Malware - CIS HIPS DID NOT REACT

cocalaur · June 2, 2014, 11:16pm

Hey…

Long story short:

I got a debate on a forum about HIPS/antivirus/security/etc. with a guy and he told me that he can infect my computer
regardless. I have Comodo Firewall and 360 Internet Security.

So I accepted the “challenge” (the scope was to get that sample and send it to you if it could not
be detected… and it didn’t.) 360 detected it after a while.

The guy told me that it is a RAT i don’t know what s***, that it evades all antiviruses
and sandboxes/hips, and that he can control my machine, etc.

Is it possible? After all I got a detection from my AV, but comodo firewall didn’t respond…

I will send it on camas, is it OK? I also have the link here:

Link to possible malware removed by moderator

password: infected

Any feedback…?

I will download CCE to do a full scan of my system…

Citizen_K · June 2, 2014, 11:26pm

I removed the link to the possible malware to protect our members. Please do not post links to malware in the public part of the Comodo forums. I kept the url.

You can send the download link by pm to members who are requesting it.

cocalaur · June 2, 2014, 11:34pm

yeah… but it was archived… password protected… one could not infect himself unless he really wanted to.

So where do I send it?

comodo file submission/camas rejected my query.

EDIT: Now I’ve read more clearly. Sorry, I am tired. So you kept the link.

Good.

Please keep this thread updated if you find anything new.
I’m curious

Thank you.

Citizen_K · June 2, 2014, 11:40pm

You can report it in Submit Malware Here To Be Blacklisted - 2014 (NO LIVE MALWARE!). Please follow the instructions in the first post on how to submit.

I just uploaded it to VT and had it rescanned. You can use this link: VirusTotal .

Camas: http://camas.comodo.com/cgi-bin/submit?file=2b4fc2f78f0a4bfd879287ec93859f455a89fb75d28548e96a227668f36430e6 .
Valkyrie: http://valkyrie.comodo.com/Result.html?sha1=023788e25b75f33ecfac79c9762a0b3a026b9260&&query=0&&filename=mov0016.scr

jhkmaster_b · June 3, 2014, 12:23am

Hi cocalaur,
I mentioned the information and links on the topic of submission of malware.
This sample will be analyzed.

Thanks for sharing the sample and the information about it.

Regards

spywar · June 3, 2014, 12:32pm

Sad to see that both, CAMAS and Valkyrie failed to scan the submitted sample.
There are many issues in Comodo’s Backend and they simply never get fixed…

cocalaur · June 3, 2014, 1:41pm

Update: Now I am scanning the whole system offline with the Avira bootable recovery CD.
So far 2 detections…

I wanted to use comodo rescue disk 2.0.275239.1 first, but sadly it hang upon linux initialization.

Could you please fix this or help me report it? I want to use comodo rescue disk
in the future because it’s easy to use and I have faith in this product.

The reason I ask for help is that I find the accepted bug report format to be
a little complex for me to complete.

Thanks.

Citizen_K · June 3, 2014, 4:53pm

Jhkmaster has submitted the malware in the mentioned topic.

I have no idea how to help you get the CRD to work on your system.

If you want to do off line scans you can also consider using rescue disks from Kaspersky and Dr Webb. These are reputable scanners and always good to have these tools in your toolbox.

Of course Hitman Pro, Malwarebytes Antimalware and Super Antispyware are also good tools when running in Windows. Also don’t forget Comodo’s KillSwitch.

When fighting malware it is always good to use multiple tools.