Valkyrie Test Results

spywar · May 17, 2013, 1:11pm

It’s malware. 1/46 means nothing. look at prout.exe it was a 0/46 … valkyrie was actively detecting it. Now, most of the vendors detect this worm.

AimeeLW · May 17, 2013, 3:29pm

That’s true, but what about the one siketa says is NOT malware, to be more accurate they say is a false positive, we need an analyst to confirm one way or another as one person saying ‘malware’ and another saying a ‘false positive’ doesn’t help us to judge Valkyrie’s effectiveness

As good as these tests are the results can be confusing or unclear when two or more people start a tug-of-war with the results or over the results, I hope we can get clear cut answers to clear up the confusion

spywar · May 17, 2013, 3:47pm

siketa is wrong
Note: This sample is now detected by CAV as “UnclassifiedMalware”.

6 / 47

That’s just an usual zeroday threat that starts its life as “unknown”.

AimeeLW · May 17, 2013, 4:07pm

Ty for the update, I’m sure most of us presumed this was the case, or at least hoped it was ;D

It’s nice to see how effective Valkyrie is and the awesomeness of the Comodo dev’s at work, I really cant wait for Valkyrie to work its magic in the cloud for CIS, should improve the detection and protection greatly :-TU

siketa · May 17, 2013, 8:04pm

I assigned both files for analysis.

_0M0D0 · May 17, 2013, 8:08pm

Are we witnessing the automatic creation of signatures by valkyre already? Is that special day already here? ???
:BNC :BNC :BNC

What do you mean? That Valkyrie said one thing and analysts said the opposite (normal)?

spywar · May 17, 2013, 8:11pm

Valkyrie has :

Static Detectors : I am waiting for Igor’s response to see if they are now using to generate signatures I don’t have any official reply for it.

Dynamic detection : CIMA already used for unknown files submitted by community.

AdHeur Already used to generate signs (even before valkyrie website was introduced).

siketa · May 17, 2013, 8:27pm

Yeah…it happens…

spywar · June 1, 2013, 8:51pm

http://valkyrie.comodo.com/Result.html?sha1=55dacf44d1c30f5b226a725b34ab633ea54c3df0&&query=0&&filename=1.exe

ioannis210 · June 3, 2013, 9:16pm

what means PE FILE??

wasgij6 · June 3, 2013, 11:40pm

portable executable

ioannis210 · June 4, 2013, 5:29pm

Thanks

spywar · June 28, 2013, 3:09pm

http://valkyrie.comodo.com/Result.html?sha1=9386649077a3c7b40b92c8b1be027d9aed63608c&&query=0&&filename=FAX_281_3927981981_283.exe

romil · August 3, 2013, 7:02pm

Valkyrie results for netpeeker.sys:

http://valkyrie.comodo.com/Result.html?sha1=c31c16928cc27ce83a71481e55949d95f0e00fb6&&query=1&&filename=netpeeker.sys

eMing Software is a trusted vendor.
Virustotal.com shows that all the virus programs listed trust this file. Because of this concept of a “false detection”, I don’t trust the opinions of virus companies as to what programs can be trusted.

I’m not going to say that this is a false detection because I don’t know what AI_Detector 5 & 11 is finding, so my question is simply this:
Is the malware malicious?
I have no reason to think so, but I am open to a possibility that security on my system may be compromized (System folder protection reduced to allow writing to the folder).