Malware, CIS & VT

As you can see in the link above, CIS detects this malware. But on my system with the same database CAV is not detecting it. This type of issue I have mentioned quite a few times & asked Devs why this happens but no one cares.

If anyone would like to test, I can PM the malware.

Valkyrie is also not detecting it, and again as usual advanced heur in Valkyrie is not working.


Edit - This one is digitally signed by Eorezo & Eorezo is in TVL in CIS.

But I have D+ disabled permanently so I think it being in TVL should not affect the detection.

Edit - I scanned this malware with CCE & it detected it.

Note - CCE scanners are good. I also scanned 7 fresh zeroday malware which are not detected by CAV but CCE detected all 7 malware.

Did you already post the link here?

if the file is signed with a signature from tvl av will not respond (probably it is something like protection against fp - we have it in the list, it should not be evil >:-D)

remove this signature from the TVL and probably this will change

The one submitted to VT is unsigned;

Additional information
verified…: Unsigned

I checked on another file with this signature

virus total gives incorrect information

publisher…: EoRezo
product…: EoDesk3d by EoRezo
description…: EoDesk3d by EoRezo Setup
original name: n/a
internal name: n/a
file version.:
comments…: This installation was built with Inno Setup.
signers…: -
signing date.: -
verified…: Unsigned

and information from system for this file:

Can you PM me the link to this one?


Vendor has been removed from TVL.

Manual Scan will also not detect the signed malware in TVL?


VT is wrong. The sample was signed. I had checked & the Digital Signature was Ok.


I have seen this too in my computer.

When an executable is first run it is checked first against the local blacklist and only then against the local white list.

So i clearly do not understand why this happens.

If it is like Szadout is saying then the process is local whitelist and only then local black list (to evade FP). But what about “stateful” in the real time scanning? Does it not scan every single file (under 40 mb) basically every 30 minutes? That is the reason that i do not use the scheduled or manual scanning.

Really would like to see a clarification about this issue.

Nice to see, would be nice if Comodo took action against them/others who let this happen/do this as well! >:-D