Hi All,
In Comodo Cloud Antivirus at the moment we have v1.4 of recognizer in production, which detects some of malware families including some of ransom ware families.
We plan to enhance it to same level as released today for Comodo Internet Security.
But before we do that, we would like some feedback about product stability with new recognizer version.
We have made recognizer version live on test server and you can use following steps to receive this new recognizer:
Here are the steps:
Step - 1: Make sure you have latest CCAV version installed.
Step - 2: Have following hosts entries:
91.209.196.83 download.comodo.com
91.209.196.83 www.download.comodo.com
Step - 3: Unfortunately like CIS, we don’t have manual updater in CCAV at the moment, should be in within Jul-2017 max. CCAV checks for program updates once a day, so you will have to change date to next day and re-start system or wait for next day.
Step - 4: Wait around 5-10 min after system restart and then you could check from CCAV’s about box recognizer version showing 1.6.0 as shown in enclosed snap and alternately you can also verify actual file in following location:
%Programdata%/Comodo/CCAV/evc/recognizers/proto_v9/recognizerCryptolocker.dll
with following sha-1:
SHA-1: 97ef914f87e935825cc38edf62ce6487f2184ddd
Objectives:
Looking for CCAV stability and any abnormal CPU / RAM usage.
Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:
Backdoor (2)
Backdoor.MSIL.Bladabindi
Darkcomet
Fileless Trojan (3)
Gootkit/Xswkit
Kovter
Poweliks
Password Stealer Trojan (1)
Primarypass
Ransomware (59)
7ev3n
AdamLocker
BleedGreen
BTCLocker
Cancer
Censer
Cerber
CloudSword
Critroni
Crowti
CRY LOCKER
Cryakl
Crypmod or ZeroCrypt
Cryptolocker
CRYPTOMIX
Cryptorium
CryptoWall
CryptXXX
Crysis
DeriaLock
DMALocker
EnkripsiPC
Falock
FireCrypt
Genasom
Globe Imposter
GOG
Haperlock
HiddenTears
Hollycrypt
HydraCrypt
JigsawLocker
Kangaroo
Kelnoc
Locky
Manifestus
Matrix
Philadelphia or Stampado
Ransom.NoobCrypt
Razy
Roga
Sag2.0
Sage
SageCrypt or Milicry
Sarento
Satan
Shieldcrypt
Spora
TeslaCrypt
ToCrypt
TorrentLocker
Trojware.Win32.Filecoder.Ishtar.B
UltraLocker
Wallet/Dharma
WannaCry
Xmas
Xorist
XRatLocker
YourRansom
Trojan (24)
Carberp
DarkKomet
Lethic
Necrus
Rematsu
Ropest
Sopinar
Spatet
TrojWare.MSIL.Injector.~QWE
TrojWare.MSIL.Kryptik.IAS
TrojWare.MSIL.NanoCore.E
TrojWare.Win32.Agent.ZAQ
TrojWare.Win32.Fynloski.B
TrojWare.Win32.Injector.~DLDO
Trojware.Win32.Matsnu
Trojware.Win32.Phase.A
Trojware.Win32.PSW.Fareit.A
TrojWare.Win32.Ramnit.qg
TrojWare.Win32.Spy.Recam.zkg
Trojware.Win32.Spy.Weecnaw.H
Trojware.Win32.TrojanDownloader.Small.PRQ
Trustezeb
Ranbyus
Nivdort
Virus
Grenam
Note: Considering recognizer work based on behavior, we have tried to detect typcal ransomware activities so even though a malware family may not be in above list, it may still be detected.
Please try to run applications inside Sandbox as in CCAV only sandboxed applications activities are checked.
We would like CCAV users to give it a try and share if they see any abnormal CPU or RAM usage.
Looking forward for some results using CCAV.
Thank you
-umesh