How does one send a suspicious file to comodo?

Hello folks :slight_smile:

Recently comodo has given me notification about a file or two that is suspicious and when this comes up I get the options of allowing, blocking etc. However, there is also text that tells me to send the ‘suspicious’ file to comodo for analysis.
Now I’m still trying to get to grips with understanding comodo as I ain’t computer savvy-in fact I’m one of those complete novices 88)

Anyhow I could not find anywhere under the notification the option to send the file to comodo for analysis and so I blocked it. I mean sure it is under the blocked list but how the deuce do I send it from there?

Also just to let you know this file is called winjoea.exe and it is at port http (80)
I tried to google it and all that came up was:

# 打印 - 我爱LG手机论坛- LG Mobile - Powered by Discuz! Board
  • [ Translate this page ]
    93 posts - 87 authors - Last post: 10 Aug
    作者: winjoea 时间: 2010-3-24 19:53 我要中文的。 … 作者: 超级兔子.exe 时间: 2010-6-10 22:06 dsddg f 三度空间 …
    www.52lg.com/viewthread.php?action=printable&tid=304820
    Get more discussion results

empiesa a shupar rueda W. Vista… - Page 12 - Foros Softonic

  • [ Translate this page ]
    10 posts - 2 authors - Last post: 14 Mar 2006
    hay 18000 ejemplillos en ke la sesguridás en win joe a los usuarios, … pensar ke s’instala d’una maneira tipo win sjekutandor un .exe o …
    FAQs – Softonic Corporate…-15430-12

Perhaps the above is completely fine but I don’t want to go to those sites as well I don’t know much about the above.

Thanks for reading this folks :slight_smile:

Regards S.

Hi Staara,

1st, knowing the file’s path you can always send it (them) to Comodo for analysis since this is a common procedure for all security packages
– create password protected compressed archive (ZIP or RAR ) & e-mail as attachments to malwaresubmit[at]avlab.comodo.com
(I hope that the address haven’ changed, but you can check AV section of the forum)

Then, you can add the same items into “My Pending Files" list. The latter has “Submit” & “Lookup” features (see Help File fore more details)

in addition you can use Comodo Malware Analysis

My regards

There’s a couple of ways, choose whateever one you like (I’m sure there more ways, but this is what I can think of off hand)

Just create a post here with the file (anything over 10mb’s then upload it to megaupload.com and post the megaupload links in this secition)
Comodo Forum

assuming you don’t have a very old version of comodo, just open comodo and go to the Anti-Virus section and click on “submit file”

For instant results (about a minute): assuming it’s a .exe file
http://camas.comodo.com/cgi-bin/submit

1st, knowing the file's path you can always send it (them) to Comodo for analysis since this is a common procedure for all security packages – create password protected compressed archive (ZIP or RAR ) & e-mail as attachments to malwaresubmit[at]avlab.comodo.com
I'm usually to lazy to put a password on uploading malware :'( :)

Ok the file path comes out as: C: Documents and Settings\user\Local Settings\Temp\winqnjiw.exe and so I went to the Temp folder to see if I could find it, but it is nowhere to be found. On my actual C I cannot get to the TEMP folder with the documents and settings>user>local settings etc as the temp folder does not PHYSICALLY exist there, so instead when I click on C I have to click on the Windows folder in order to get to the TEMP folder.

The only files I find under the TEMP folder are a whole host of Perflib_Perfdata-… with different numbers at the end. Then I have super anti spyware self extract folder and some REGSCRIP.REG files.

So basically I really don’t know how to submit this winqnjiw/exe file when I cannot find it. I mean it shows up on comodo under Firewall Events.

Then I have 9 Trojware32 trojans that came up under view anti-virus events, but again they are all under C:\Documents and Settings\user\Local Settings\Temp but when I go to C there is only the above Perflib_Perfdata.
So should I delete these temporary files?

I hope I’m making myself understood as I was on an anti-malware/internet security/computer problems kind of forum and I tried to explain time and time again that I could not find the files that they requested-well ok my registry is infected as firstly my Task Manager has been disabled by the administrator and then when I try to click on certain bits of comodo or try the downloaded super anti spyware I keep getting the sign: Microsoft Visual C ++ Runtime error! Program C:… R6002, floating point not supported. Well ok these examples might not be to do with the registry (I don’t know) but there are definite signs of my registry being infected.

Ok folks sorry have gone off on some friggin tangent :stuck_out_tongue:

Hang on…this might well be a duh moment but maybe I should just post the temp folder suspicious kinds of files anyway?

Hi Staara,

If you cannot find flagged items in the Temp folder(s) in question there could be few causes:

  • the Software , which created its temp files managed to remove those;

  • If you have auto-quarantine auto-delete set in you active AV – please disable that feature. That is a dangerous one and must be disabled anyway (regardless the particular security you are using)
    In this case you will be just notified & may be able to find the truth (unless #1 took place)

You can at least temporarily Exclude the Temp folder from monitoring / scanning, so you can have more chances to “catch” those files during the notifications (Alerts)

My regards

P.S.
Perflib_Perfdata files are created by System Performance Monitor(ing)
You can delete those or better disable the service if you are not using it