Virus over 40MB found

I found a virus on my friend’s external hard drive, it was called “svchost.exe” and was hiding in the RECYCLER folder and had an Autorun.inf file on the drive designed to run it.

It was 43.9 MB.

It also has the WinRAR icon and the description is “SFX Self-Extracting Archive”
HOWEVER, trying to open it with WinRAR doesn’t work… So it seems it’s not actually a WinRAR archive.

I know that back in March the default scanning size was increase from 20MB to 40MB for CIS but now it looks like the malware writers have done it again.

Comodo actually DOES detect this virus (both the .INF and .EXE), but only if you increase the scanned filesize to say 50MB.

Can’t upload to Virustotal as they only process stuff 20MB and lower.

Hi,Agent24

Thanks for reporting.
Could you please send the detected file at
submission-alert[at]avlab.comodo.com

Regards
Chunli.chen

Sure but my ISP’s email only takes up to 25MB attachments so is it OK if I put it in a multipart archive?

It’s detected as “TrojWare.Win32.Vbkrypt.~dy021@124334069” (When I had the file in my Ubuntu’s shared folder)

HOWEVER.

It does NOT detect it normally as the recycler folder is by default EXCLUDED from scanning in Comodo!

So, in addition to being too big, it’s also in a folder that Comodo doesn’t scan. This is pretty bad!

I always remove recycler from exclusions as soon as I install Comodo…

I also change the file size to 100 MB, as I already encountered samples above 50 MB twice.

May be we need to have them changed in defaults.