I have COMODO Internet Security 2012 in my pc and i make some tests in virtual machines and i discovered a big fail i just download this file:
Mod Edit: malicious link removed. Please do not post links to possibly malicious software
COMODO sandbox ( my sandbox is on Restrict mode) the file but fail malware continued to do is malicious work.
It appear a lot of pops telling me that my hdd have problems and run another program and start do scan things in my pc (this program was sandbox too).
I block all the pops that appear when i start the program (except the sandbox pops).
This malware apparently he hidde all the folder in my your pc.
I removed the malicious link. The moderators have access to it. Please PM a moderator if you would like the file.
Also, for those who are curious here are the:
VirusTotal Link
CIMA Link
Anubis Link
Valkyrie Link
Thanks.
Now I am putting a video in youtube to you see that that is a virus
NOW ALL can see that is a virus
Did you reboot your system to see what was left of this ‘active’ infection?
link doesnt work
I’m almost sure that this rouge only displays a windows under comodo sandbox and after restart all signs of infection are gone (app is restricted from putting anything to the autorun and critical system areas/settings).
I run the program again this time in a new virtual machine and reboot after the program after run the program
when I restart the program doesn’t run on the memory but continued on the system (not running but the file still there) and he hidde a lot of files on the windows.
But the only thing that i want his that add that virus in COMODO database.
That is good to hear. Application which is sandboxed is allowed to drop files in harmless location like desktop and many others, where it won’t affect the system.
Existence of “dead” file doesn’t mean an infection.
I’m wondering about hidden files - I thought that Comodo could prevent, apparently not (the same like encrypting, deleting and many other operations are not controlled by comodo yet). Fortunately, in version 6 Comodo will get fully virtualized sandbox which will be able to stop most of the malicious actions that is unable to stop currently.
Please submit this malicious file here: Comodo Antivirus Database | Submit Files for Malware Analysis
in order to add it to virus database. It should take 1-2 day(s).
Thanks.
Another Bug that some times I see on comodo is COMODO say that a file that doesnt have digital signiture as one.
You can see this on another video that i make
I hoppe that COMODO version 6 fix this bug too…
not a bug, it is part of the whitelist in the cloud. Go to d+ events and you will see “scanned and founds safe”.
I checked it online:
Tested on my system with stock settings, I found no bypass. How are you running comodo? What settings?