Protection against ChineseRarypt?

Discussion in 'malware problems & news' started by micrei, Aug 10, 2019.

  1. micrei

    micrei Registered Member

    Joined:
    May 3, 2009
    Posts:
    16
    Hi guys,

    I'm sure a lot of you know Juan Diaz' YouTube channel https://www.youtube.com/channel/UCbjRDDLzQ6jLYBrU0BPGbrA/feed.

    He tested several of the most prominent anti malware programs but they all failed to protect against ChineseRarypt (at least at default settings).

    Is there a program that stops ChineseRarypt?

    Thanks!
     
  2. guest

    guest Guest

    Plenty, they just aren't AVs or suites.
     
  3. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    25
    Location:
    USA
    Hi @guest ! Changing subject, please allow me a question: Do you know if CF+CS' settings can mitigate SPECTRE/MELTDOWN attacks? If not, how to do that without using patches? (they terrible slowdown my computer).

    Thank you in advance!
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,812
    Location:
    U.S.A.
    Strongly suspect most of the Chinese AV vendors like Tencent, Qihoo 360, etc. detect it.

    There's a reason for this. A lot of mainland Chinese malware is directed to in-country users. Most of the major AV vendors won't even know of its existence until it hits the major malware feed sources. The likelihood of that is low since most Chinese users are using Chinese AV solutions.
     
  5. guest

    guest Guest

    1- no. CS settings are for beginners, it focuses only on the sandboxing capacities of CIS, and we all know now it is not so ''impermeable" , you want use Comodo seriously, use the HIPS at paranoid mode, if you cant , use another soft.

    2- Spectre/meltdown are hardware vulnerabilities that cant be fixed effectively via software, you will just have patches trying to mitigate it but at the cost of potential slowdown.
     
  6. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    25
    Location:
    USA
    @guest thanks.

    I am using CF+CS' settings along with SysHardener and Cylance (for zero-day attacks).

    Forgetting Spectre/Meltdown, what will be your software recommendation for the "less negative computer performance" with "the best protection"? My priority is computer performance (that's the reason I use CF/CS + SysHardener + Cylance).
     
  7. guest

    guest Guest

    1- seems ok, never tried cylance but i guess CF will do all the job, Syshardener isnt really a security soft, just a tool to automatize OS tweaks.
    2- this:
    a- gain mote knowledge and safe habits, more of them you gain , less tools/soft are required. if you love testing security apps, it is another story tough ;)
    b- then 3 mechanisms (other than a an AV and firewalls) are needed to cover all angles: an anti-exploit (win10 has one, so now not a priority to purchase a 3rd party one), an anti-exe or SRP to block unwanted execution of LOLbins/executables (most important to me), and a sandbox to contain threats from internet-facing apps like emails and browsers (not mandatory but it helps).

    now if you combine point 1 and 2, your chances to get infected are very very low, unless via a kernel exploit which no soft can protect.
     
  8. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    25
    Location:
    USA
    Thank you @guest for your answer. Most appreciated!

    If I keep my combo (CF/CS + SysHardener + Cylance), which anti-exploit do you recommend me (considering that computer performance is my priority)?
    OK, you said that CF/CS is for beginners, but CF/CS itself is not already a kind of anti-exe? My CF/CS' settings don't allow automatic sanboxing (containment), CF/CS always asks me first, before running in sandboxing any unknown file. In fact, unknown files are quarantined automatically. Is it not enough? Or do you recommend me a better anti-exe/SRP? (without killing computer performance). I have the same question for a sandbox.

    Thank you again!
     
  9. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    181
    Location:
    Bulgaria

    ~VT results removed per Policy.~


    Btw here is the corresponding topic in the Comodo forums:

    https://forums.comodo.com/news-anno...s/comodo-against-chineserarypt-t124728.0.html
     
    Last edited by a moderator: Aug 11, 2019
  10. guest

    guest Guest

    Just keep win10 builtin one, eventually learn to use it.

    That what differentiate with anti-exe, your setting auto-allow known files, anti-exe don't.

    CIS/CFW can be transformed into a pure anti-exe, you have a guide somewhere in the Comodo forum. Its sandbox is decent enough, just learn how tighten it, normally its vulnerabilities should have been fixed.

    The most important for you is to learn about how malware penetrate systems (attack vectors) and how to recognize them (symptoms, behaviors), because without this knowledge, you can have the strongest protection, one day it will fail you and you will still be a noob.

    "useless to have the best bullet-proof vest if you run blindly into a mine field"
     
  11. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    25
    Location:
    USA
  12. guest

    guest Guest

    you are welcome.

    P.S: when i say CS settings are for beginners, i meant Comodo beginner users, computer beginners wont even grasp what is Comodo.
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,812
    Location:
    U.S.A.
    FYI - http://id-ransomware.blogspot.com/search?q=ChineseRarypt . Switch to language of your choice.

    As of 7/1/2019, three AV's detected it; one Russian based (not Kaspersky) and two Chinese based.

    It can also perform like GlobeImposter ransomware and encrypt all files or copy files to a password protected archive.
     
    Last edited: Aug 11, 2019
  14. micrei

    micrei Registered Member

    Joined:
    May 3, 2009
    Posts:
    16
    Hi guest,
    gaining more knowledge is a good idea but I don't know where to start. I know there is lots of information on this forum but spread over hundreds of posts. Can you recommend a website, book, online course etc. for beginners?
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,812
    Location:
    U.S.A.
    Eset had a sig. detection for this bugger which appears to be a variant on 7/11. The original detection sig. is dated 5/21. So I would say Eset would have detected the variant in the wild via DNA/behavior sig..
     
    Last edited: Aug 11, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.