Bundestrojaner Backdoor:W32/R2D2.A

Will Comodo detect this malware?
F-Secure named it “Backdoor:W32/R2D2.A”

Hi Peter,

When you encounter a False Positive (=FP) or a suspicious file please follow 1 of these 3 ways so it can be resolved as quickly as possible.
Thanks.

Kind Regards.
Erik M.

It has been uploaded to virustotal so it will be in the queue for analysis at Comodo also just a matter of time before they do.

Please do not post links to malware on the public forum as it’s against the forum policy.
is the download link.
Comodo doesn’t recognise it.

By the way: Comodo isn’t very quick. These are the competitors who detect it:
AntiVir – TR/GruenFink.2
Avast – Win32:Trojan-gen
ClamAV – Trojan.BTroj-1
F-Secure - Backdoor:W32/R2D2.A
GData - Win32:Trojan-gen
Kaspersky - Backdoor.Win32.R2D2.a
McAfee - Artemis!D6791F5AA623
Sophos - Troj/BckR2D2-A
Symantec - Backdoor.Earltwo
Bye-bye Comodo!

The files have been submitted for analysis and will become detected within the next few updates…

This is the same on other malware for other vendors, it’s always a matter of time.
AV vendors get 1 million malware files submitted daily… some detect this first others that.

CIS will definitely prevent this malware from infecting your system without having the AV detect it. (Thing uses app_init to inject in to running processes, that’s blocked by sandbox).
I’d rather trust on CIS then on the AV detection capabilities of some of those others…

CIS Defense + and Sandbox malware Blocked :wink:

CIS :-TU

Good reaction, guys!
Yes, and the malware is pretty poorly coded - as expected.

Kaspersky Total Database Signatures : 6.301.200

Comodo Total Database Signatures : 12.295.272

http://c1110.hizliresim.com/11/10/9/22216.jpg

http://www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318191223

(Comodo 10402 2011.10.09 Backdoor.Win32.R2D2.A)

Source:

http://www.rokop-security.de/index.php?showtopic=21592&hl=

Hello GOA,

Thank you for your submission. We’ll check it and get back to you soon.

Kind Regards,
Chunli.chen