Defensewall and malware

Alright, so i've been messing around with this Copy.exe host.exe and this autorun thats sometimes created with a bunch of anti malware software. I thought i could match this up with Defensewall, and even though its running as untrusted, the app still seems to spread.

Any ideas or settings i should try?

 

Have you tried Stop attack after you have executed these malwares?

//
Hmm yeah...kinda strange it is spreading.

 

If you mean new malicious processes and files- just stop them with the "Stop attack" button. Files can be removed manually with the "File and registry tracks" (rollback) dialog if you really understand what is what.

 

As Ilya said, just go to 'file and registry tracks', highlight all the files created by that process (you'll see the folder path/extension name listed, and a list of times a file/folder/registry key was created), and then 'delete'.

You can hold shift key to select many files, or the control key to select individual files.

File and registry tracks even show you the 'time' files were created. Just remember to 'allow' any files you want to keep such as documents or program installation files etc (be sure to check the file location and time created).

See:
https://www.wilderssecurity.com/showthread.php?t=242971