SpywareGuard2008 anyone?

I came across this embedded malware a few days ago. Hardly any of the (Jotti) scanners detected it, so it seems to be quite new (already submitted it to Comodo, of course). At almost 500kb it’s much bigger than the usual embeded junk.

This is the report by Avira\Antivir:
The file ‘SpywareGuard2008.exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/Dldr.Fakealer.AU. The term “TR/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Some people here collect malware. Does anyone want a copy?

Submitted this file 11 days ago and it still hasn’t been added to the database. I thought suspicious samples took priority?


Comodo is drowning from all the samples people are handing in (thats a good thing!)

Toxteth maybe it would be a good thing (If you would like) to join the malware research group. ++ did you email the sample to them?

They may be busy, but 11 days (and counting) is too much, in my opinion. A few other samples were dealt with much sooner.

I find a few embedded pieces of malware every month. Usually that stuff is new, so it would be beneficial for every user if the samples could be added a bit faster.

I haw send about 45000-50000 samples in last 2 weeks to Comodo and many users haw sended samples to Comodo. I think you can wait a little bit let them sort their stuff out. Almost all samples what I sended them are detected now. CIS is still in beta.

Attached screenshot


[attachment deleted by admin]

Just wondering if Comodo detected any of them? Do you scan them with Comodo’s scanner before sending them?

I sended not detected malware


I honestly think that comodo is doing a very nice job… I think that they have a “Decent” detection rate in such a short time, I feel comfortable with it as my realtime scanner.

I hardly think the beta status has anything to do with the speed of processing samples. Anyway, it seemed safe to assume there was a working system in place for adding samples, since cavs 2 has been available for a long time. Apparently that assumption was incorrect.