cs.exe has "bypassed" all latest version of RVS2008, ShadowUser and PowerShadow

Only ShadowDefender version 1.1.0.261 is able to withstand the cs.exe malware at this time.

Any version lower than 261 has also been "bypassed".

How's that for Tony's response

 

Can you post some more details about it?

Thanks

 

That is great news but where can we download Shadow Defender version 1.1.0.261? It doesn't appear on Tony's site.

 

Please more info on cs.exe. Sharpei/Gigabyte?

 

Mods here dun allow direct download link. So you should be able to figure out how to download v 1.1.0.261 given the link address to download v1.1.0.259, ie. change a few numbers will work

 

It was detected by my AV as a TrojanDownloader.NYX.Trojan and quarantined. Did not want to download it to cause me troubles.

Be warned.

 

For those that are interested,

The following links below describe cs.exe.

http://www.peterszor.com/sharpei.pdf
http://www.file.net/process/cs.exe.html
http://www.prevx.com/filenames/131946120005927461-0/CS.EXE.html
http://www.symantec.com/security_response/writeup.jsp?docid=2002-022617-0242-99&tabid=1
http://www.threatexpert.com/files/cs.exe.html


Peace & Gratitude,

CogitoErgoSum

 

Hello nanana1,

Out of curiosity, are you using NOD32? KAV? Thanks in advance.


Peace & Gratitude,

CogitoErgoSum

 

NOD32 here

 

Hi , you have OPEN PORTS ? Perfect solution : Seconfig XP .

 

Hello nanana1,

Since you are using NOD32, the piece of malware that you encountered must have been Win32/TrojanDownloader.Agent.NYX.

~VirusTotal and\or Jotti link removed per Policy....Bubba~

Peace & Gratitude,

CogitoErgoSum

 

Hi nanana1,
The Anti-Execute plug-in in the 2.01 Premium Edition can stop this in its tracks. Please try a new test with the latest Beta.

Thanks
Mike

 

It is claimed tht this version of Returnil Virtual System 2008 Premium Edition v2.0.1.7067 Beta has been "bypassed". Do you refer to this version ? If not, please provide build number.

 

Hello,
Care to elaborate what you mean by "bypassed?"
Mrk

 

'bypassed" is the word that Perman chose to describe his cs.exe virus.
More accurate is 'bypassed' = penetrated

 

Please send me a PM with the link to the executable so we can test your report.

Thanks
Mike

 

Hello,

So, this virus has an implementation that can leave the virtual device sandbox and write to physical device. This means that the programs are not fullproof in enforcing this principle.

This is similar to chroot jail it seems, and apparently the virtualization programs use more than the basic set of permissions and files needed to virtualize the layer.

Mrk

 

PM sent !

 

nanana1, if you could try it with Geswall it would be greatly appreciated.

 

Coldmoon,

You may be right. RVS2008 may have been penetrated because the anti-execute plug-in may not have been properly set up. Anyway, it's good to test, are RVS free version compromised by this virus ?

This affects only NTFS system, FAT O/S is safe from this.

 

Hi,
As you can see from our test (see image), the Anti-Execute plug-in will flag this malware if it attempts to execute. You are correct however that the 2.0 series is vulnerable however.

We added the AE and Auto-runs plug-ins in 2.01 to address issues with the dog Trojans. To date we have had a very positive response from testers in China regarding the effectiveness of these plug-ins against the dogs and other similar types of ISR bypass malware.

Mike

 

@coldmoon

Will those protections be included in the next free version as well?

 

Hi Firebytes,
It is too early in the Public Beta for 2.01 to detail what will or will not be included in the Personal Edition when it is released. I have made sure though that your question is added to the discussion agenda and will be considered thoroughly.

Mike

 

Thanks nanana1, I have now successfully downloaded Shadow Defender v 1.1.0.261
Tony sent me a link but as you said I could have worked it out.

Thanks anyway

 

Thanks for adding it for consideration. I believe in the past you have stated that although the preminum version has extra features that critical security issues would be addressed in both the free and premium versions. I hope that mindset continues with Returnil.