CIS missed 100 viruses

Friend of mine inserted a USB drive on to my PC and CIS detected plenty of viruses but not all. After that viruses began to spread on to my USB and on to my other computers also protected with CIS. I removed CIS and installed Kaspersky internet security 2012 trial version and it found plenty of viruses as seen in a picture below.

PS: This is the first time since I have started using CIS some 2 years ago that my PC got infected.

CIS 5.4.189822.1355
Windows XP x32

Is this malware active on your system or it just sits there?

Now I have inserted my clean (cleaned on PC 1 with Kaspersky) USB drive on to my PC 2 protected with CIS and return to PC 1 and Kaspersky detected following virus.

Kaspersky also deleted autorun.inf from my USB drive but I couldn’t find that report to make picture.

It is active now on PC 2 as you can see from the post above.

I have now started full scan on my PC2 and PC3.Both are Windows XP x32 with the latest versions of CIS and databases. I will report the findings.

Did you get a full scan Comodo IS of computer?

Full scan results


what settings do you have set on CIS? How do you have it set up?

Default. Only sandbox deactivated.

I have installed Kaspersky trial version on PC2 and PC3. I will report results.

basjedobro.exe :smiley: :smiley: :smiley: :smiley:

In Serbian, means “It’s really good” :-TU

Also in Croatian…

“Ma basjedobro.exe vidjeti te opet…staviti ruke na tvoja ramena…” ;D

I know. I’m from Serbia.

I tried to archive the file with winrar, but couldn’t.

:-TU :-TU :-TU :-TU :-TU :wink:

Montenegro here :slight_smile:
I say it is unfortunate CIS failed in securing your PC.
Did you restart your PC to clear any sandboxed processes?
Is there anything in “My Pending Files”?

I’m not a fan of sandbox, so it’s always deactivated on my PC’s.

Did you accidentally allow something?

I have a lot’s of friends that use my PC’s, even when I’m not there, so that might have happened.

I’m pretty sure that my PC’s got infected from USB drives.

File Autorun.inf use to be deleted automatically when I had CIS 4, but when CIS 5 arrived it didn’t detect it as a virus any more. (I’ve already posted about that problem)

Here you go, bro!

In my experience, CIS 5 just blocks autorun.inf but it does not delete it.
It just shows a popup in a corner about malicious file with red ugly bug
and that’s it, dissapears after several seconds…

I thought the very same thing!

Nevertheless I’m not talking about a D+ problem, I’m talking about a viruses that haven’t been detected. Only acceptable explanation for CIS to skip this many viruses would be that they are added to exclusions, and they where not.

I am confident that you already know that no antivirus is perfect and that there is no 100% detection rate or realibility, speaking from antivirus point of view.
It is a sad example of relying on signatures and also needing user submission of samples for analysis.
First few people do get burned in benifit of others.
My concern would be why Defense+ did not react the way it should be. It could be only two possibilities:
a) incorrect/poor configuration
b) incorrect/poor usage

Did you uninstall CIS?

Since various people have access to your computers I would advice to disable all autoruns for external devices and enable the sandbox. It is not in the way once you have made your D+ rules for the programs you normally use. That will make your system much more friends proof.

Please read this Microsoft knowledge base article on how to disable Autoruns in XP.

We may not exclude the situation here where D+ may have alerted but that your friends allowed things that should not be allowed. Other than that Comodo’s detection is steadily improving but it is not in the top league.