CIS : Av/Livescan failing to detect TrojWare.Win32.PSW.Agent.~ZZA[at]5092835 file.

Catacylsm · September 8, 2009, 9:20pm

Hey everyone, i hope this is the right place to put it, but the point of this thread is quite self explanitory really although i may have post this in the wrong thread (sorry if thats so new hear.) Hopefully it can be moved to the correct thread.

Basically, i’ve been having a friend bombard me with a few files via MSN, as my confidence with Comodo, is well very high.

The test was to hit me with a series of password snatchers that relay the information, but i have good news and bad news.

First of all, comodo past 2 of 3 tests, immediately siezed the file after transfer and i could quar or remove the file, just like that.

Unfortunately the third went through the av/live scan completely being dismissed, so im hoping that it can be examined and then added to comodos database.

If i am allowed, i will upload the file so that it can be examined, but for the moment i will leave you with the the screenshots of what the file actually is and the two of three tests that comodo detected.

I hope you excellent folks have some time to spare.

Catacylsm.

Citizen_K · September 8, 2009, 10:19pm

I moved your topic to False Positive/Negative reporting - (Is this a malware that CIS has/not detected?).

Please submit the malware as described here:

system · September 9, 2009, 1:39am

Catacylsm post:1:

Hey everyone, i hope this is the right place to put it, but the point of this thread is quite self explanitory really although i may have post this in the wrong thread (sorry if thats so new hear.) Hopefully it can be moved to the correct thread.

Basically, i’ve been having a friend bombard me with a few files via MSN, as my confidence with Comodo, is well very high.

The test was to hit me with a series of password snatchers that relay the information, but i have good news and bad news.

First of all, comodo past 2 of 3 tests, immediately siezed the file after transfer and i could quar or remove the file, just like that.

Unfortunately the third went through the av/live scan completely being dismissed, so im hoping that it can be examined and then added to comodos database.

If i am allowed, i will upload the file so that it can be examined, but for the moment i will leave you with the the screenshots of what the file actually is and the two of three tests that comodo detected.

http://xs843.xs.to/xs843/09372/troj291.jpg

I hope you excellent folks have some time to spare.

Catacylsm.

Hi Catacylsm,

If you can find the FP file,you can submit through this link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.

Thanks and Regards,
hailong.■■■■

Catacylsm · September 9, 2009, 3:55pm

Hey hail, i’ve uploaded the file in a zip file,

The name is Win32.PSW.AGENT.zip as thats what comodo detected the varients as,

The email ID is this accounts one so you should have no problem verifiying it was from me.

As a response to the earlier question, yes this is malware comodo has failed to detect, although i haven’t executed the file, if need be i will.

Comodo found 2 variets of this type of file, but not the third.

Happy to help.

Michael.
Cata

botezatus · September 9, 2009, 5:04pm

Hello,

Thank you for submitting the files. We will take a look at them.

Regards,
Sonia Botezatu.