UnclassifiedMalware@162432846 cannot submit

Aloyse · February 21, 2011, 2:44pm

Hello,

I’ve installed the comodo anti-virus today (vista 64 home) and during the first full scan I got this:
C:\Users\Aloyse\AppData\Roaming\ASP.Net Cache Module\Windows Local Host.exe UnclassifiedMalware@162432846

So I quarantined the file and hit submit, got back the message ‘File to large’. The file is 13.693 kB. So I restored the file and I tried to zip it with 7zip, this fails with the message ‘Access refused’. I’m also unable to see the file properties, I cannot take ownership of this file and the owner is not shown.

Any suggestions on how to proceed with this?

FlorinG · February 21, 2011, 3:12pm

Hello Aloyse,

We checked this file and concluded that it is not a False Positive.

Best regards,
FlorinG

Aloyse · February 21, 2011, 3:47pm

Thank you for the quick reply. Any idea what sort of malware it is?

Best regards,

Aloyse

Valentinchen · February 21, 2011, 5:31pm

Hey and warm welcome to comodo forums Aloyse!

deleting it (by pressing clean) or quarantine it.

Regards,
Valentin N

Aloyse · February 21, 2011, 7:48pm

It’s already quarantined, I was wondering if you had any information what it could have done?

Best regards,

Aloyse

languy99 · February 21, 2011, 8:16pm

try to submit it to virustotal that should give you an idea of what it is or submit it to
CIMA http://camas.comodo.com/ to show you what it does.

Chiron494 · February 21, 2011, 11:27pm

Perhaps you can copy the file and then upload that copy to VirusTotal. That sometimes works.

Aloyse · February 22, 2011, 8:32am

Thank you for the suggestions, unfortunately I cannot copy or upload the file, even when logged in as administrator, I have not he necessary rights to do anything with that file.

Valentinchen · February 22, 2011, 2:55pm

You could try to copy and then past it on your desktop.if it’s too big encrypt it and then upload it.

Regards,
Valentin N

Aloyse · February 22, 2011, 5:19pm

I have tried copying it to an other folder, but I cannot copy it because I do not have the necessary rights, even logged on as administrator. Any actions (copy, move, zip, view properties, access with CFF-Explorer) that I try on that file get blocked by the message that I do not have the right to access that file.

languy99 · February 22, 2011, 8:23pm

last resort is to use a bootable cd to access it and send it to virustotal.

Aloyse · February 22, 2011, 9:53pm

Thanks, languy99, that did the trick. According to virustotal it’s a trojan, after the latest update comodo av called it a trojan dropper.