Linux.Encoder.1

Not sure if this is the right place to ask this.

Does the COMODO Anti-Malware Database have Linux.Encoder.1 on record and detect this if I do a full system scan?

Linux.Encoder.1 is a encryption ransomware that infects Linux systems.

From Dr.Web virus library (Linux.Encoder.1 — Dr.Web Malware description libruary)

Hello,

Please report these SHA-1 values to Comodo experts without the quote.

5bd6b41aa29bd5ea1424a31dadd7c1cfb3e09616
98e057a4755e89fbfda043eaca1ab072674a3154

Other samples are detected by Comodo database.

Just SHA-1 values are enough. They can harvest them from VT, here.
https://forums.comodo.com/av-false-positivenegative-detection-reporting/submit-malware-here-to-be-blacklisted-2015-no-live-malware-t108999.0.html;msg823175#new

Thanks

If you’re not infected,then you should post it in General Security.

Thanks for the reply. How do I go about reporting these SHA-1 values to Comodo experts?

Thanks for the heads up, as I said, I didn’t know where to post, now I know, thanks.

EDIT: Okay, do I submit these SHA-1 values on the Submit Malware Here To Be Blacklisted page?

Okay, I submitted the SHA-1 values to the Blacklisted page, thanks.

You did not need to post “whole” post there.
Just SHA-1 values, I said. Anyway, they will look into this.

Oops, sorry.

There are 5 samples and 3 of them detected by Comodo. Only two of them undetected.
You can edit your submission post. It will make their works easier.
Thank you for your undertsanding.

Thanks, I edited my post.

They’re asking me for a sample, I don’t have any, is that okay?

They should harvest the undetected samples from Virustotal. There is no problem.
Thank you of your reports.

Thanks, you’ve been very helpful :slight_smile:

Anytime :slight_smile: Stay safe :-TU

I checked out the SHA1s on VirusTotal, and it seems that only 1 out of 5 is detected by COMODO, unless VT’s database is outdated?

a5054babc853ec280f70a06cb090e05259ca1aa7 - detected (VirusTotal)

98e057a4755e89fbfda043eaca1ab072674a3154 - not detected (VirusTotal)

810806c3967e03f2fa2b9223d24ee0e3d42209d3 - not detected (VirusTotal)

12df5d886d43236582b57d036f84f078c15a14b0 - not detected (VirusTotal)

5bd6b41aa29bd5ea1424a31dadd7c1cfb3e09616 - not detected (VirusTotal)

EDIT: I’ve added the 4 SHA1s that are undetected by COMODO according to VT to the blacklist page.
Thanks again :slight_smile:

You should use Comodo File Intelligence to check them. As you can see these VT reports are old!

Thanks for the heads up, I checked it out, and yeah, 3 out of 5 of the SHA1s are detected, and VT justed updated their database to reflect this, once again, thanks for the heads up and thanks for your help :slight_smile: :-TU