Infected or not?

Learn about Computer Security Virus/Malware Removal Assistance
1

The following files are listed as being infected as some backdoor viruses. Only COMODO Internet Security Virus Scanner detects the files as viruses. While all other anti virus scanners find nothing.

I used virustotal.com to verify this and comodo once again destected the files as being infected. Any help with this is greatly appreciated, I don’t find the UI of COMODO the easiest to use, once quaratined the files are deleted too which is not what I am used to from AV software. Currently the files remain where they are because virustotal.com results. But are the results from comodo cause for concern, what should I do? I need a response directly from comodo if at all possible and am willing to send copies of the files to comodo for deeper analysis. How can this be done, I can’t find an option within Comodo IS software. Thanks.

Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\0f7a2bcaad89ca01370000006812c812.x86_microsoft-windows-i…oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_0ffdd2907f32f6e5_iphlpsvc.dll_805aaf49
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\19cb432ac088ca0155000000140d5c08.x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_umpnpmgr.dll_112f9bb4
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\23556300be88ca0113000000140d5c08.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6000.16615_none_dff66fbd85366d1e_dnsrslvr.dll_faf65b7a
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\32339eb9be88ca0128000000140d5c08.x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001_dhcpcsvc.dll_8155446a
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\53a1ca93ac89ca010a0000006812c812.x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c_rpcss.dll_fd3e269b
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\b20d3b58bf88ca0132000000140d5c08.x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c_rpcss.dll_fd3e269b
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\d907a507c188ca015f000000140d5c08.x86_microsoft-windows-i…oexistencemigration_31bf3856ad364e35_6.0.6000.16501_none_0ffdd2907f32f6e5_iphlpsvc.dll_805aaf49
Backdoor.Win32.PcClient.~a@88561940 C:\Windows\winsxs\Temp\PendingRenames\fec39536ad89ca012d0000006812c812.x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23_umpnpmgr.dll_112f9bb4

2

The simplest thing to do is to submit the files to Comodo for analysis through this interface:

Submit the files to Comodo as false positive and they will email you the results within a day. This should let you know if the results are truly malicious or false positives.

Alternatively you can upload the files to CIMA to see how they are run:
http://camas.comodo.com/
This will allow you to analyze these files yourself if you can read the output.

I hope this has been helpful.

3

Thanks for the direct URLs. These will be very useful I am sure.

I have tried to upload numerous files and it failed so I tried uploading individual files and it also failed.

Do you know if I use the Comodo IS/Miscellaneous section of the program installed on my PC to submit the files if I will receive an email response stating whether they are false positives?

I think I will delete the files soon enough because I am not making any progress here. Doing a restore point before hand.

4

As of right now sending it through CIS will take a long time, maybe months from what I understand, to be analyzed. You will also not be emailed when they are analyzed.

I have found that sometimes with files they cannot be directly uploaded to the Comodo web interface. Sometimes they can however if they are placed in a password protected zip file. You can try putting them in a zip file with the password infected and uploading.

Also, just to make sure, the largest file that can be uploaded is 10mb.

You can also follow this guide here if that doesn’t work:
https://forums.comodo.com/empty-t44473.0.html

5

Thanks for the tip.