CIS 2011 can't disinfect virus from a files!

I have a real sample of a file which is infected by fujacks virus. I have tested this sample with Norton 2010/2011, NOD32 v2.7& v4, Dr.web, BitDefender and Kaspersky and they could disinfect file but CIS 2011 like Avast couldn’t do it and it remove the file not just the virus inside the file!

Now my question is if CIS 2011 can’t disinfect viruses why it has disinfection option? it just doesn’t work! ???

VirusTotal 42/ 43 (97.7%)
http://www.virustotal.com/file-scan/report.html?id=0fb1de5f6f72bc924c6a2961d9bb067b0313ccd99be448f73ee420a8b95dc64d-1285349507

[attachment deleted by admin]

because desinfect = remove?

realy? Than what means with “Clean”? :wink:

Anti-Virus Disinfection
For a product to be accredited to the Checkmark Anti-Virus Disinfection certification, the product must be able to disinfect all files infected with those Viruses that are capable of being disinfected, which have appeared on the WildList in a 12 month period prior to the time of testing.

This gives a clear and independent indication to end users of those anti-virus products that they can be relied on for their virus disinfection capabilities.
(This certification was formerly Checkmark AV Level 2)

http://www.westcoastlabs.com/checkmark/vendorList/?techGroupID=30

Comodo is tested here:
http://westcoastlabs.com/checkmark/productList/?vendorID=120

Yes, it’s a little bit misleading that you can’t really recover your file, and it should be named “delete”. But I read they are currently working on a tool to do so.

And from your quote:

the product must be able to disinfect all files infected with those Viruses [b]that are capable of being disinfected[/b]

Thanks Syl link! I know that but why Eset, BitDefender, Kaspersky, Dr.Web, Norton, Avira can disisinfect the “infected” file which is same file that I tested with all those Anti-Virus and it’s just Comodo and Avast which can’t do that? ???

you can look the screen shots of Dr,Web and Now Eset.

[attachment deleted by admin]

A trojan is entirely a malware binary there is nothing to clean it because all the code on it is malicious. A trojan cannot patch other files so there is nothing to clean.

It’s a worm, so maybe it can be sanitized.
Why Nod32 quarantined the file if it’s safe?
I won’t defend CIS on why it can’t clean the file, the soft isn’t perfect, but you already know that.
I haven’t got a virus since a long time, but when it happened, even AV cleaning couldn’t do much, the file wasn’t usable anymore.

It’s really cool if Nod32 could remove the worm and you feel safe to run the file again, good for you.

The majority of the scanner flagged it as a trojan.

@nickoo i think you’ve been confused a little by the terminology.

I am sure that none of above mentioned commercial antiviruses can’t disinfect malicious file. The only one that knows how to do it is Dr. Web, but also in very special cases like for instance curing the patching virus (sality). Other AV can either delete or quarantine.

Talking about Comodo AV i can say it’s already a big advantage if comodo av can detect it, knowing the comodo’s ideas how av redundant and not important and how little resources are spent to improve av and make it clean abilities better i feel already well if i know comodo can detect it and delete.

There is no way of disinfect a pure malware binary file because there is no good code on it. Most of the things you can disinfect are patching virus like virut or sality.

Hello Syl,

I’n not using NOD32 or Kaspersky or any other antivirus. I use CIS 2011 as my only real-time protection. I think it’s clear :slight_smile:

After disinfect the infectred file “infected.exe” I did another Virustotal online-scan just to be sure that Anti-viruses ( Dr.web, Kaspersky, etc…) could disinfect the file. And after disinfection I can run the file and it’s usable.

Virustotal (after disinfection). 2 /41 (4.9%)

http://www.virustotal.com/file-scan/report.html?id=583d0b92aae87c7044cb9d74b681c51412348750961ee8fd3ad7dadeedacb2f4-1277388091

Even Comodo AV didn’t detect it as a Trojan anymore. :wink:

Why Nod32 quarantined the file if it’s safe?

Nod 32 didn’t quarantined the file it just quarantined the virus inside the file. If you can look at the screen shot carefully it says that cleaned - quarantined

Thanks. :slight_smile:
Nickoo