How does one send a suspicious file to comodo?

General Discussion (off topic) Anything and everyt
#1

Hello folks :slight_smile:

Recently comodo has given me notification about a file or two that is suspicious and when this comes up I get the options of allowing, blocking etc. However, there is also text that tells me to send the ā€˜suspiciousā€™ file to comodo for analysis.
Now Iā€™m still trying to get to grips with understanding comodo as I ainā€™t computer savvy-in fact Iā€™m one of those complete novices 88)

Anyhow I could not find anywhere under the notification the option to send the file to comodo for analysis and so I blocked it. I mean sure it is under the blocked list but how the deuce do I send it from there?

Also just to let you know this file is called winjoea.exe and it is at port http (80)
I tried to google it and all that came up was:

# ę‰“å° - ꈑēˆ±LGꉋęœŗč®ŗ坛- LG Mobile - Powered by Discuz! Board
  • [ Translate this page ]
    93 posts - 87 authors - Last post: 10 Aug
    ä½œč€…: winjoea ꗶ闓: 2010-3-24 19:53 ęˆ‘č¦äø­ę–‡ēš„怂 ā€¦ ä½œč€…: 超ēŗ§å…”子.exe ꗶ闓: 2010-6-10 22:06 dsddg f äø‰åŗ¦ē©ŗé—“ ā€¦
    www.52lg.com/viewthread.php?action=printable&tid=304820
    Get more discussion results

empiesa a shupar rueda W. Vistaā€¦ - Page 12 - Foros Softonic

  • [ Translate this page ]
    10 posts - 2 authors - Last post: 14 Mar 2006
    hay 18000 ejemplillos en ke la sesguridĆ”s en win joe a los usuarios, ā€¦ pensar ke sā€™instala dā€™una maneira tipo win sjekutandor un .exe o ā€¦
    FAQs ā€“ Softonic Corporateā€¦-15430-12

Perhaps the above is completely fine but I donā€™t want to go to those sites as well I donā€™t know much about the above.

Thanks for reading this folks :slight_smile:

Regards S.

My registry is messed-up by win32.og sality folks!
#2

Hi Staara,

1st, knowing the fileā€™s path you can always send it (them) to Comodo for analysis since this is a common procedure for all security packages
ā€“ create password protected compressed archive (ZIP or RAR ) & e-mail as attachments to malwaresubmit[at]avlab.comodo.com
(I hope that the address havenā€™ changed, but you can check AV section of the forum)

Then, you can add the same items into ā€œMy Pending Files" list. The latter has ā€œSubmitā€ & ā€œLookupā€ features (see Help File fore more details)

in addition you can use Comodo Malware Analysis

My regards

#3

Thereā€™s a couple of ways, choose whateever one you like (Iā€™m sure there more ways, but this is what I can think of off hand)

Just create a post here with the file (anything over 10mbā€™s then upload it to megaupload.com and post the megaupload links in this secition)
Comodo Forum

assuming you donā€™t have a very old version of comodo, just open comodo and go to the Anti-Virus section and click on ā€œsubmit fileā€

For instant results (about a minute): assuming itā€™s a .exe file
http://camas.comodo.com/cgi-bin/submit

1st, knowing the file's path you can always send it (them) to Comodo for analysis since this is a common procedure for all security packages ā€“ create password protected compressed archive (ZIP or RAR ) & e-mail as attachments to malwaresubmit[at]avlab.comodo.com
I'm usually to lazy to put a password on uploading malware :'( :)
#4

Ok the file path comes out as: C: Documents and Settings\user\Local Settings\Temp\winqnjiw.exe and so I went to the Temp folder to see if I could find it, but it is nowhere to be found. On my actual C I cannot get to the TEMP folder with the documents and settings>user>local settings etc as the temp folder does not PHYSICALLY exist there, so instead when I click on C I have to click on the Windows folder in order to get to the TEMP folder.

The only files I find under the TEMP folder are a whole host of Perflib_Perfdata-ā€¦ with different numbers at the end. Then I have super anti spyware self extract folder and some REGSCRIP.REG files.

So basically I really donā€™t know how to submit this winqnjiw/exe file when I cannot find it. I mean it shows up on comodo under Firewall Events.

Then I have 9 Trojware32 trojans that came up under view anti-virus events, but again they are all under C:\Documents and Settings\user\Local Settings\Temp but when I go to C there is only the above Perflib_Perfdata.
So should I delete these temporary files?

I hope Iā€™m making myself understood as I was on an anti-malware/internet security/computer problems kind of forum and I tried to explain time and time again that I could not find the files that they requested-well ok my registry is infected as firstly my Task Manager has been disabled by the administrator and then when I try to click on certain bits of comodo or try the downloaded super anti spyware I keep getting the sign: Microsoft Visual C ++ Runtime error! Program C:ā€¦ R6002, floating point not supported. Well ok these examples might not be to do with the registry (I donā€™t know) but there are definite signs of my registry being infected.

Ok folks sorry have gone off on some friggin tangent :stuck_out_tongue:

#5

Hang onā€¦this might well be a duh moment but maybe I should just post the temp folder suspicious kinds of files anyway?

#6

Hi Staara,

If you cannot find flagged items in the Temp folder(s) in question there could be few causes:

  • the Software , which created its temp files managed to remove those;

  • If you have auto-quarantine auto-delete set in you active AV ā€“ please disable that feature. That is a dangerous one and must be disabled anyway (regardless the particular security you are using)
    In this case you will be just notified & may be able to find the truth (unless #1 took place)

You can at least temporarily Exclude the Temp folder from monitoring / scanning, so you can have more chances to ā€œcatchā€ those files during the notifications (Alerts)

My regards

P.S. Perflib_Perfdata files are created by System Performance Monitor(ing)
You can delete those or better disable the service if you are not using it