I was infected by a couple of malwares recently, right after
I had installed Comodo. They were “Adirka.exe” and “Bravenet”.
The latter was harmless, but the former was apparently quite
bad and had just come out recently on the net. Comodo failed
to detect them. A manual scan with Superantispyware and
Asquared failed too. Finally, further scans with Antivir,
Spyware Terminator, Ewido and Ad-aware removed them and
most of the registry entries, but the desktop remained messed
up with a big taskbar at the left side. Using Ontrack’s registry
backtracker corrected this. A couple of trojans/worms which
had been inserted by “Adirka.exe” apparently remained behind.
These two were finally caught by AOL’s Kaspersky and
Bitdefender 8 as “Xorpix.m” and “Worm.Glowa.Ar”. It was
most surprising that Antivir, with its huge 700,000 database,
missed them. Even the shareware version of Prevx1 missed
as well. Sending them to Virus Total confirmed these two
infections.
I have now moved on to AOL’s Kaspersky as my resident
shield, with Bitdefender 8 and Comodo as manual scanners.
Comodo is still basically a good design with a pleasant and
user-friendly interface, but has a couple of shortcomings -
a slow scan and an insufficient 180,000 virus signature database.
This is a good forum, with the moderators being very polite and
everyone giving good input and advice. Moderators - am I
allowed to post links to antivirus program reviews and online
virus scan results here ? I had innocently posted links to some
antivirus software reviews by About.com, etc, in the Piriform
forum yesterday, thinking it might be useful info for everyone,
but was shocked this morning that they had removed my post
and suspended me ! An earlier post to the Wilders security
forum of the virus scan results by Virus Total also had these
deleted. I just can’t understand the rationale behind this.
You can post any views on the forum about any product! Be it Free/ Commercial.
And you can compare and show results as well. And you dont hav to say N.O.R.T.x.x or anything
just say NORTON of Mcafee or Kaspersky or whatever u wanna say.
Read the rules of the fourm. It’s included there. Don’t worry you won’t get banned for posting any links
Actually you are encouraged to post Free useful programs
And since CAVS is still in beta stage it’s mainly for beta testers. They are still fine tuning it at man the speed they are doing it is so good. We can gt a good product soon.
For the time use multiple antispyware programs if you can.
This is sumthing I do no matter what program I use since no single product will cover everything!
(Hopes CAVS will change it)
I Use SpywareTerminator, Spybot, CAVS beta 2 and Adware free versions.
Ppl are ready to help you with any poblem. Be it Comodo or configuring you lan!
Make sure to post at the correct place
Welcome, Tham. I like the radar-jamming analogy you used in your other post. In general, there’s not a problem with you including links. If it seems inappropriate, we’ll let you know; if it’s in the wrong spot, we’ll generally move it. There are different boards within each forum here, so you can find the most appropriate location.
Be sure to read through the Welcome topics. From there we’ll hand out your reading assignment every day. ;D (j/k)
Please feel free to post links to antivirus reviews, etc. These reviews are really valuable to Comodo, and helps improve the products.
Also, yes, CAVS does not have a perfect detection rate but the developers are adding files daily. Also, the acquisition of BOclean will help improve CAVS further.
In addition to this, CAVS works on three layers 1. Prevention 2. detection and 3. removal
The addition of a prevention layer (HIPS, Heuristic, etc) puts CAVS ahead of others and with the release of Comodo’s huge safelist database soon, should mean the only alert you will get from HIPS will be of malware, or a very obscure software.
If your version of CAVS only has 180,000 signatures then you’re not running the latest version or you haven’t updated in quote a long time. CAVS topped the 250,000 mark about a week ago.
Although this may seem a lot smaller than others, CAVS seems to use one signature name for multiple variants. For example, I recently copped “backdoor.irc.flood”. This is how CAVS detected it, but Hauri detected it as “backdoor.irc.flood.ff”. CAVS has a further signature for “backdoor.irc.flood.h”.
Apparently CAVS definition of “backdoor.irc.flood” covers multiple “backdoor.irc.flood” variants.
Thank you for the courteous replies and good feedback, everyone.
Yes, I didn’t realize there was a beta version 2 of Comodo ready
on the forum, having downloaded version 1.1 from the main page.
I have now upgraded it, plus the latest virus database with 249,372
signatures.
I have attached the online Virus Total scans of the two malwares,
“Xorpix.m” and “Worm.Glowa.Ar” which had been caught by
Kaspersky and Bitdefender 8 respectively earlier. I had also
sent them to Virus Buster and they confirmed “Worm.Glowa.Ar”,
but could not analyze “Xorpix.m” as the file was damaged.
