CIS fails to delete detected malware(FIXED)

In this mornig i tested for curiosity the new version of ARDAMAX keyloger 3.1. Especially i want to see how works only antivirus module when detect this malware. So, i downloaded ardamax 3.1 from their web page, i installed aplication, av module detect all files detected as threat - included executable AKV.EXE, but, SURPRISE!!!.. After Comodo delete all those files, akv.exe still running fine. Somehow he escaped from comodo deletion. I attached a screenshot. How this aplication escaped after comodo av detected and deleted all files? This could happen with other malware too? Anyway, with D+ enabled a popup that atentioned me about akv.exe tryied to directly acces the keyboard apeared and i can block it. No logs can be created by the keyloger in this case…

[attachment deleted by admin]

It looks like there may be an extra file that is protecting akv.exe that is not part of the virus definition.

Let avk.exe run and check with CIS View Active Process and Process Explorer if there is a parent process of avk.exe.

akv.exe is nowhere. Remains another executable named cle.exe that runs in memory undetected by CIS. I sended it to avlab…

Fixed with detection aded to cle.exe with db 1086.