I said it is zero-day because no AV engine detected it on VirusTotal. I believe it is a trojan, because when searching the SHA256 of this file on the internet it pointed to some russian software downloads site which is probably distributing this file, but the main problem here is the digital signature of this file which seem highly suspicious. Please take a look at it.
Hi wasgij6,
Thank you for reporting this, we’ll check it.
Regards,
Harikrishnan M
AV Database: 24509
Two Unfixed Whitelisted Malware reports:
- Reported on March 06, nothing happened:
The above samples are from the following vendors, which should be REMOVED from Trusted Vendors List:
CleanMyPC Software
CleanMyPC Technology Limited
Software995 Inc.
Mail.com Media Corporation
- Reported this one on March 08, still nothing happened:
The above sample is from the following vendor:
ZZZ-PC\zzz
This vendor sould be removed from Trusted Vendors List because ZZZ-PC\zzz is a computer name, not software vendor name.
COMODO is slow to deal with reported whitelisted malware samples. Maybe this would be quickly handled if it was reported by one of those popular members with 2000+ posts. If you are not from the “niche” you are not taken seriously it seems.
You are wrong again, this vendor was removed within 24 hours from your original post. Also please stop spamming the same post in multiple forum threads.
I had removed my post in this thread because my initial intention was to post in the Unfixed FP thread, however I posted it here by mistake. Strangely my removed post re-appeared here, so no I am not spamming, it was a mistake. Regarding the mentioned vendors, all of them are still on Trusted Vendors List on my end, strangelly. But whatever.
Hello devilbat,
1.When you originally posted here, I replied to you in just a few minutes, your post was not yet deleted. After submitting my reply I noticed a mistake in my post so I clicked the “remove” button and that probably happened in the exact moment when you decided to also delete your post. Then I noticed both (mine and yours) posts disappeared and I thought that was my bad and I went and restored them back. I’m sorry for the confusion. Anyway, this is the right thread for this issue, not the “Unfixed FP” thread.
- I said this vendor “ZZZ-PC\zzz” was removed because I handled that post when you submitted it. I’ll ask HariKrishnan to respond regarding the others.
Best regards,
FlorinG
Hi devilbat,
The following files are not Adware/Potentially Unwanted Programs(PUP).
[Software995 Inc.]
SHA1: 91dd7e40ee4f31e2dfa59af6446ea7debf90f6c9
SHA1: edf6a077ee701a534845e7df6ed2db488d4649a8
SHA1: 370ccf035a476e1dff36cbb4495acb4e1e21cf42
[CleanMyPC Software],[CleanMyPC Technology Limited]
SHA1: 1a2c58c3b1cfd4ceb170b79f806e5ec25c04b857
SHA1: ded907cbcbda0884d63765d0548bf830b2aefb12
SHA1: 1fc50796162a30fb0d8d70b028e0674b7578d691
SHA1: e5ef8710329b4983b7fd67d509a1eecd36073aca
SHA1: 53d6a08cb9bc9f5c077d39f10586139c57dab26a
[Mail.com Media Corporation]
SHA1: bb88dbb5d2d87afe7849ac22f34d082c501256ed
Regards,
Harikrishnan M
https://valkyrie.comodo.com/get_info?sha1=f6644675dcbfc5f6f1c36a23faba50c2a5009b0f
https://valkyrie.comodo.com/get_info?sha1=43e6e4053e11d5800e424d96a7bcf02781201728
Hello qmarius,
Thank you for sharing these, we’ll check them.
Best regards,
FlorinG
Comodo cloud lookup: Trusted
File name: api-dmrc.exe
Product name: Njjsrg
SHA256: e2c567f2c5dde5934a1bfa9dc3bcb745a601b34ab20fff25e0b8241313f9829f
23/57
Hi BlueTesta,
Thank you for your submission.
We’ll check it and if found to be malware detection will be added.
Regards,
Sathish
Hi Dis,
Thank you for your submission.
We’ll check them and if found to be malware detection will be added.
Regards,
Sathish
Hello yigido,
Thank you for reporting this, we’ll check it.
Best regards,
FlorinG
Hi,
Thank you for your submission, we’ll check it and get back to you.
Kind Regards,
Erik M.
Hi morphiusz,
Thank you for reporting, we’ll check it.
Regards,
Harikrishnan M
Trusted by Comodo Cloud Lookup
File name: mdxi_306.exe
SHA256: be2db64d639be134d1d03c75cfbcd7de396e3d5171f40b5a419a8ab690e41c1b
Virustotal 16/57: Adware, Trojan, Riskware, Rogue
Chinese program that Auto-install itself without any kind of interface.
Hidden Location: C:\Users\User Name\AppData\Roaming\mdxi
No way to uninstall from Programs and Features
Folder must be deleted manually.
Hi BlueTesta,
Thank you for your submission.
We’ll check these.
Best regards
Qiuhui.■■■■