Post Malware Processes Invisible to CCS Here

News / Announcements / Feedback - CCS
1

Hello, I’ve recently realized that there are some malicious processes that CCS does not see. I’m not talking about the ones that can’t be analyzed or that aren’t found to be malicious. This is a different problem altogether. I’m talking about the malicious processes that can be seen in the task manager but don’t appear when you scan with CCS.

Please post the information requested below so that we can help to improve CCS.

  1. Your Operating System (32 or 64 bit) and Service Pack revision. Also state whether it’s a virtual machine or the physical system.
  2. The version of CCS you’re using
  3. Other Security and Utility Software Installed
  4. The link to the Virustotal results for the malware
  5. The link to the CIMA results for the malware

So if you’re going to be testing antivirus applications, or anything like that, then please perform a scan with CCS afterwards and see what it finds. I believe that the more malicious files that bypass CCS we report the better the program will become. I’ve already reported one file here. I’m also curious to see how much malware there is out there that completely bypasses CCS.

2

I found one today.

  1. Your Operating System (32 or 64 bit) and Service Pack revision. Also state whether it’s a virtual machine or the physical system.
    Windows 7 x64. In VirtualBox
  2. The version of CCS you’re using
    CCS v 2.0 (build 9 BETA 2)
  3. Other Security and Utility Software Installed
    CIS 4.1 with everything but the firewall disabled
  4. The link to the Virustotal results for the malware
    http://www.virustotal.com/analisis/270afd7a7ece4b999f1829bdfa3b90df4c0f0b1e1b5f9422230f1e68a5c08060-1280718554
  5. The link to the CIMA results for the malware
    http://camas.comodo.com/cgi-bin/submit?file=270afd7a7ece4b999f1829bdfa3b90df4c0f0b1e1b5f9422230f1e68a5c08060
3
Chiron
check your PM :)
4
  1. Your Operating System (32 or 64 bit) and Service Pack revision. Also state whether it’s a virtual machine or the physical system.
    Windows 7 x64. VirtualBox
  2. The version of CCS you’re using
    CCS v 2.0 (build 9 BETA 2)
  3. Other Security and Utility Software Installed
    CIS 5.0 Beta with everything but the firewall disabled
  4. The link to the Virustotal results for the malware
    They are below in groups
  5. The link to the CIMA results for the malware
    They are below in groups

I found 5 processes that are unseen by CCS.

http://www.virustotal.com/analisis/af602dc7ec43e47d3b69ebd7bc839b3edd22f7c09b47579f3abf77d7ebcb3651-1280969403

http://www.virustotal.com/analisis/c7e9041835ec8ccb6f91975551b7d09ea2e71201d58f090c0f6ef284f8bd313b-1280970588
http://camas.comodo.com/cgi-bin/submit?file=c7e9041835ec8ccb6f91975551b7d09ea2e71201d58f090c0f6ef284f8bd313b

http://www.virustotal.com/analisis/543b88457cd1d956fdf0712a07777d10dbb1189b61b58d7ae0e0e8de96664bef-1280971160
http://camas.comodo.com/cgi-bin/submit?file=543b88457cd1d956fdf0712a07777d10dbb1189b61b58d7ae0e0e8de96664bef

http://www.virustotal.com/analisis/f28dafcaf4c723342f53a43ad4cd7980bde5d7d48e6b677cbf0018974ec376f9-1280972203
http://camas.comodo.com/cgi-bin/submit?file=f28dafcaf4c723342f53a43ad4cd7980bde5d7d48e6b677cbf0018974ec376f9

http://www.virustotal.com/analisis/f2015a71d8e75c869595cb0309596e1069b2a1826f0520f3064b11abb8fd9c78-1280972359

5

I am no longer able to locate any malware that is unseen by CCS as per the newest version. Please let me know if you find any.

6

I ran this on a Windows XP virtual machine and tried getting rid of it using Comodo Cloud Scanner, Hitman Pro, Malwarebytes, Online Armor Cloudscan, McAfee Removal Tool, Threatfire, and the one who got rid of this nasty rogue was Norton Power Eraser.

The only hit it got on virustotal was from F-Secure and CIMA doesn’t detect it.

  1. Your Operating System (32 or 64 bit) and Service Pack revision. Also state whether it’s a virtual machine or the physical system.

Windows XP SP3 (32 bit) Virtual Machine

  1. The version of CCS you’re using

CCS 2.0.162151.21

  1. Other Security and Utility Software Installed

COMODO Internet Security 5.0.162636.1135

  1. The link to the Virustotal results for the malware
    http://www.virustotal.com/file-scan/report.html?id=f46dab5f31b2088acf834581408309b7a7e3a95185dc2e5ec86757b7eb225167-1284725442#

  2. The link to the CIMA results for the malware

http://camas.comodo.com/cgi-bin/submit?file=08b6f3ec3171995a4c96a8ba316543ca299502a3a5d8eecd6e37e3cf01cb7ae3

7

This topic actually wasn’t about whether CCS could detect a running process as suspicious or not. It was about whether the process itself shows up when you run a quick scan with CCS. I compared the malware process as seen in the task manager and checked if it showed up in the CCS scan.

Did you have a problem with that?

Also, I don’t think CIMA can detect rogues because they usually operate just like ordinary programs do. I could be wrong.