CAV missed 2 Trojans

rrcole · October 11, 2007, 12:09pm

I noticed yesterday that some weird things started happening to my computer, such as the regedit and control panels where locked out by the admin. My account has admin privilages so I suspected a virus. I ram CAV and it came up clean. I then ran some online scanners and they all got hits for a virus infection. I downloaded AVG and ran it. It tagged and removed 3 viruses Trojan Horse Generic8.jdu, Obfustat.swa and Trojan Horse Generic5.HHS. Why did CAV not catch these?

ganda · October 11, 2007, 12:43pm

hi rrcole
(:WAV)
i should say CAVS is still a BETA, the detection rate ain’t the best yet, and there’s no AV that can detects 100% malwares out there.
could you pls send the virus/trojan sample to comodo? it will help comodo enlarge its database.

welcome to the forum
(:HUG)
Ganda

rrcole · October 11, 2007, 12:57pm

not to sound stupid, but how do I do that?

ganda · October 11, 2007, 4:41pm

on CAVS quarantine tab, there’s a “submit files” button. then browse & send the suspected file.
and you can email the samples too, but i forgot the email address ;D (now THIS is sound stupid (:TNG) ), maybe someone know it? help me please.

P.S. and what about the CAVS HIPS, it doesn’t give any warning when these trojans execute?

Ganda

Little_Mac · October 11, 2007, 7:25pm

You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line “possible malware” for clarity’s sake.
Compress to a zip archive and password protect with “infected” - including that information in the body.

All of this, of course, is predicated on you still having a copy of the malware. AVG probably has them in its quarantine.

LM

mcjacobs1988 · December 25, 2007, 7:57am

Every Antivirus is different. They all have different virus definitions, same for spyware.

Those trojans could have been false positives, AVG is notorious for detecting them.

Burillo · December 25, 2007, 11:19am

maybe you could try some other online scanners - like Trend Micro Housecall or KAV online scanner…

PS definitely not a false positive.

xergxies · March 31, 2008, 3:25pm

happen to me also today… my registry, folder option, task manager and cmd been disable after inserting my friend thumb drive. Even i block when CAV HIPS tell me there’s a program execution when i insert the thumb drive, the virus still manage to attack. maybe because i leave HIPS to default setting. Already submit the file to comodo lab… hope it will include in database soon.

Been using beta for about a month and i never encounter technical problem such as BSOD and lock program. No problem while uninstalling also. Hope CAV will get better after leave beta.

For now i change back using Avast! Thanks to Avast! boot time scan i manage to get rid all 300+ virus which some of them reside in memory and can’t delete while Windows run. Looking forward to CAV 3…
(V) (R)

system · May 31, 2008, 8:24am

Locked.

Reason: Out-Dated post.

Josh