Does / Can CIS AV repair infected files?

I know that some virus software will attempt to repair a file to simply remove the virus / trojan code and leave the file working… Does this software not have that ability? If it does, how do I use it?

On a related note, I submitted several files for inspection. 3 said already submitted, and one was successfully submitted. My questions are: The ones already submitted, I get means you have gotten from other people…but where can I find info on them? And the one that I submitted successfully, same thing…where or when or how will I know if anything was found with it…either good or bad?

I need to use a couple of these programs and don’t wish to do so again until I know if the files are indeed infected, non repairable, or were tagged by mistake…

Thanks as always!

  • Greg

CIS does not currently have any repair function.

If you want to test your applications to see if they may be false positives, you can submit them to VirusTotal and see what the various AV’s think about the file. If it’s looking like a false detection, you can report it as mentioned here. How to report False Positives/Suspicious Files & How to Submit them

No. It can’t repair infected files. Other antivirus softwares can’t do it too.
It was possible about 15 years ago. At that time, most of virus were simply coded, but today is not(well coded).
(do not expect…)

If you submitted infected files, the files go to comodo server. Then developers check them out.
But if you move infected files to ‘pending file’ or Quarantined Items’, you can still preserve those infected files on your HDD.

You removed it? there is only way you can recover infected file with HDD recovery software.(even if you recover
it’s still infected)

So, answer is NO.

Sorry…there is nothing you can do

Ok…was just curious… because Zone Alarm AV will attempt a repair when it finds a problem. I used it several times over the years and sometimes it worked, sometimes it didn’t. I know that some virii will simply attach new code to an executable…and those can be easily repaired as the scanner that finds that code, just removes it. That’s why I asked…

I run a files server and I know that some of the files on there are cracks that people upload. While I am sure some have virii attached, I know most scanners will tag anything that looks like a serial generator or ■■■■■ file as a virus. I know this as a friend of mine who tests and reseraches serial generators to help defeat them has created a few himself…and his were all tagged as containing trojans, even though they absolutely did not.

I did submit 4 files, but only one was accepted…the other 3 were already submitted apparently. But I don’t see where I get the info about those submissions… Is there a list of files submitted and results of testing?

Thanks all for the help,

  • Greg

I believe a repair option is planned for a future release.

If you submit a file by email/forum, it will be added to the whitelist quicker if it is clean. If you report it on the forum as well you will actually get a reply on whether or not the file is being added to the whitelist or if it is still considered suspicious. The forum and email are the quickest ways to get results. I would use those methods instead of submitting through CIS itself.

As for information on what has been submitted, the closest there is (that I am aware of) is this page.
Comodo Anti-Malware Database - Latest additions

It tells what definitions are in the virus list, but it doesn’t give any other info.

If you really want to get those deleted files back,
There is only one hope.
Try to recover those files with HDD recovery software,
you may find those files that are not infected.(if the recovered files have
some temparary files or copied in the HDD before they were infected,
you can recover them all. But if you can’t find them, there is no other way)
Because the files in HDD can be avlive until it’s rewritten by other files in the
HDD.
If it was a false positive deletion, the probability for recovering goes high.

recommendation: Before you recovery lost files, do not reboot the server.

Many antivirus softeware companies tags keygens, cracks as a virus even if it’s not a virus.
But some keygens and cracks are modified as a virus by some bad people.
That’s why the release groups always say "check crc value’.
You can check them with HEX tools, debugging, reverse engineering.
Sometimes I do this, I found rootkits, virus etc.
(to prevent above, some virus is protected by the encryption)
Anyway I really hope you are able to recover lost files.
Good luck.

Not sure why you think I deleted the files…I have not. Also, I have resurrected deleted files many times. I do this for a living. I test software. All kinds. It’s one of the reasons I need a great AV program. I install / uninstall over 50 programs every week on my computer. I do this for various companies. They pay me to test their products in a home / office environment. Games, business apps, utility software, etc…

I have made the mistake a few times of deleting files that I didn’t want deleted. And I keep my system set to instantly delete. I don’t waste space with garbage files. Thus, I have some GREAT programs to undelete and repair hd’s, etc…

Until I know what is and isn’t false positive, I just removed them from the list of bad files. If I need to, I will just scan that drive again and scoop them all up. But I know they are doing no harm currently…

  • Greg

i think the repair option is a MUST , by all means !!!
i think without repair option it is possible the following :
no antivirus can catch new viruses immediately after their creation , so there is always
big enough possibility that the computer is infected with unknown virus,
and when the definition for this virus comes even few hours AFTER the infection
it will be to late to stop the harm - the only thing antivirus could do in this case is to say "you have to delete this file or leave your computer infected "
so this is equivalent to situation wen you have no antivirus and the virus deleted the infected files.
anyway the infected files are lost. no matter if they will be deleted by the virus or by antivirus.
i can bet that this will drive in the near future significant part of computers useless and the other part permanently infected.
so there will be no much use of antivirus WITHOUT really working “repair file” option
perhaps complete repair would be very difficult , but perhaps partial change in the infected file - such like viruses do - to make the virus not working will be some way to solve the problem ?
i mean the action of repair file would not be the restore the original file , bu to make such changes that will make the virus inoperable (this is difficult to retain the infected file in working state but antivirus have to do it or else there will be no use of antivirus at all).

and is comodo planing for near future (for example few months , not few years) such really working “repair file” option

and next : i suppose there is possibility for existence of self changing viruses , and this mean that it is near the moment when the viruses will start to evolute them selves , with no need of human invention.
just the successful changes in the viruses will lead to survival of the viruses which is harder to catch - this is
just genetic algorithms - they are quite intelligent - and perhaps such virus self evolution is happening even now.

so in the future , the role of the antivirus will be not to stop the viruses - obviously the antivirus fails in this task even now and the situation seems to grow worst - but rather the role of the antivirus would be to minimize the harm of the new viruses.

so is comodo concerned about such possibility?

hanks best regards.