Move this to the AV forum. Av detects malware that Killswitch says is safe

Some weird stuff going on with my PC lately. I was browsing through the list of processes in Killswitch when I noticed a suspicious process running called Easy Downloads. It was marked as safe, but when I went to uninstall it the AV immediately detected it as malware and quarantined it. I don’t know how this program got on my PC but killlswitch should not have said it was safe. The file the AV detected was called easydl.exe. there was even a program files directory called Easy Downloads on my computer.

I can’t restore it to my desktop to upload it to virus total. As soon as I restore it to the original location it’s detected as unclassified malware. How do I remove the file out of quarantine without infecting my computer??

Alright so I turned on the sandbox level to BLOCK and moved the file out of quarantine. Now it shouldn’t be able to do anything.

You dont need to remove it from quarantine if you want to send it to VT.

After the AV detects it it moves it to quarantine or I can set the sandbox to block and ignore it and just hope Comodo doesn’t add it to the TVL. 88)

D+ reports that the file was scanned online and found malicious. Now the file is locked and I can’t upload it. It says I don’t have permission to open the file. Ok, I’m not opening it, I’m UPLOADING it to virus total. There is a difference between opening, and uploading. >:(

Can a mod move this to the AV forum, I’m starting to get REALLY irritated! I have now added the virus to the exclusions list but I still cannot upload it. Sandbox is set to Untrusted. Can someone tell me what the heck the problem is?

I don’t know why, but I had to reboot my pc in order to send the file to virus total, where it was detected by 4 AV engines. I’m disappointed in Comodo now because the process was running and detected as safe by killswitch but the Av didn’t detect it until I tried to uninstall it. The sandbox was turned off at the time and the program was probably installed with webcam monitoring software I downloaded, that was not in the safelist, so I had to turn off the sandbox to run it. A flaw with Comodo is that if you turn off the sandbox during the installation of software because it is not in the TVL, malware could slip in easier at that moment the sandbox is off.

And then, on top of it all, after I added the virus to the exclusion list, it ended up in the trusted files list. Ignoring a virus should not put it in the trusted files list. Is Comodo insane?? All it means is ignore the virus when the AV detects it and let D+ block it normally. My god, it doesn’t mean add it to the safe files list! >:(

Actually theres no difference between opening and uploading, just what iapplication is ‘opening’ the file and what it ends up doing with it, be it to view it as a text file in notepad like application, or to use hardware device to transfer the file through.

In order for you to upload the file it first has to be opened so its data can be accessed and read, I wont go into the techincal side of whats happening when a file is opened or closed, theres plenty of sites with the details and nice info for you to read if you choose.

Hmmm…as for your rant about ‘Is Comodo insane’ …well I hate to say this but what did you expect when you added to the exclusion list, you basically saying to CIS that you either trust this file/folder or want this file/folder to be ignored, in a sense to be trusted by CIS! Either you mis-understood what exclusion is for or was not thinking clearly when you decided to exclude. In short you brought this upon yourself, I suggest to calm down and let people to try to help you resolve this :o)

Have you tried disabling the AV, Defense+ etc… and then un-quarntine the file so you can then upload to virustotal, then once you have done that and are waiting for verdict you can re-enable AV, Defense+ etc… , maybe others have a better suggestion then me :o)

After this whole spectacle, I decided to uninstall the AV and go with another antivirus, Avast, that isn’t in bed with Defense + and has web filtering and script filtering. Something Comodo needs to look into.

comodo has scripts filtering
(but i dont like it much)

about web filtering it is the comodo dns
i thing it is an optional install

I guess the Easy Download program is some form of adware and one of those unfortunate cases of trusted malware. Trusted malware is often “just adware”, but still it is unfortunate thing happening. :-\

As to why you cannot upload to VT. May be the program has a very strict set of administrative limitations regarding read permissions.

I cannot explain the discrepancies between the Killswitch judgment and the av’s.

Comodo’s stance on Web and other Shields is that they are not needed; they only make the AV heavier. It is still early enough to catch a malware when it gets written to disk or memory. It does not strike me of the type of opinion that Comodo is going to change from any time soon.