Report trusted and whitelisted malware here - 2015 (NO LIVE MALWARE!)

Previous Thread

Comodo is constantly improving its whitelist. This makes CIS more user friendly but does, in some circumstances, have some downsides. Some malware may sometimes be trusted because it is signed by a trusted certificate or perhaps the vendor was trustworthy, but then changed their ways. This is rare, but it does happen.

Regardless of how it happens it’s important to take action against this. If you find malware that is whitelisted, but seems suspicious, please report it here. The name of the trusted vendor, or any other information, is also useful.

Upload these files to one of the following services and post a link to the results:

Comodo Instant Malware Analysis
or Comodo Valkyrie
or VirusTotal

DO NOT attach or link any malware or malicious links to your post.

When coming across a malware signed by Comodo please follow the steps as described in How to report fraudulent or malicious use of certificates issued by Comodo:

Code Signing Certificates

If you have come across malware signed with a Comodo issued Code Signing certificate please send as much detail as possible to:

signedmalwarealert@comodo.com

Helpful details include:
link to the signed malware
screenshots of the certificate details showing the signer organization or certificate serial number or other details which will help us identify the certificate
a copy of the actual certificate if possible

This article also describes how to report fraudulent and phishing emails using Comodo SSL/TLS certificates (but this is not pertinent for this topic).

SHA1: 76c342691f0fb08da22d7dbb02a1bf2155d07ec3

Hi Netguy101,

Thank you for reporting, we’ll check it.

Regards,
Navya

Please remove the vendor “Elex do Brasil Participações Ltda” from TVL - They are the vendors of YAC, a software that is stealing Malwarebytes database and engine. They are scammers and should not be trusted.

More information: https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/

Have they removed IOBit?

!ot! You have to admit that YAC looks very suspicious. When installed it can literally destroy an Operating System. IOBit on the other hand at least produce good and usable softwares. But YAC is a ROGUE software and that is the truth. They are fraudsters trying to make money and should be removed from TVL ASAP.

Hello devilbat66,

Thank you for reporting this, we’ll check it.

Best regards,
FlorinG

Please remove from TVL the following vendors:

Small Business Advertising Agency

The Better Advertising Project

AD ON Multimedia Advertising GmbH

Shenyang Zhaoheshengshi Advertising Co., LTD

Conduits Technologies, Inc.

Question: Why are “Advertising companys” on Trusted Vendors List? In 99% cases, these “Advertising companys” are Adware/PUP/Spyware distributors.

Please check the following vendors for possible removal:

ONYX Advertus d. o. o.

eMusic.com Inc.

Reimage Limited

more information on Reimage Limited: Reimage Limited Analysis - herdProtect (they are distributing PUPs)

Hi, devilbat66

Thank you for your submission.
We’ll check these.

Best regards
Chunli.chen

SHA1: 82e9834986e1d06e92e23a5ef4009cecd2b04f2b

SHA1: b703f68a0428561ed5c446cfa65422d5ad140c82

Hi,Netguy101

Thank you for your submission.
We’ll check these.

Best regards
Chunli.chen

c0e28878041f7708bc82dd28153719e88a91c1ba

Hello malware1,

Thank you for reporting this, we’ll check it.

Best regards,
FlorinG

MD5: 248a6e10030e47321d7e3dec8fad1f02
SHA1: 845375153ef1c20a95f57281bca4784f65f4191a

Hi Wisdom,

Thank you for your submission.
We’ll check these.

Best regards
Qiuhui.■■■■

Apparently removed vendors are posted here: https://cdn.download.comodo.com/av/tvl/deletedvendors.txt Good job Comodo!

MD5 : f9b874070fcbb903cd0234241a279114
SHA-1 : 224d687c8ce8b46cae78058619bf2c610c2ba89c

Hi,

Thank you for your submission.
We’ll check these.

Kind Regards,
Erik M.

Hi,

Thank you for your submission.
We’ll check these.

Kind Regards,
Erik M.