Just sent to comodo a sample from a malware spread by fake e-mail adress. The malware place a fake file (scvhost.exe) in startup entry who changes some webpages from a bank institution to steal user´s acount login
i send the sample by gmail acount, had to remove the file extension cause of gmail policy.