Author Topic: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)  (Read 10522 times)

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5691
  • COMODO Rocks!
    • Free Comodo Products!
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #31 on: February 12, 2016, 02:52:16 PM »
Hello yigido,

Thank you for reporting this, we'll check it.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #32 on: February 25, 2016, 03:00:17 PM »
Hello Dis,

Thank you for sharing these, we'll check them.

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #33 on: March 02, 2016, 05:50:39 PM »
Please remove the following vendors from Trusted Vendors List:

CleanMyPC Software - This one is a confirmed rogue software distributor.

Software995 Inc. - This one is distributing PUPs.

Mail.com Media Corporation - Also distributing PUPs.

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #34 on: March 05, 2016, 03:33:56 PM »
Please remove the following vendors from Trusted Vendors List:

CleanMyPC Software - This one is a confirmed rogue software distributor.

Software995 Inc. - This one is distributing PUPs.

Mail.com Media Corporation - Also distributing PUPs.

No reply?

Please also remove this vendor from Trusted Vendors List:

CleanMyPC Technology Limited - PUP distributor.

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2100
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #35 on: March 05, 2016, 11:59:56 PM »
Hi devilbat66,

Thank you for your submission.
Please submit samples about this Vendor,We'll check these.

Best regards
Qiuhui.Wang

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #36 on: March 06, 2016, 12:36:01 AM »

Offline HariKrishnan

  • First Response Group
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #37 on: March 06, 2016, 01:43:55 AM »
Hi devilbat66,

Thank you for your submission.
We'll check them.

Regards,
Harikrishnan M

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #38 on: March 08, 2016, 01:23:37 PM »
Please remove the following vendor from Trusted Vendors List:

Code: [Select]
ZZZ-PC\zzz
Below is a zero-day Trojan sample signed by this vendor:

https://www.virustotal.com/en/file/911943e265b48855b553302f1bafe86feb3b4ac5a961a1f00a44882d4cfa2eaf/analysis/

NOTE: According to https://cdn.download.comodo.com/av/tvl/deletedvendors.txt this vendor, ZZZ-PC\zzz was a Trusted Vendor before under the name of zzz-PC\zzz (note the capital letter difference) but was removed. It should be removed again because ZZZ-PC\zzz is a computer name, not software vendor name.

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #39 on: March 08, 2016, 01:38:56 PM »
Hello devilbat66,

We'll check this, but why do you say this is a zero-day trojan? Virustoal says: "First submission 2011-12-21 03:54:30 UTC ( 4 years, 2 months ago )."

Best regards,
FlorinG
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #40 on: March 08, 2016, 03:07:48 PM »
Hello devilbat66,

We'll check this, but why do you say this is a zero-day trojan? Virustoal says: "First submission 2011-12-21 03:54:30 UTC ( 4 years, 2 months ago )."

Best regards,
FlorinG

I said it is zero-day because no AV engine detected it on VirusTotal. I believe it is a trojan, because when searching the SHA256 of this file on the internet it pointed to some russian software downloads site which is probably distributing this file, but the main problem here is the digital signature of this file which seem highly suspicious. Please take a look at it.

Offline wasgij6

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5718
| Win 10 Pro (x64) | UAC Disabled | CCAV | Intel i7 4770k | Asus Maximus VI Formula Mobo | Asus GeForce GTX 780 | G.Skill TridentX 32gb RAM | Samsung 850 Pro SSD |

Offline HariKrishnan

  • First Response Group
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #42 on: March 10, 2016, 01:42:38 AM »
Hi wasgij6,

Thank you for reporting this, we'll check it.

Regards,
Harikrishnan M

Offline devilbat

  • Comodo Loves me
  • ****
  • Posts: 176
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #43 on: March 11, 2016, 12:58:20 PM »
AV Database: 24509

Two Unfixed Whitelisted Malware reports:

1) Reported on March 06, nothing happened:

https://www.virustotal.com/en/file/479afadc9da70051b93c6992b90f4d5c3dbe9d7cb63b8fac945f196d3a366ac1/analysis/

https://www.virustotal.com/en/file/789b96bd0f65b2a925f2a24dba5986a17c725172dd829435d8011921707fb226/analysis/

https://www.virustotal.com/en/file/1d9d2f82de775e496d1ce14ba5eab110048ebe790c68d77a5c0244cefd91b2b1/analysis/

https://www.virustotal.com/en/file/9518b40c7fc15ebb87e1f90492f8fd03021d13a46af44c7eb9497587048950ae/analysis/

https://www.virustotal.com/en/file/69a68eada47d97748789cb3b74750d19a3e20302e2357cb22fac27060fef8140/analysis/

https://www.virustotal.com/en/file/37d53286883640bb783d2e95b3a272d426bd84f8114d995c1e642507ccbb04ea/analysis/

https://www.virustotal.com/en/file/d6bf3b9d732a89e029eca9bd17c646878a1b8e152198324c412bc9dee6898cb2/analysis/

https://www.virustotal.com/en/file/4655d7e688d7b082af107687cae6f44a64fe66393ceac6a370dfe211aeed9e22/analysis/

https://www.virustotal.com/en/file/c7ff32923da0d2cfdda139e7caec51666b6fa628be9a363cbf17fe2e04df7e79/analysis/

https://www.virustotal.com/en/file/8abc2265f3fb99fbc004e25cca3a527c381de7930c52ff480aae14b225c14f2e/analysis/

https://www.virustotal.com/en/file/8b29b990145b1a2c48073fad05d7b49302df1c361614645e125f51344dcbd2b4/analysis/

The above samples are from the following vendors, which should be REMOVED from Trusted Vendors List:

Code: [Select]
CleanMyPC Software

CleanMyPC Technology Limited

Software995 Inc.

Mail.com Media Corporation

2) Reported this one on March 08, still nothing happened:

https://www.virustotal.com/en/file/911943e265b48855b553302f1bafe86feb3b4ac5a961a1f00a44882d4cfa2eaf/analysis/

The above sample is from the following vendor:

Code: [Select]
ZZZ-PC\zzz
This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.

COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the "niche" you are not taken seriously it seems.

Offline FlorinG

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3557
Re: Report trusted and whitelisted malware here- 2016 (NO LIVE MALWARE!)
« Reply #44 on: March 11, 2016, 01:16:23 PM »


2) Reported this one on March 08, still nothing happened:

https://www.virustotal.com/en/file/911943e265b48855b553302f1bafe86feb3b4ac5a961a1f00a44882d4cfa2eaf/analysis/

The above sample is from the following vendor:

Code: [Select]
ZZZ-PC\zzz
This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.

COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the "niche" you are not taken seriously it seems.

You are wrong again, this vendor was removed within 24 hours from your original post. Also please stop spamming the same post in multiple forum threads.
If possible please post your malware submissions as SHA1 lists (created with HashMyFiles or any other software). Always make sure first you have submitted the samples through CIS or CIMA.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek