While doing my weekly AV manual scan this morning Comodo found the following file, daisy-2247@31700714, which I quarantined and sent in to Comodo using the submit process from the quarantine box. Has anyone here any info on this suspected malware?. I then thought I would submit it to Virus Total and Jotti’s for a second opinion check. Can someone explain how I do this as Comodo stops me from browsing to it.
Don’t worry about it, it is more than likely a false positive. You’re not the only one with this problem.
Comodo must have made a small mistake with the latest database update.
thanks for the reply, Is it OK to restore this from the quarantine vault then?.
pls do tell us which file caused this…so that we can learn from it.
thanks
Melih
It (almost) certainly is, after which you should be able to send it to Virustotal for verification. I’m sure no problem (i.e. virus) will be found there.
The file path that came up with the AV scan was:
C:\System Volume Information_Restore{93958BA4-9F80-41CE-B3A4-44C25A58FDE5}\RP68\A0022565.exe
In my experience, CIS has always been very prone to FP’s in system restore files.
Yes, I’m aware that there is malware that likes to hide in system restore files, but I can delete all my restore files, scan with 5 different AV/malware scanners and all give my system a clean bill of health. (Even CIS) Create a fresh restore point, and what do you know? CIS finds a nasty hiding there! I scan the file with the other scanners at my disposal and they all come up clean.
Verdict, FP from CIS…
I’ve put my system restore files on my exclusion list. Avira also used to be prone to finding FP’s in system restore files as well, but I haven’t had one for a long time now.
Hi bluesjunior,
We are going to have a look at it and will get back to you after investigation.
Regards,
hailong.■■■■
Hi bluesjunior,
It’s not detected by CIS 1767.Pls check it.If any problems,pls let us know.
Regards,
hailong.■■■■
Thanks for the reply.
hello, sorry pretty new to this - but i googled various words from MY FIRST ever positive virus scan (i mean the first time comodo ever picked anything up) & got here thru the ‘daisy’ part - i have quarantined files - now read here that this could be a false positive:
any advice? many thanks in advance & i hope i’m posting in the right place & in the right way! see log below…again apologies if i was not supposed to do this!
COMODO Internet Security Logs
Table : Antivirus Logs
Date Created : 26/07/2009 12:37:01
Log Scope : Last 7 Days
Records count : 24
Date/Time Action Location Malware Name Status
7/25/2009 9:11:22 PM Detect C:\WINDOWS\Installer{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut6.txt Backdoor.Win32.Muprat.daisy-2038@30457805 Success
7/25/2009 9:12:16 PM Detect C:\WINDOWS\APanel.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/25/2009 9:27:26 PM Detect C:\Acer\Empowering Technology\ePresentation\ePrjNormal.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/25/2009 9:27:27 PM Detect C:\Acer\Empowering Technology\ePresentation\ePrjXGA.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/25/2009 9:27:55 PM Detect C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0000920.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/25/2009 9:28:13 PM Detect C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0001152.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 12:13:15 AM Detect C:\WINDOWS\Installer{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut6.txt Backdoor.Win32.Muprat.daisy-2038@30457805 Success
7/26/2009 12:14:22 AM Detect C:\WINDOWS\APanel.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 12:25:26 AM Detect C:\Acer\Empowering Technology\ePresentation\ePrjNormal.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/26/2009 12:25:26 AM Detect C:\Acer\Empowering Technology\ePresentation\ePrjXGA.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/26/2009 12:25:57 AM Detect C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0000920.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 12:26:17 AM Detect C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0001152.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 1:01:30 AM Quarantine C:\WINDOWS\Installer{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut6.txt Backdoor.Win32.Muprat.daisy-2038@30457805 Success
7/26/2009 1:01:30 AM Quarantine C:\WINDOWS\APanel.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 1:01:30 AM Quarantine C:\Acer\Empowering Technology\ePresentation\ePrjNormal.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/26/2009 1:01:30 AM Quarantine C:\Acer\Empowering Technology\ePresentation\ePrjXGA.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/26/2009 1:01:30 AM Quarantine C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0000920.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 1:01:30 AM Quarantine C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0001152.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 1:01:43 AM Quarantine C:\WINDOWS\Installer{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut6.txt Backdoor.Win32.Muprat.daisy-2038@30457805 Success
7/26/2009 1:01:43 AM Quarantine C:\WINDOWS\APanel.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
7/26/2009 1:01:43 AM Quarantine C:\Acer\Empowering Technology\ePresentation\ePrjNormal.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/26/2009 1:01:43 AM Quarantine C:\Acer\Empowering Technology\ePresentation\ePrjXGA.exe Backdoor.Win32.Muprat.daisy-2040@30457812 Success
7/26/2009 1:01:43 AM Quarantine C:\System Volume Information_restore{3B5EBD63-0BA3-4CB6-8D46-0666EE4E44F9}\RP6\A0000920.exe Backdoor.Win32.SkSocket.daisy-1751@30459594 Success
Make sure CIS is updated (has the latest virus definitions) and then scan your files\drive again. Hopefully the problem will be gone. If not, please submit detected files as possible false positives here:
Hello ALL, my Comodo found the daisy virus too.
The infected file was the “G-Buster Browser Defender - Service” (the protection software used by my internet banking). How can I remove it?
Thanks,
Sophia
Hello Sophia,
Please check to see if your AV database is up2date and scan again, mine is Version 1784 at the time of writing. There where a lot of False Positives caused by Daisy… i think it won’t detect it anymore now.