Author Topic: Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]  (Read 363810 times)

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Hello everybody

There is no doubt that Comodo's whitelist is superior and it makes CIS more user friendly.

But some malwares could sometimes get a trusted signed certificate! or accidentally get whitelisted!.

We must fight that by all means!.

So I thought it will be useful to open a new topic and report these trusted! malwares in it.

If you find files that are whitelisted, but seem suspicious (for whatever reason) please report it here asap.

just upload the malware to camas.Comodo.com and virustotal.com , and post both result links here. , the name of the trusted vendor or any other info could be useful too.

Please Don't attach or link for a live Malware !!

regards
« Last Edit: December 31, 2010, 02:54:52 PM by salaficall »
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline Luc[y]

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 671
Wrong section imo.

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
An ounce of prevention is better than a pound of cure

That's why I like Comodo !


Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
What's wrong with the normal method of reporting?

AV False Positive/Negative Detection Reporting

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
What's wrong with the normal method of reporting?

AV False Positive/Negative Detection Reporting

As you wish , but I thought that this is not a normal negative detection , as they are trusted signed or whitelisted malwares and they can easily and completely bypass comodo security layers. Not like the unknown malwares.

Anyway , I hope that these bypasses get fixed asap.

thanks
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Guys, can you check this one?

http://camas.Comodo.com/cgi-bin/submit?file=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30

http://www.virustotal.com/file-scan/report.html?id=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30-1293752665

The file is signed by Shanghai Emoney Software Technology Company Ltd.

Hello siketa

this one is the same that I reported after your post ! , but it's not signed at my end , it's only wihtelisted.
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline mengze.lin

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 205

Offline mengze.lin

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 205

Offline mengze.lin

  • First Response Group
  • Comodo's Hero
  • *****
  • Posts: 205
Guys, can you check this one?

http://camas.Comodo.com/cgi-bin/submit?file=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30

http://www.virustotal.com/file-scan/report.html?id=89f776398451f81f9859384c4a65a1a82875c855faf9ac7b2e2fd4bbda7f3b30-1293752665

The file is signed by Shanghai Emoney Software Technology Company Ltd.
Hi siketa,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze


Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Hi salaficall
This file is not malware.

Thanks and Regards,
Lin mengze

Hi mengze.lin

So is it a False positive from 7 Av's results ?
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline Luc[y]

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 671
Re: Trusted Malwares that completely bypass CIS Security !!
« Reply #13 on: December 31, 2010, 04:24:40 AM »

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Hi salaficall
This file is not malware.

Thanks and Regards,
Lin mengze

It's an adware , and It creates a malicious service Application Updater!.

Quote
Name: Adware.Win32.3D Crash Icons

Risklevel: Low Risk

Company: 3D Desktop, Ltd - http://3d-icons.com/

Description:

3D Crash Icons is an adware that uses aggressive, deceptive advertising. It shows deceptive and/or false messages. It may be installed without adequate notice and consent, often though exploits.

and check these links please

http://www.emsisoft.com/en/malware/Adware.Win32.3D_Crash_Icons-remove.aspx

http://comprolive.com/remove/unwanted/app/dealio-toolbar

http://www.spywareterminator.com/item/3347/3D-Crash-Icons.html

http://www.threatexpert.com/report.aspx?md5=2c87ce8e67fedbad1d422290ed7f3df5

regards



An ounce of prevention is better than a pound of cure

That's why I like Comodo !

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek