virus or fps

Comodo Internet Security - CIS News / Announcements / Feedback - CIS
1

cis detects this as virus
C:\Documents and Settings\Naren\Local Settings\Temporary Internet Files\Content.IE5\ID4hWUO4\jquery-1[1].js - Unclassified Malware@8384484

C:\Documents and Settings\All Users\DRM\Indivbox.key - Heur.Suspicious.Attribs

C:\Documents and Settings\All Users\DRM\Cache\Indiv02.key - Heur.Suspicious.Attribs

C:\Windows\Downloaded Program Files\IEGetplugin.ocx - Heur.Packed.Unknown

C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP472\A0758581.exe - Application.Win32.TrojanSimulator@149925

C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP472\A0758582.exe - Application.Win32.TrojanSimulator@91644

2

i use firefox. while browsing cis popped up wit a virus alert
C:\Documents and Settings\Naren\Local Settings\Application Data\Mozilla\Firefox\Profiles\il9vvrn0.default\Cache\12DA8E93d01 - Unclassified Malware@8362428
is this a virus or fp??

AND is cis capable of detecting virus while browsing or is this something strange??

Please reply my first post too. are those viruses or fps??

3

I would NOT remove the following:
C:\Documents and Settings\All Users\DRM\Indivbox.key - Heur.Suspicious.Attribs
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.key - Heur.Suspicious.Attribs
C:\Windows\Downloaded Program Files\IEGetplugin.ocx - Heur.Packed.Unknown

The heuristic is eagerly to pop and still has a lot of FP’s…
Send the files to virus total and see what it says… www.virustotals.com and http://camas.comodo.com/

If they come out clean on both… then they are most likely clean… =)

I would quarantine the following:

C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP472\A0758581.exe - Application.Win32.TrojanSimulator[at]149925

C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP472\A0758582.exe - Application.Win32.TrojanSimulator[at]91644

Since Comodo lables them as a virus, they match a definition, and are most likely bad.

And the last 2… I would simply remove:

C:\Documents and Settings\Naren\Local Settings\Application Data\Mozilla\Firefox\Profiles\il9vvrn0.default\Cache\12DA8E93d01 - Unclassified Malware[at]8362428

C:\Documents and Settings\Naren\Local Settings\Temporary Internet Files\Content.IE5\ID4hWUO4\jquery-1[1].js - Unclassified Malware[at]8384484

Those are files you got from a web page and removing things stored in “Temporary Internet Files” won’t ■■■■■ any functions up… the same with mozillaz catche, you can safely remove virus like files found there without thinking.

Yes if they are accessed. I think.

4

I go with Moneyman ^ (:TNG)

Anything Labelled Specifically (eg: Application.Win32.TrojanSimulator) should be quarantined/deleted.

Anything labelled Suspicious (eg: Unclassified Malware etc) is anyone’s guess. a .js/.key file can do little byitself. leave it there i say.

Comodo does NOT scan webtraffic… but it scans every file written to harddisk meaning, your internet CACHE is being scanned as you browse the web, not the webtraffic.

Keep Heuristics Low. Its a pretty good setting. Anything else just means a lot of fp (IMO).

OffTopic: The AV should be Sig based (CAV here). The behavioural Blocker should not be sig based (D+). A standalone AV might want high/medium heuristics but CIS (because of D+) dosent need it.

5

thanxx for your support and help guyz. i ignored the heur detected items and quarantined the trojan and unclassified ones. by the way till cis becomes more mature i m going to keep heur off.

thanxx
naren