Why Comodo AV doesn’t recognize AdobeR.exe as trojan virus?
Goran
After not receiving any alerts from Komodo AV, I decided to check if there are more viruses on my PC. First I have done a Full Scan with Komodo AV, and no viruses where found. Then I download another AV and scan the system. I wont say which one I downloaded, because that might seem like advertisement. The results after scanning where:
4 files infected with Win32/VB.AQX
2 file infected with Win32/RJump.A
All these trojans where located either in one of the subfolders in Documents and Settings folder, or in one of the subfolders of the System Volume Information folder. One of Win32.RJump.A warm was located on USB stick (in Autorun.inf), and there was no alert from Comodo AV, but this other AV located this warm as soon as the USB stick was inserted. OS is installed 20 days ago on a formatted partition, and Komodo AV is installed right after installing windows, so those files couldn’t have gotten there before the Komodo AV is installed.
Why is Comodo AV ‘blind’ to this trojans/warms?
Goran
Probably CAVS does not recognize these because they are not on the list of viruses it can detect.
The detection rate is not as good as with some other AVs, so that could explain it.
It is also possible that these are false positives from the other file scanner. Have you uploaded the files to online scanners like VirusTotal or Jotti? Have you submitted the file to Comodo for Analysis?
Also, what version of CAVS are you running? If version 2, you should have the HIPS which would alert you to a running process…
user4 is correct that at present, CAVS does not have as large of a viruslist as some longer-existing AV apps. It is growing rapidly, though, and will soon encompass the 10+ years of malware collected by BOClean. Comodo’s approach to security is Prevention rather than Cure. Prevention is why they have the HIPS - if malware never get the chance to install and are not allowed to run, then the system does not get infected for the AV to detect the nasty file at all. This is not to say that they don’t care about virus definitions for file scanning; just that their focus is a little bit different.
With the next release, you’ll see a huge improvement in the detection rates, scanning ability, smaller usage footprint, and so on…
LM
I have version 2, and HIPS is active, but for some reason, it doesn’t detect any activity for AdobeR, for example, and it is autostarted as soon as usb flash is inserted. And as I have read on internet, other AV software also report this to be a virus. And it is spreading very quickly, I spread it to my clients computers through the USB, and that was very inconvenient. When it is started, it creates AdobeR.exe process, that runs with OS loading.
I cant upload them now to VirusTotal, since I have deleted them, but I believe I have submitted them to Comodo, I am sure I did submit AdobeR.
Goran
Hopefully you did get it submitted to Comodo, so they will be able to investigate that and make sure protection is available.
LM
How can I submit a file to Comodo without putting it inside quarantine.
Open CAVS, and click the Quarantine button in the row across the top.
In the bottom section of that screen is the section to submit suspect files to Comodo. Click the “Submit” button. This will open a dialogue where you can attach the file, give some information, and send. I believe it will access email to send that way, but I’m not absolutely certain on that.
LM
Its been almost three months since I have submitted adober.exe for analyzing and after three months av 2 still doesn’t recognize it as a threat. I see people here complain that they cant remove usb flash disks, cause of the AV, my experience with this trojan is that after it is executed from usb, the process itself doesn’t allow usb to be unplugged, not the AV. When I terminate process manually, I can unplug usb flash.
My question would be: If I submitted a threat 3 months ago, and it is still not resolved, how secure I am with Comodo AV? How much time will it pass after some threat will be handled? I am not some paranoid guy, its just that this virus (type WORM_RJUMP.D.) is so annoying. It seems that it has spread a lot, so I manage from time to time to get it on my usb flash. What is the most strange thing is that it doesn’t spread on my pc, it only stays on my usb. I have tried almost all popular AV’s, and all of them do warn me of this threat, only Comodo AV doesn’t. I dont feel comfortable when I plug somewhere my usb, and antivirus on this PC reports that I am trying to pass a virus.
Can someone from the Comodo team tell me why is AV placed in 2nd plan, and still didn’t become a solid product? And when will virus database list become up to date?
Thanks,
Goran
Goran,
I’ve PM’d the lead developer and asked for a clarification on this matter.
Thanks for bringing this up.
LM
Thanks, Little Mac, I am looking forward to the answer.
Goran