Comodo internet security fails to detect malicious website

[Guest]

[amitjohar]

I was viewing images of black labrador dog at h**p://i****s.google.com/images?hl=en&source=hp&q=black+labrador&gbv=2&aq=0&oq=black+lab&aqi=g10. I clicked on the last photo of second row which has 3 dogs. 
 
As soon as I clicked on it, a fake antivirus scan started on the browser and it wouldn't let me exit. It kept forcing me to download the fake antivirus. However, Comodo took no action whatsoever to block that malicious site. Later when i visited that same site using G-DATA antivirus it detected a virus known as Virus:    JS:Obfuscated-T [Trj] (Engine B).  But comodo antivirus fails to do anything. Why? I had comodo on real time on-access mode.

Moderator edit
Please do not post links to possible Malware on the open Forum.

If you have Malware samples please submit them here

Thank You
Dennis

[Ronny]

This FakeAV is currently under investigation of the AV Lab.

[Chaingun]

sthe exact thing happen to me about a month ago i was redirected to a fake online scan.it started without my permission and the av didnt detect it and im surprised that defense plus failed to alert me that a folder in program files was created sad realy and the folder name was windows police antivirus i think it was and the folder.i really dont feel secure with comodo anymore

[ComoJust]

sthe exact thing happen to me about a month ago i was redirected to a fake online scan.it started without my permission and the av didnt detect it and im surprised that defense plus failed to alert me that a folder in program files was created sad realy and the folder name was windows police antivirus i think it was and the folder.i really dont feel secure with comodo anymore

I hope that someone would explain why did this rogue pass Defense+.

[OmeletGuy]

I have found that some exe's/files can get passed D+ in "Internet Security Mode", Proactive Mode can block them.


This is a known bug... will be fixed.

[ComoJust]

I have found that some exe's/files can get passed D+ in "Internet Security Mode", Proactive Mode can block them.


This is a known bug... will be fixed.

Hi will it be fixed in v3 itself or we'll have to wait for v4?
This bug seems to represent a security risk for users using CIS with default configuration.

Thanks

[OmeletGuy]

As far as i know, it will be fixed in v4.

[ComoJust]

As far as i know, it will be fixed in v4.

Ok thanks.
Keep up with the good work.

[amitjohar]

One thing that I have noticed which can solve this problem is to download AVG link scanner. AVG link scanner works with any antivirus.  Combining AVG link scanner with comodo will block all fake antivirus and bad websites from loading before they do any damage.

[Eric Cryptid]

Another temporary alternative is: Finjan SecureBrowsing ( http://securebrowsing.finjan.com/ )

[nickadin]

if you have firefox you can install the WOT add on
https://addons.mozilla.org/en-US/firefox/addon/3456

[andrewuaic]

For extra safety you could use a sandbox program, that way all threats remain in a enclosed space.

[hehomain]

as far as i am concerned. i find trend micro web protection add-on surprising . . It is an ip-blocker but based on behaviour analysis. It is the perfect complement to linkextend and comodo verification engine (don't forget no script and adblock)

[redwine]

Was this program by chance called "Total Security"?  If so good luck getting it removed.  I found that the key to removing it was to go into the Properties Box and remove the read only check marks from all of the files starting with the furthest files down the list.  Work your way back up.  Then use a really good Malware Program to eliminate this program.  Someone went to great lengths with this program to make it look just like a Microsoft Security Program.  I hope this helps.  I have some friends who are older and they got this program while doing a search on Google and I have not been able to get it off their computer yet.  It will not let me even load Malware Bytes or other like programs so that I can kill it.

[Tags:]