Report trusted and whitelisted malwares here! [Don't attach Live Malware !!]

Hello everybody

There is no doubt that Comodo’s whitelist is superior and it makes CIS more user friendly.

But some malwares could sometimes get a trusted signed certificate! or accidentally get whitelisted!.

We must fight that by all means!.

So I thought it will be useful to open a new topic and report these trusted! malwares in it.

If you find files that are whitelisted, but seem suspicious (for whatever reason) please report it here asap.

just upload the malware to and , and post both result links here. , the name of the trusted vendor or any other info could be useful too.

Please Don’t attach or link for a live Malware !!


Wrong section imo.


it’s a trojan in the wihtelist

[attachment deleted by admin]

Guys, can you check this one?

The file is signed by Shanghai Emoney Software Technology Company Ltd.

and this one is suspicious by CAMAS and whitelisted by CIS 5 !

[attachment deleted by admin]

What’s wrong with the normal method of reporting?

AV False Positive/Negative Detection Reporting

As you wish , but I thought that this is not a normal negative detection , as they are trusted signed or whitelisted malwares and they can easily and completely bypass comodo security layers. Not like the unknown malwares.

Anyway , I hope that these bypasses get fixed asap.


Hello siketa

this one is the same that I reported after your post ! , but it’s not signed at my end , it’s only wihtelisted.

Hi salaficall,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze

Hi salaficall,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze

Hi siketa,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
Lin mengze

Hi salaficall
This file is not malware.

Thanks and Regards,
Lin mengze

Hi mengze.lin

So is it a False positive from 7 Av’s results ?

@ salaficall →

It’s an adware , and It creates a malicious service Application Updater!.

Name: Adware.Win32.3D Crash Icons

Risklevel: Low Risk

Company: 3D Desktop, Ltd -


3D Crash Icons is an adware that uses aggressive, deceptive advertising. It shows deceptive and/or false messages. It may be installed without adequate notice and consent, often though exploits.

and check these links please


Also, there should be a big difference between something not being malicious and being worthy of being included in the whitelist. There should be a gray area between.

Rootkit.HiddenFile@0 c:\Windows\SysWOW64\WinFLdrv.sys
Rootkit.HiddenFile@0 c:\Windows\SysWOW64\sys_drv_2.dat
Rootkit.HiddenFile@0 c:\Users\Дмитрий\AppData\Roaming\systemfl.$dk

Определяются CIS 5.3 только в режиме сканирования “Критические зоны” как Rootkit.HiddenFile@0.
WinFLdrv.sys - подписан цифровой подписью Inc. SDN. BHD., скрывает себя и два других файла так, что даже при включённом отображении скрытых и системных файлов они не видны.
Никакого ПО от Inc. я никогда не устанавливал и не скачивал.
На всякий случай я у себя удалил из списка “Доверенные поставщики”.
CIS 5.3 determined only in the scanning mode “Critical Zone” as Rootkit.HiddenFile@0.
WinFLdrv.sys - digitally signed Inc. SDN. BHD., hides himself and two other files so that even when the view hidden and system files are not visible.
No software from Inc. I have never installed or downloaded.
Just in case I have a removed from the list of “Trusted suppliers”.

This is not the correct topic to report false positives.

I could be wrong, but that appears to be what you have posted.

What makes you believe these files are actually malicious?

CIS 5.3 ругался на них в режиме сканирования “Критические зоны”.
Да, вероятно, это ложное срабатывание.
Сюда написать меня попросили здесь:


Here is a some VT link.