Comodo internet security fails to detect malicious website

amitjohar · October 21, 2009, 8:03am

I was viewing images of black labrador dog at h**p://i****s.google.com/images?hl=en&source=hp&q=black+labrador&gbv=2&aq=0&oq=black+lab&aqi=g10. I clicked on the last photo of second row which has 3 dogs.

As soon as I clicked on it, a fake antivirus scan started on the browser and it wouldn’t let me exit. It kept forcing me to download the fake antivirus. However, Comodo took no action whatsoever to block that malicious site. Later when i visited that same site using G-DATA antivirus it detected a virus known as Virus: JS:Obfuscated-T [Trj] (Engine B). But comodo antivirus fails to do anything. Why? I had comodo on real time on-access mode.

Moderator edit
Please do not post links to possible Malware on the open Forum.

If you have Malware samples please submit them here

Thank You
Dennis

rhgtyink · October 21, 2009, 9:53am

This FakeAV is currently under investigation of the AV Lab.

Chaingun · November 1, 2009, 9:31pm

sthe exact thing happen to me about a month ago i was redirected to a fake online scan.it started without my permission and the av didnt detect it and im surprised that defense plus failed to alert me that a folder in program files was created sad realy and the folder name was windows police antivirus i think it was and the folder.i really dont feel secure with comodo anymore

smage · November 3, 2009, 4:12am

I hope that someone would explain why did this rogue pass Defense+.

OmeletGuy · November 3, 2009, 4:17am

I have found that some exe’s/files can get passed D+ in “Internet Security Mode”, Proactive Mode can block them.

This is a known bug… will be fixed.

smage · November 3, 2009, 3:16pm

Hi will it be fixed in v3 itself or we’ll have to wait for v4?
This bug seems to represent a security risk for users using CIS with default configuration.

Thanks

OmeletGuy · November 3, 2009, 6:59pm

As far as i know, it will be fixed in v4.

smage · November 3, 2009, 7:37pm

Ok thanks.
Keep up with the good work.

amitjohar · December 11, 2009, 11:26pm

One thing that I have noticed which can solve this problem is to download AVG link scanner. AVG link scanner works with any antivirus. Combining AVG link scanner with comodo will block all fake antivirus and bad websites from loading before they do any damage.

EricCryptid · December 12, 2009, 11:56pm

Another temporary alternative is: Finjan SecureBrowsing ( http://securebrowsing.finjan.com/ )

nickadin · December 29, 2009, 12:32am

if you have firefox you can install the WOT add on

andrewuaic · January 2, 2010, 12:42pm

For extra safety you could use a sandbox program, that way all threats remain in a enclosed space.

hehomain · January 3, 2010, 11:58am

as far as i am concerned. i find trend micro web protection add-on surprising . . It is an ip-blocker but based on behaviour analysis. It is the perfect complement to linkextend and comodo verification engine (don’t forget no script and adblock)

redwine · February 1, 2010, 6:24pm

Was this program by chance called “Total Security”? If so good luck getting it removed. I found that the key to removing it was to go into the Properties Box and remove the read only check marks from all of the files starting with the furthest files down the list. Work your way back up. Then use a really good Malware Program to eliminate this program. Someone went to great lengths with this program to make it look just like a Microsoft Security Program. I hope this helps. I have some friends who are older and they got this program while doing a search on Google and I have not been able to get it off their computer yet. It will not let me even load Malware Bytes or other like programs so that I can kill it.

goodjohn1984 · February 13, 2011, 6:19am

Hmm, that sounds interesting Boss, I might have to try that one of these years.

Thank you for sharing that Boss.