Comodo doesn't stop S.M.A.R.T. Check & worse - DELETES SYSTEM FILES!!!!

[Guest]

[permutations]

The S.M.A.R.T. Check virus - very, very, vicious - is NOT stopped by Comodo. It's on my main computer now, I'm writing from another computer. This virus moves essential system files to the TEMP folder. When the virus started doing this, Comodo alerted me to viruses in the TEMP folder and advised me to delete these files WHICH I DID, so I'm totally screwed.

Comodo, you MUST fix this huge gap in your anti-virus program. I currently HATE you.

I've been trying to get this off my computer for hours now. It involves a rootkit, I can't boot into Safe Mode. It's a catastrophe.

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

[languy99]

please provide me a sample for testing so that I can verify your claims.

[Seany007]

The S.M.A.R.T. Check virus - very, very, vicious - is NOT stopped by Comodo. It's on my main computer now, I'm writing from another computer. This virus moves essential system files to the TEMP folder. When the virus started doing this, Comodo alerted me to viruses in the TEMP folder and advised me to delete these files WHICH I DID, so I'm totally screwed.

Comodo, you MUST fix this huge gap in your anti-virus program. I currently HATE you.

I've been trying to get this off my computer for hours now. It involves a rootkit, I can't boot into Safe Mode. It's a catastrophe.

http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

LOL! If Comodo fails to stop it all other AV's will do much worse. What sites you visit to get infected with this?

[EricJH]

LOL! If Comodo fails to stop it all other AV's will do much worse.

Hoping topic starter can provide us with a sample so we can see how it is capable of bypassing or not.

What sites you visit to get infected with this?

That's not relevant if not a derogatory comment. Notice that infections also happen from compromised sites with no malicious intent. Since big corporation's sites are better protected hackers are now opting for compromising sites of small and medium sized businesses.

[Seany007]

Hoping topic starter can provide us with a sample so we can see how it is capable of bypassing or not.That's not relevant if not a derogatory comment. Notice that infections also happen from compromised sites with no malicious intent. Since big corporation's sites are better protected hackers are now opting for compromising sites of small and medium sized businesses.

Indeed. No I wanted to know the site! So I can block it! It is very relevant to me!

[Chiron]

If someone does find a sample I'd like it too.

Thanks.

[NSG001]

If someone does find a sample I'd like it too.

Thanks.

Chiron / Languy99 link sent via PM.

[languy99]

thanks,

Ok initial analysis. AV detects it. I disable the av and cloud functions.

Second thing you see is that D+ heuristics identifies the threat. see first pic.

I select sandbox. Program fails to install. Reboot and all is clear. Verified with MBAM

The only way this bypasses CIS is if you select allow or have changed the settings in such a way that it was able to bypass. I I changed was the firewall setting so that it would ask me and turned off the cloud functions/AV. 

[Siketa]

Good job, languy! 
I had no doubts about CIS....

[Tags:]