How to submit Quarantined items to Comodo for analysis.?

I am running the latest version 3.8 and AVDB 1008. The AV has notified me of two viruses the first is named the following.
Unclassified Malware@8313554
The file path for it is shown as:
C:\Documents and Settings\Username\Local Settings\Application Data\Mozilla\Firefox\Profiles\1n462zv2.default\Cache\97B2B308d01

The file path for the second is as follows:
C:\Program Files\Logitech\iTouch\itchhk.dllHeur.Pek.tElock
I have put them both in quarantine and would like to know how I send them to Comodo for analysis. I think they might be false positives as I can find no info on Google about them. Bear in mind I am no whizzkid on PC’s so a step by step would be best.

CIS currently has no ‘send for analysis’ option while the malware is in quarantine. the only way would be to remove the suspected malware from CIS’ quarantine and then upload it to Virustotal or send them to COMODO by email/CIMA.

The second malware definitely looks like a FP. It’s in the iTouch folder and it shows that the heuristics flagged it.
Not sure about the second. It was detected via CIS signatures (signature FP’s are still possible though).

How did you get notified? Did you run a scan or did the real time scanner flag them? And what are your heuristics set to?

Hi .FaZio93,
The iTouch one appeared just after installing v3.8. After rebooting I clicked on all the relevant programs in Start>All Programs. When I clicked on the Logitech one for my keyboard I got a Comodo Threatfire pop up warning. I was still reading it when I got a warning saying the AV had detected a malware which I quarantined.
The second one in Firefox came following a manually started scan yesterday. I quarantined it and came here to open this thread. This morning however when I visited the online British newspaper the Independent I got an AV pop-up on the main page regarding the same malware which was again quarantined. I visit there regularly without any problem and furthermore on Saturday afternoon I did my weekly security scan with both Superantispyware and also Malwarebytes which both gave clean scan results.
On checking, my Heuristics are set at low.
I have a shortcut in my bookmarks folder to Jotti’s malware scan but not being very PC minded cannot remember how to submit a file there. A step by step would be a great help.

I took your advice and released the file but as soon as I navigate to it I get a new warning from Comodo AV. I cannot find that particular file even with hidden files and folders opened to view and cannot browse to it. I get to the “1n462zv2.default” folder which then shows a whole lot of different entries and some file folders but none called Cache. I next tried to copy it and put it in a folder in my documents where I could easily browse to it for upload to virustotal but I cannot copy it either.

You can try this:

Open a browser window to CIMA (Comodo Instant Malware Analysis).
http://camas.comodo.com/cgi-bin/submit

And upload the file(s) there, if they are in Quarantine first need to “restore” the files on AV, Quarantine, Select the files you wish to restore, also make a note of “where” they will be restored.

If you access the file(s) to upload and you get an AV Alert, select Ignore, “Add to Exclusions”. And upload them.
That way they will get send to Comodo.

Something about that “strange name” stuff on the Firefox cache folders, if you download a file say flash_player.exe Firefox will store that first in the Cache folder under a different name, if the download is finished it will copy it to the download folder with the normal name.

Hope this helps a bit…

Hi Ronny,
I posted a thread on the Mozilla forums and here are copies of the three replies it has recieved since then. I think it explains it pretty well and it is safe to delete any such files. I cleared my Cache as below and scanned the folder again with Comodo and it came up clean this time.
Reply1

That path is pointing to the Firefox CACHE. That is data from web pages that Firefox stores on the local drive to speed up access. Note that data in the cache is not executable by itself so it is safe. Use menu path Tools->Options->Advanced->Network tab->Offline storage section->click on the "Clear now" button. Rerun that scan by Comodo and you should find that the malware report is gone.
Reply2
Trojans, Viruses etc found in the Firefox Cache are harmless as they cannot execute unlike the temporary internet files in IE. These Virus scanners should be better in telling you about how they are harmless if left alone or after manually clearing the Cache.

Firefox cache file was infected with a virus | Firefox Help


Reply3

I'm a CIS user as well and sometimes CAV will find a suspected file in your cache folder. Any file in your cache folder is safe to delete. You don't have to worry about quarantining it, deleting it is just fine. No harm will be done.

It is correct that the file in cache is harmless, but under normal circumstances (no false-positive) this would at least suggest there is something downloaded that is marked as a “virus” at some point.

But it can’t “execute” in that folder that’s also true.

May I say something please??? Quarantined files can be accessed using ‘Submit Suspicious Files’ feature under CIS > Miscellaneous.

Quarantine folder cannot be accessed through explorer in the normal way but the quarantined files can be submitted to Comodo through submit suspicious files without restoring it.

:-TU Goodpoint Layman, the Submit Suspicious Files is new, and i haven’t tested it yet :wink:
So learned again today…

Thanks Ronny.

AFAIK, this feature was introduced in 3.8. In 3.5 we were not able to access quarantine folder even from submit suspicious files.

Thanks for that Layman, wish I had known yesterday.

Thanks layman!
I just learned that now too. (:CLP)