So I have a software update for PLC authoring/configuration software from a very large company that Comodo keeps flagging as containing the ZLob_Gen2 trojan. Of course, the very large company who I have been talking to about this refuses to acknowledge that this is even a possibility. I’ve tried to scan it with Trend Micro’s Housecall, to get a second opinion that I can reinforce my position with, but it finds nothing. The file is too large to submit (over 650 Mb), it just errors out. Is there any way that I can confirm this is not some sort of false positive? I need this update, but I’m not about to install a trojan onto my company’s computers.
Can you give us the company name, etc here please.
Josh
I think it’s Symantec no ?
I sujest you take a look here : https://forums.comodo.com/comodo_safesurf_and_comodos_own_toolbar/analysis_of_comodo_toolbar_by_boclean_standards-t24483.0.html and decide for yourself if it’s malware or not…
Xan
The software is Rockwell Automation’s 16.03 update for RSLogix5000. It is software for programming and configuring PLCs.
So, after having argued with the tech for some time (as usual, the techies are always right, and the customer is always an idiot), I downloaded the program to my home machine and tested it there. Same results. Then I made a backup of the harddrive who was to be updated and went and installed the software anyways. It appears that if there is an infection it is within the self extractor, not the actual update files. After I installed it I ran a virus scan on my system and it has found nothing.
I’m not quite prepared to take the computer out of my imposed quarantine (it’s isolated from the rest of the network etc.), but I’m wondering if this is a false hit? I don’t seem to be able to submit the file for analysis because it is too big (650 mB). Is there any way to confirm that there actually is a trojan in this file?