We encountered this problem today. One of my clients called saying they had 21 viruses on the computer. Upon attending the location, I found that “XP Antivirus 2012” seemed to be installed. Right beside Comodo, running in parallel.
No reports from Comodo, no errors or failures in Comodo.
What seemed to happen was the user was searching via a web search engine and clicked on one of the links, which brought to a fake website - which instantly redirected to another page.
That page loaded a fake XP Antivirus which looked like a Windows Explorer / My Computer page. The computer uses IE 7.
It also secretly installed a program, which then ran and added a tray icon beside Comodo. Fake virus scans were displayed and encourage the user to buy the fake virus program.
Xp Antivirus is a well known fake trojan/virus/malware - hard to decide exactly what it is.
We are very surprised that Comodo did not detect this download / automatic install. It certainly should.
Mengze.lin, If you are using “FP” to mean “false positive”, then it seems you misunderstood SpyderX’s post. I believe that XP Antivirus 2012 is a rogue that Comodo should detect as malware. Somehow it got installed on the computer. From SpyderX’s post, we cannot be sure what CIS settings were used or how alerts were handled. So it is unclear if this file was installed because of user error or a comodo inadequacy (e.g. inappropriately whitelisted file, no signature yet, etc). But, it does not appear to be a false positive.
SPyderX, it may be helpful to provide the following info: CIS settings, windows version, log entries pertaining to this rogue.
My parents have been attacked twice by this in the last three months and Comodo kept it out both times, so I’m a bit surprised to see it manage to get in…
