Malware not detrected by Real-Time scanner

Nickoo · November 3, 2010, 1:33pm

Hello,

When I right click on the malware sample which is digitally signed, Comodo can detect it as UnclassifieldMalware, but when I run the Malware it’s just sandboxed and Comodo-AV can’t detect it.

I use on-access settings for the av. I don’t have problem with other samples. You can see the screenshots, it’s easy to understand … right click scanning detected it, run it and not detected ???

[attachment deleted by admin]

e_xistense · November 3, 2010, 1:38pm

Hi Nickoo,

Please submit respective sample at http://www.comodo.com/home/internet-security/submit.php and we’ll verify this.

Regards,
Ionel

Nickoo · November 3, 2010, 1:54pm

Hello Ionel, I have submitted.

The rar archive name is BestBoan2010.rar

Thanks!

e_xistense · November 3, 2010, 5:52pm

Hi Nickoo,

We have verified this and detection will be present with subsequent database updates.

Regards,
Ionel

Nickoo · November 3, 2010, 6:17pm

Thanks Ionel (CLY)

Nickoo · November 3, 2010, 10:25pm

I tested another sample tonight and the same thing happened. Comodo-AV can detetct the .dll file inside the fake-av with manual scanning but when I run the sample it cant detect it.

Another thing is when I click on Clean in the scan results then comodo freezing and it can’t even remove the dll file or resultbar-setup.exe. ??? When CIS freezing the only way that I have is restarting the system.

I use only Comodo Internet Security as my real-time protection and nothing more. Yes, of course I have installed MBAM and SAS but they are just free version and I use them for on-demand scanning.

I tested this malware sample tree times and all the time it freezing when I click on Clean.

I have submitted this sample already (resultbar-setup.rar)

my system specification:

Windows 7 HP 64bit
Core i7 720qm
8 GB RAM DDR3 (1333MHz)
Momentus XT 4GB SSD

Thanks.
Nickoo

[attachment deleted by admin]

mengze.lin · November 3, 2010, 10:49pm

Nickoo post:6:

I tested another sample tonight and the same thing happened. Comodo-AV can detetct the .dll file inside the fake-av with manual scanning but when I run the sample it cant detect it.

Another thing is when I click on Clean in the scan results then comodo freezing and it can’t even remove the dll file or resultbar-setup.exe. ??? When CIS freezing the only way that I have is restarting the system.

I use only Comodo Internet Security as my real-time protection and nothing more. Yes, of course I have installed MBAM and SAS but they are just free version and I use them for on-demand scanning.

I tested this malware sample tree times and all the time it freezing when I click on Clean.

I have submitted this sample already (resultbar-setup.rar)

my system specification:

Windows 7 HP 64bit
Core i7 720qm
8 GB RAM DDR3 (1333MHz)
Momentus XT 4GB SSD

Thanks.
Nickoo

Hi Nickoo
Please submit respective sample at http://www.comodo.com/home/internet-security/submit.php and we’ll verify this.
Thanks and Regards,
Lin mengze

Nickoo · November 3, 2010, 11:09pm

Hello mengze, I have submitted it already but I submitted it again. the name of the file is → resultbar-setup.rar

Thanks.

mengze.lin · November 3, 2010, 11:38pm

Hello Nickoo,
I will attention，thanks a lot.
your friend
linmengze

languy99 · November 3, 2010, 11:56pm

can I get a copy of that file, I want to see if I can reproduce the problem.

Nickoo · November 4, 2010, 11:44am

Hello languy, I send it to you, please check your P.M

I scanned sample today and it’s not detected anymore. Maybe they working on it.

Database: 6613

[attachment deleted by admin]

languy99 · November 4, 2010, 6:27pm

I just checked it.

It is detected in real time on my computer instantly when I unzip it.

It is also detected when I do a right click scan.

Let me know how yours is behaving right now.

Nickoo · November 4, 2010, 8:26pm

Hello languy,

Yes it is detected by real-time and right click scan. I don’t see any problem, they fixed it fast. :-TU

Thank you.
Nickoo