bother going further..
 Another amateur VM tester..so what update did you use
»www.nsclean.com/trolist.html
better go back to that thread now and read it again on what was found left and where it was found. 
»HJT- BYXYAAX.DLL & MORE
and when you tested that BOClean..turn off the rest of those AVs..and then have a set up in a lab actually trying to infect a machine..and if you don't know how to set that up try for some hint from this lab. It is a good one hour interview..but it will give you some hints.
»Mikko Hypponen on Emergent Virus Threats
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
vmware_yes
@net.au
from:
Name Game
| Latest update was installed, I rebooted
http://www.youtube.com/watch?v=wQa6EtkK-MY
This video is the downloader, name is included and it turns out Kaspersky engine detects that downloader since Valentines day.. google the trojan name and look at F-Secure writeup. Sorry, next time I use VMware HIGH QUALITY I didnt realise would be only 2-3 MB. Still have the vid in quality though, just youtube blurred it 
The BZUB is downloaded as well as something infecting the system files, and Windows CD warning comes up.. still no peep from BOC |
|
yeah_need_name
@net.au
from:
Name Game
| If you didn't notice VM has NO AV on it and disabled security software.. better say that to be clear.
The vundo was just a plain old something KEYGEN.exe 31kb which drops the usual 27k Vundo into Winlogon
BOC detected the EXE and sure enough it deleted it but the DLL was already entered into the Winlogon registry and showing in Hijackthis, and couldnt be deleted by hand so it was running. BOClean soon gave an error and died.. mouse over tray icon it disappeared. So they crashed its kill and or delete routines ? perhaps.. might try that one again with AppDefend enabled
What I don't favour or understand is why KAV detect "virtumonde packed" and don't alarm.. OK it might be detected the next day.. still odd ! |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
2 edits | What setting/configuration did you have on BOclean ?
»nsclean.com/supboc.html
»Re: Ad-Aware False Positives? |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
·RoadRunner Cable
| Hmmm.. I use KAV and have it set up to the max.. and I've tried to get vundo... it kills it every time.. In fact even with BOClean it never gets to the point to run in memory so KAV kills it before BOC realizes it is there..
--
da Cajun Darn I hate Malware |
|
