forser
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Добрался до теста четверки (4.0.138377.779) на Матоусек. Основные настройки из конфига: processes=3 explorer.EXE cfp.exe cmdagent.exe files=6 C:\!\COMMAND.COM C:\!\ntldr C:\!\panel-background.png C:\!prot\COMMAND.COM C:\!prot\ntldr C:\!prot\panel-background.png registry=2 HKLM\System\SOFTWARE\Comodo\\Test1 HKLM\System\SOFTWARE\Comodo\\Test2 Примечания: 1. Папка C:\!prot* добавлена в "Защищенные файлы". 2. Остальные файлы не добавлены в "Защищенные файлы". 3. Значения ("Test1" и "Test2") ключа HKLM\System\SOFTWARE\Comodo добавлены в "Защищенные ключи реестра" (по умолчанию, - группа "Ключи реестра COMODO"). 4. Исправил "дефолтную ошибочку", о которой писал XenoZ. 5. Добавил в защищённые COM-интерфейсы LocalSecurityAuthority.Shutdown, о чем писал Ujinnee. 6. Win XP SP2. 7. Песочница отключена. 8. Проактивка - Параноидальный. 9. Файрвол - Пользовательский. И, собственно, результат: 2010.03.29 --- Level 1 --- autorun1.exe - YOUR SYSTEM PASSED THE TEST! autorun3.exe - YOUR SYSTEM PASSED THE TEST! breakout2.exe - YOUR SYSTEM PASSED THE TEST! coat.exe - YOUR SYSTEM PASSED THE TEST! echotest.exe - YOUR SYSTEM PASSED THE TEST! filedel2.exe - File "C:\!\COMMAND.COM" deleted. File "C:\!\panel-background.png" deleted. 2 file(s) removed. kill1.exe - YOUR SYSTEM PASSED THE TEST! kill2.exe - YOUR SYSTEM PASSED THE TEST! leaktest.exe - YOUR SYSTEM PASSED THE TEST! tooleaky.exe - YOUR SYSTEM PASSED THE TEST! wallbreaker1.exe - YOUR SYSTEM PASSED THE TEST! yalta.exe - YOUR SYSTEM PASSED THE TEST! --- Level 2 --- autorun2.exe - YOUR SYSTEM PASSED THE TEST! autorun12.exe - YOUR SYSTEM PASSED THE TEST! autorun20.exe - YOUR SYSTEM PASSED THE TEST! autorun30.exe - YOUR SYSTEM PASSED THE TEST! awft1.exe - YOUR SYSTEM PASSED THE TEST! dnstest.exe - YOUR SYSTEM PASSED THE TEST! filemov2.exe : File "C:\!\COMMAND.COM" added to buffer. File "C:\!\ntldr" added to buffer. File "C:\!\panel-background.png" added to buffer. File "C:\!prot\COMMAND.COM" added to buffer. File "C:\!prot\ntldr" added to buffer. File "C:\!prot\panel-background.png" added to buffer. ERROR: Unable to set registry value "PendingFileRenameOperations" under registry key "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager". ghost.exe - YOUR SYSTEM PASSED THE TEST! hostsblock.exe - YOUR SYSTEM PASSED THE TEST! jumper.exe - YOUR SYSTEM PASSED THE TEST! kill3.exe - YOUR SYSTEM PASSED THE TEST! kill6.exe - YOUR SYSTEM PASSED THE TEST! regdel1.exe - 0 registry key(s) removed. 0 registry value(s) removed. wallbreaker3.exe - YOUR SYSTEM PASSED THE TEST! wallbreaker4.exe - YOUR SYSTEM PASSED THE TEST! --- Level 3 --- autorun4.exe - YOUR SYSTEM PASSED THE TEST! autorun16.exe - YOUR SYSTEM PASSED THE TEST! autorun24.exe - YOUR SYSTEM PASSED THE TEST! autorun31.exe - YOUR SYSTEM PASSED THE TEST! awft3.exe - YOUR SYSTEM PASSED THE TEST! awft4.exe - YOUR SYSTEM PASSED THE TEST! dnstester.exe - YOUR SYSTEM PASSED THE TEST! filerep1.exe : File "C:\!\COMMAND.COM" replaced. File "C:\!\panel-background.png" replaced. 2 file(s) replaced. kernel1.exe - YOUR SYSTEM PASSED THE TEST! kill3f.exe - выгружается панель задач, explorer, по всей видимости не убивается т. к. открытые папки не выгружаются, запускается проводник, процесс висит в памяти потребляя до 70% ресурсов процессора. kill4.exe - YOUR SYSTEM PASSED THE TEST! kill7.exe - YOUR SYSTEM PASSED THE TEST! regset1.exe - 0 registry value(s) changed. sss2.exe - YOUR SYSTEM PASSED THE TEST! suspend1.exe - YOUR SYSTEM PASSED THE TEST! thermite.exe - YOUR SYSTEM PASSED THE TEST! wallbreaker2.exe - YOUR SYSTEM PASSED THE TEST! --- Level 4 --- autorun6.exe - YOUR SYSTEM PASSED THE TEST! autorun9.exe - YOUR SYSTEM PASSED THE TEST! autorun14.exe - YOUR SYSTEM PASSED THE TEST! autorun17.exe - YOUR SYSTEM PASSED THE TEST! autorun26.exe - YOUR SYSTEM PASSED THE TEST! autorun36.exe - YOUR SYSTEM PASSED THE TEST! autorun37.exe - YOUR SYSTEM PASSED THE TEST! autorun-nat.exe - Приложение C:\Level4\autorun-nat.exe нельзя запустить в режиме Win32. copycat.exe - YOUR SYSTEM PASSED THE TEST! cpil.exe - YOUR SYSTEM PASSED THE TEST! cpilsuite1.exe - YOUR SYSTEM PASSED THE TEST! filerep2.exe - 0 file(s) replaced. inject2.exe - YOUR SYSTEM PASSED THE TEST! inject3.exe - YOUR SYSTEM PASSED THE TEST! kernel1b.exe - YOUR SYSTEM PASSED THE TEST! keylog1.exe - YOUR SYSTEM PASSED THE TEST! kill3e.exe - YOUR SYSTEM PASSED THE TEST! kill8.exe - YOUR SYSTEM PASSED THE TEST! kill9.exe - YOUR SYSTEM PASSED THE TEST! sss.exe - YOUR SYSTEM PASSED THE TEST! suspend2.exe - YOUR SYSTEM PASSED THE TEST! --- Level 5 --- autorun5.exe - YOUR SYSTEM PASSED THE TEST! autorun15.exe - YOUR SYSTEM PASSED THE TEST! autorun18.exe - YOUR SYSTEM PASSED THE TEST! autorun21.exe - YOUR SYSTEM PASSED THE TEST! autorun28.exe - YOUR SYSTEM PASSED THE TEST! breakout1.exe - YOUR SYSTEM PASSED THE TEST! cpilsuite2.exe - Если разрешить глобальный хук cpilsuite2dll.dll - провален, если не разрешать - YOUR SYSTEM PASSED THE TEST! crash1.exe - YOUR SYSTEM PASSED THE TEST! crash2.exe - YOUR SYSTEM PASSED THE TEST! crash3.exe - YOUR SYSTEM PASSED THE TEST! crash4.exe - YOUR SYSTEM PASSED THE TEST! filewri1.exe : File "C:\!\COMMAND.COM" corrupted. File "C:\!\panel-background.png" corrupted. 2 file(s) corrupted. kernel2.exe - YOUR SYSTEM PASSED THE TEST! kernel3.exe - YOUR SYSTEM PASSED THE TEST! keylog2.exe - YOUR SYSTEM PASSED THE TEST! kill3c.exe - YOUR SYSTEM PASSED THE TEST! kill3d.exe - YOUR SYSTEM PASSED THE TEST! regdel2.exe : ERROR: Unable to add "SeRestorePrivilege" to current process' token. 0 registry key(s) removed. 0 registry value(s) removed. ERROR: Unable to save registry key "SOFTWARE\ssts_blank" under parent key handle 0x80000001 to file "ssts_blank.tmp". svckill.exe - YOUR SYSTEM PASSED THE TEST! vbstest.exe - YOUR SYSTEM PASSED THE TEST! --- Level 6 --- autorun7.exe - YOUR SYSTEM PASSED THE TEST! autorun22.exe - YOUR SYSTEM PASSED THE TEST! autorun25.exe - YOUR SYSTEM PASSED THE TEST! autorun27.exe - YOUR SYSTEM PASSED THE TEST! autorun29.exe - YOUR SYSTEM PASSED THE TEST! autorun32.exe - YOUR SYSTEM PASSED THE TEST! cpilsuite3.exe - Если разрешить глобальный хук cpilsuite3dll.dll - провален, если не разрешать - YOUR SYSTEM PASSED THE TEST! crash5.exe - YOUR SYSTEM PASSED THE TEST! crash6.exe - YOUR SYSTEM PASSED THE TEST! ddetest.exe - YOUR SYSTEM PASSED THE TEST! echotest2.exe - YOUR SYSTEM PASSED THE TEST! filewri2.exe : File "C:\!\COMMAND.COM" corrupted. File "C:\!\panel-background.png" corrupted. 2 file(s) corrupted. firehole.exe - YOUR SYSTEM PASSED THE TEST! flank.exe - YOUR SYSTEM PASSED THE TEST! kernel4.exe - YOUR SYSTEM PASSED THE TEST! keylog3.exe - YOUR SYSTEM PASSED THE TEST! - Тест успешно пройден как сразрешением глобального хука keylog3.exe, так и без оного keylog4.exe - YOUR SYSTEM PASSED THE TEST! - Тест успешно пройден как сразрешением глобального хука keylog4.exe, так и без оного kill10.exe - YOUR SYSTEM PASSED THE TEST! kill11.exe - YOUR SYSTEM PASSED THE TEST! runner.exe - YOUR SYSTEM PASSED THE TEST! --- Level 7 --- autorun8.exe - YOUR SYSTEM PASSED THE TEST! autorun10.exe - YOUR SYSTEM PASSED THE TEST! autorun19.exe - YOUR SYSTEM PASSED THE TEST! autorun33.exe - YOUR SYSTEM PASSED THE TEST! autorun35.exe - YOUR SYSTEM PASSED THE TEST! bitstest.exe - YOUR SYSTEM PASSED THE TEST! crash4b.exe - YOUR SYSTEM PASSED THE TEST! filedel1.exe - File "C:\!\COMMAND.COM" deleted. File "C:\!\panel-background.png" deleted. 2 file(s) removed. filemov1.exe : File "C:\!\COMMAND.COM" renamed to "0_0_COMMAND_COM" under temporary directory. File "C:\!\ntldr" renamed to "0_1_ntldr" under temporary directory. File "C:\!\panel-background.png" renamed to "0_2_panel-background_png" under temporary directory. 3 file(s) renamed. filewri3.exe - File "C:\!\COMMAND.COM" corrupted. File "C:\!\panel-background.png" corrupted. 2 file(s) corrupted. firehole2.exe - YOUR SYSTEM PASSED THE TEST! inject1.exe - YOUR SYSTEM PASSED THE TEST! keylog5.exe - YOUR SYSTEM PASSED THE TEST! keylog6.exe - YOUR SYSTEM PASSED THE TEST! kill12.exe - YOUR SYSTEM PASSED THE TEST! osfwbypass.exe - YOUR SYSTEM PASSED THE TEST! regacc1.exe - 0 registry object(s) changed. runner2.exe - YOUR SYSTEM PASSED THE TEST! schedtest.exe - YOUR SYSTEM PASSED THE TEST! sss3.exe - YOUR SYSTEM PASSED THE TEST! --- Level 8 --- autorun11.exe - YOUR SYSTEM PASSED THE TEST! autorun13.exe - YOUR SYSTEM PASSED THE TEST! autorun23.exe - YOUR SYSTEM PASSED THE TEST! autorun34.exe - YOUR SYSTEM PASSED THE TEST! filedel3.exe - File "C:\!\COMMAND.COM" deleted. File "C:\!\panel-background.png" deleted. 2 file(s) removed. fileopn1.exe - File "C:\!\panel-background.png" corrupted. 1 file(s) corrupted. fileopn2.exe - File "C:\!\panel-background.png" corrupted. 1 file(s) corrupted. kernel4b.exe - YOUR SYSTEM PASSED THE TEST! kernel5.exe - YOUR SYSTEM PASSED THE TEST! kernel5b.exe - YOUR SYSTEM PASSED THE TEST! keylog7.exe - YOUR SYSTEM PASSED THE TEST! kill5.exe - YOUR SYSTEM PASSED THE TEST! newclass.exe - YOUR SYSTEM PASSED THE TEST! schedtest2.exe - YOUR SYSTEM PASSED THE TEST! socksnif.exe - YOUR SYSTEM PASSED THE TEST! sss4.exe - Выскакивает 1. попап: "The output of this test wil be redirected to "sss4.txt" с кнопкой ОК (файл sss4.txt создается в папке теста, но он пустой), затем 2. попап: "Shutdown the system continue" с кнопокй ОК. При нажатии ОК ничего не происходит. --- Level 9 --- crash7.exe - YOUR SYSTEM PASSED THE TEST! fileacc1.exe - 0 file(s) changed. filectl1.exe - 0 file(s) changed. filewri4.exe - ERROR: Unable to open disk "\\?\Volume{a4c28350-74bb-11db-8a21-806d6172696f}" for direct access. Результат, имхо, отличный. Под вопросом только kill3f.exe из Level 3. Но, возможно, это действительно связанно с кривым файлом, это также подтвердил и XenoZ.
---------- Если делаешь, то не бойся. Если боишься, то не делай... Чингисхан Людей мучают не вещи, а представления о них... Эпиктет |
| Всего записей: 1608 | Зарегистр. 03-11-2006 | Отправлено: 15:56 29-03-2010 | Исправлено: forser, 16:51 29-03-2010 |
|