Report trusted and whitelisted malwares here! [Don't attach Live Malware !!] | AV False Positive/Negative Detection Reporting

salaficall

Comodo Loves me

Offline

Posts: 192

Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« on: December 30, 2010, 05:54:19 PM »

Hello everybody

There is no doubt that Comodo's whitelist is superior and it makes CIS more user friendly.

But some malwares could sometimes get a trusted signed certificate! or accidentally get whitelisted!.

We must fight that by all means!.

So I thought it will be useful to open a new topic and report these trusted! malwares in it.

If you find files that are whitelisted, but seem suspicious (for whatever reason) please report it here asap.

just upload the malware to camas.Comodo.com and virustotal.com , and post both result links here. , the name of the trusted vendor or any other info could be useful too.

Please Don't attach or link for a live Malware !!

regards


« Last Edit: December 31, 2010, 02:54:52 PM by salaficall »	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Luc[y]

Malware Research Group
Comodo's Hero

Offline

Posts: 667

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #1 on: December 30, 2010, 05:54:54 PM »

Wrong section imo.


	Logged

salaficall

Comodo Loves me

Offline

Posts: 192

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #2 on: December 30, 2010, 05:58:16 PM »

crash_icons[1].exe

it's a trojan in the wihtelist

http://camas.comodo.com/cgi-bin/submit?file=a02df23e81d3e708a511020c01a62fc8457c4738df77cabddf92f42c6e1b8df9

http://www.virustotal.com/file-scan/report.html?id=a02df23e81d3e708a511020c01a62fc8457c4738df77cabddf92f42c6e1b8df9-1293744488

ScreenHunter_01 Dec. 31 00.24.gif (8.37 KB, 769x81 - viewed 48 times.)
	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Siketa

Comodo's Hero

Offline

Posts: 3290

ZIG ZAG

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #3 on: December 30, 2010, 06:50:06 PM »

Guys, can you check this one?

http://camas.comodo.com/cgi-bin/submit?file=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30

http://www.virustotal.com/file-scan/report.html?id=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30-1293752665

The file is signed by Shanghai Emoney Software Technology Company Ltd.


	Logged

salaficall

Comodo Loves me

Offline

Posts: 192

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #4 on: December 30, 2010, 07:16:33 PM »

and this one is suspicious by CAMAS and whitelisted by CIS 5 !

http://camas.Comodo.com/cgi-bin/submit?file=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30

http://www.virustotal.com/file-scan/report.html?id=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30-1293754039

ScreenHunter_02 Dec. 31 02.10.gif (4.62 KB, 923x47 - viewed 19 times.)
	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

HeffeD

Global Moderator
Comodo's Hero

Offline

Posts: 6624

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #5 on: December 30, 2010, 07:26:04 PM »

What's wrong with the normal method of reporting?

AV False Positive/Negative Detection Reporting


	Logged

Please read the Forum Policy!

Breast Cancer Awareness
American Cancer Society

salaficall

Comodo Loves me

Offline

Posts: 192

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #6 on: December 30, 2010, 07:59:53 PM »

Quote from: HeffeD on December 30, 2010, 07:26:04 PM

What's wrong with the normal method of reporting?

AV False Positive/Negative Detection Reporting

As you wish , but I thought that this is not a normal negative detection , as they are trusted signed or whitelisted malwares and they can easily and completely bypass comodo security layers. Not like the unknown malwares.

Anyway , I hope that these bypasses get fixed asap.

thanks


	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

salaficall

Comodo Loves me

Offline

Posts: 192

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #7 on: December 30, 2010, 08:13:53 PM »

Quote from: siketa on December 30, 2010, 06:50:06 PM

Guys, can you check this one?

http://camas.Comodo.com/cgi-bin/submit?file=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30

http://www.virustotal.com/file-scan/report.html?id=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30-1293752665

The file is signed by Shanghai Emoney Software Technology Company Ltd.

Hello siketa

this one is the same that I reported after your post ! , but it's not signed at my end , it's only wihtelisted.


	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

mengze.lin

First Response Group
Comodo's Hero

Offline

Posts: 205

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #8 on: December 30, 2010, 08:49:40 PM »

Quote from: salaficall on December 30, 2010, 05:58:16 PM

crash_icons[1].exe

it's a trojan in the wihtelist

http://camas.Comodo.com/cgi-bin/submit?file=a02df23e81d3e708a511020c01a62fc8457c4738df77cabddf92f42c6e1b8df9

http://www.virustotal.com/file-scan/report.html?id=a02df23e81d3e708a511020c01a62fc8457c4738df77cabddf92f42c6e1b8df9-1293744488

Hi salaficall,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze


	Logged

mengze.lin

First Response Group
Comodo's Hero

Offline

Posts: 205

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #9 on: December 30, 2010, 08:51:53 PM »

Quote from: salaficall on December 30, 2010, 07:16:33 PM

Hi salaficall,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze


	Logged

mengze.lin

First Response Group
Comodo's Hero

Offline

Posts: 205

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #10 on: December 30, 2010, 08:56:34 PM »

Quote from: siketa on December 30, 2010, 06:50:06 PM

Hi siketa,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze


	Logged

mengze.lin

First Response Group
Comodo's Hero

Offline

Posts: 205

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #11 on: December 31, 2010, 12:08:11 AM »

Quote from: salaficall on December 30, 2010, 05:58:16 PM

Hi salaficall
This file is not malware.

Thanks and Regards,
Lin mengze


	Logged

salaficall

Comodo Loves me

Offline

Posts: 192

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #12 on: December 31, 2010, 04:11:49 AM »

Quote from: mengze.lin on December 31, 2010, 12:08:11 AM

Hi salaficall
This file is not malware.

Thanks and Regards,
Lin mengze

Hi mengze.lin

So is it a False positive from 7 Av's results ?


	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Luc[y]

Malware Research Group
Comodo's Hero

Offline

Posts: 667

Re: Trusted Malwares that completely bypass CIS Security !!

« Reply #13 on: December 31, 2010, 04:24:40 AM »

[at] salaficall -> http://forums.comodo.com/empty-t65308.0.html


	Logged

salaficall

Comodo Loves me

Offline

Posts: 192

Re: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

« Reply #14 on: December 31, 2010, 02:48:52 PM »

Quote from: mengze.lin on December 31, 2010, 12:08:11 AM

Hi salaficall
This file is not malware.

Thanks and Regards,
Lin mengze

It's an adware , and It creates a malicious service Application Updater!.

Quote

Name: Adware.Win32.3D Crash Icons

Risklevel: Low Risk

Company: 3D Desktop, Ltd - http://3d-icons.com/

Description:

3D Crash Icons is an adware that uses aggressive, deceptive advertising. It shows deceptive and/or false messages. It may be installed without adequate notice and consent, often though exploits.

and check these links please

http://www.emsisoft.com/en/malware/Adware.Win32.3D_Crash_Icons-remove.aspx

http://comprolive.com/remove/unwanted/app/dealio-toolbar

http://www.spywareterminator.com/item/3347/3D-Crash-Icons.html

http://www.threatexpert.com/report.aspx?md5=2c87ce8e67fedbad1d422290ed7f3df5

regards


	Logged

An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Tags:

Pages: [1] 2 3 ... 80

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.056 seconds with 22 queries.

Design by 7dana.com