Malware detected by COMODO in VT but not with CIS5

Nickoo · September 25, 2010, 12:43am

I have 3 samples, when I scan those samples with CIS5 (database 6191) it can’t detect the samples even with Cloud scanning enabled in Manual scanning.

But when I scanned the samples in VirusTotal, it says that COMODO can detect it( database 6191).

Can someone explain this to me how it could be possible?

http://www.virustotal.com/file-scan/report.html?id=2b0654d9ba5b03d511bc03a48230c941b129a81de38976e5d15241a741283983-1285373951

http://www.virustotal.com/file-scan/report.html?id=70ae33f1e5c4addd9148e484d362a56165fe4be53766da93f73fb03b10e7a674-1285374032

http://www.virustotal.com/file-scan/report.html?id=958d3dca66df5767c5619cb7666b450e9ce69440cec54dbae086a37ae69e6611-1285373232

I can send the samples to a moderator for analyzing.

[attachment deleted by admin]

languy99 · September 25, 2010, 1:15am

please send them to me.

FangFang · September 25, 2010, 2:56am

Hi Nickoo,

Thanks for malware submission. We are going to check this out and if found malware,detection will be added.

Thanks and Regards,
FangFang

cvsa · September 25, 2010, 9:34am

I already noticed that issue… no answer from comodo…

Do VT have a better comodo av scanner ;D 88)

Nickoo · September 25, 2010, 10:59am

Hello Languy99, I did that. Please check your PM.

Be careful they have digital signatures ;D

languy99 · September 25, 2010, 1:41pm

I just checked them out, all three were detected the second I tried to remove them from the zip folder.

Nickoo · September 25, 2010, 1:58pm

Thanks languy99,

But it’s not detected here with the latest update ( 6194) ???

is something wrong?

[attachment deleted by admin]

The_Dude_321 · September 25, 2010, 2:34pm

Go to Anti Virus

Then Scanner settings

Then in the dialog box, make sure it looks like picture one.

Then, go to manual scanning and enable cloud scanner!

That should do it.

[attachment deleted by admin]

languy99 · September 25, 2010, 2:39pm

show me your virus scanner settings please.

Nickoo · September 25, 2010, 3:05pm

Hello, I did this in first post, look at the firs screen shot in first port please!

Nickoo · September 25, 2010, 3:09pm

Here you are…

if you want I can capture a video and upload this to show you that they can’t be detected by CIS 2011 (database 6196).

I don’t know what is wrong but every thing in CIS working even it can detect and remove other samples! but not those three !

[attachment deleted by admin]

languy99 · September 25, 2010, 3:14pm

can you give me the MD5 of your bases.cav file? mine right now is 154BC9E376EF9818CCF2EF1603018361 and it is 6194 if yours is different you might have a corrupted one. I will tell you how to fix it.

Nickoo · September 25, 2010, 3:36pm

Hi languy99, I live in Sweden and maybe COMODO use different server to update database. min is 6196 ;D

here you are…

[attachment deleted by admin]

Bad_Frogger · September 25, 2010, 3:55pm

Well I don’t have the samples but I have the same db and hash.

So something else is amiss.

Bad

MOVEAX · September 25, 2010, 4:01pm

trusted files or exclusions , verify.

Bad_Frogger · September 25, 2010, 4:12pm

Detects them all, Real Time during extraction, On Access of containing folder and if Manuallly scanned.

So… Check for exclusions and trusted files as MOVEAX suggests.

Bad

[attachment deleted by admin]

Nickoo · September 25, 2010, 4:14pm

Hello MOVEX, no they are not in trusted files or Exclusions.

[attachment deleted by admin]

Nickoo · September 25, 2010, 4:17pm

Thanks Bad Frogger, than I must say that that is my CIS that can’t detect them and I must find a solution

Bad_Frogger · September 25, 2010, 4:21pm

Any other security software installed?

What are your other settings in CIS?

Now, or ever use Clean PC, or training Mode?

Bad

MOVEAX · September 25, 2010, 4:27pm

Try off antivirus, reboot, activate antivirus stateful , rescan