File Intelligence ! *Tell us how can you remove the following 50 malware *

[yigido]

Source : https://forums.comodo.com/news-anno...emove-the-following-50-malware-t112022.0.html

Hello Everybody!

Tell us how can you remove the following 50 malware step by step..If you get it rght we will publish your solution with your name on file-intelligence.com.

Every month the top 5 contributers will be credited on our facebook fan page.

If you interested in this, please check below virus names and send us your description contents:

https://file-intelligence.comodo.com/windows-process-virus-malware/dll/adomi
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Windows
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/GdiPlus
https://file-intelligence.comodo.com/windows-process-virus-malware/vbs/Decode
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/VUESCAN
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/System.ServiceModel.Web.ni
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Conquer
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/LOIC
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/MagicISO
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/EXCEL
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/PrintDisp
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/UNREGMP2
https://file-intelligence.comodo.com/windows-process-virus-malware/bin/XRegistry
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/BINGOCAFE
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/TeamViewer
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/UpdateChecker
https://file-intelligence.comodo.com/windows-process-virus-malware/php/Diff
https://file-intelligence.comodo.com/windows-process-virus-malware/prx/WMSysPr9
https://file-intelligence.comodo.com/windows-process-virus-malware/CORE
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/FMAPO64
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/Interop.SHDocVw
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/nengine
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Ghost32
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/MailRuSputnik
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/skypesetup
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/WSCStub
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/Msvcrt
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/QtWebKit4
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/SLEEP
https://file-intelligence.comodo.com/windows-process-virus-malware/plg/FilesMonster
https://file-intelligence.comodo.com/windows-process-virus-malware/rtf/Eula
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/TypeLib
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/WapUI
https://file-intelligence.comodo.com/windows-process-virus-malware/DLL/WINHTTP
https://file-intelligence.comodo.com/windows-process-virus-malware/DLL/XUL
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/APPLEMOBILEBACKUP
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/AWC
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/FalloutLauncher
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Genesis
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/HDD
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/LaunchGTAIV
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/MPMiniSigStub
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/My7BootLoader
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/OGMCalc
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Pinnacle
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Sh4DoVV
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/UNITYWEBPLAYERUPDATE
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/ViStart
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/WUDFHOST
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/XF-MAX2k9-32bit-KG

PS:

As an example; you may check the template for the descriptions on the below link:

https://file-intelligence.comodo.com/windows-process-virus-malware/exe/svchost


Thank you very much !!

Kind Regards
@BuketB

 

[Enju]

Is this for real? Comodo users have to write a step-by-step removal guide based on process names (which is bosh) and you only get a measly mention on Facebook? Throw in some CIS Pro licenses or a real "Top Contributors" page and you'll get a much greater feedback.

 

[frogboy]

I have not got that much spare time on my hands or i might just be to lazy for such a small reward.

 

[Nico@FMA]

Source : https://forums.comodo.com/news-anno...emove-the-following-50-malware-t112022.0.html

Hello Everybody!

Tell us how can you remove the following 50 malware step by step..If you get it rght we will publish your solution with your name on file-intelligence.com.

Every month the top 5 contributers will be credited on our facebook fan page.

If you interested in this, please check below virus names and send us your description contents:

https://file-intelligence.comodo.com/windows-process-virus-malware/dll/adomi
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Windows
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/GdiPlus
https://file-intelligence.comodo.com/windows-process-virus-malware/vbs/Decode
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/VUESCAN
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/System.ServiceModel.Web.ni
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Conquer
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/LOIC
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/MagicISO
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/EXCEL
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/PrintDisp
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/UNREGMP2
https://file-intelligence.comodo.com/windows-process-virus-malware/bin/XRegistry
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/BINGOCAFE
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/TeamViewer
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/UpdateChecker
https://file-intelligence.comodo.com/windows-process-virus-malware/php/Diff
https://file-intelligence.comodo.com/windows-process-virus-malware/prx/WMSysPr9
https://file-intelligence.comodo.com/windows-process-virus-malware/CORE
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/FMAPO64
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/Interop.SHDocVw
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/nengine
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Ghost32
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/MailRuSputnik
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/skypesetup
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/WSCStub
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/Msvcrt
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/QtWebKit4
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/SLEEP
https://file-intelligence.comodo.com/windows-process-virus-malware/plg/FilesMonster
https://file-intelligence.comodo.com/windows-process-virus-malware/rtf/Eula
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/TypeLib
https://file-intelligence.comodo.com/windows-process-virus-malware/dll/WapUI
https://file-intelligence.comodo.com/windows-process-virus-malware/DLL/WINHTTP
https://file-intelligence.comodo.com/windows-process-virus-malware/DLL/XUL
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/APPLEMOBILEBACKUP
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/AWC
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/FalloutLauncher
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Genesis
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/HDD
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/LaunchGTAIV
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/MPMiniSigStub
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/My7BootLoader
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/OGMCalc
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Pinnacle
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/Sh4DoVV
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/UNITYWEBPLAYERUPDATE
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/ViStart
https://file-intelligence.comodo.com/windows-process-virus-malware/EXE/WUDFHOST
https://file-intelligence.comodo.com/windows-process-virus-malware/exe/XF-MAX2k9-32bit-KG

PS:

As an example; you may check the template for the descriptions on the below link:

https://file-intelligence.comodo.com/windows-process-virus-malware/exe/svchost


Thank you very much !!

Kind Regards
@BuketB

This is a great challenge, yet there are many malwares on the list that CIS should deal with as they are that simple.
I am not really sure how to take this topic as on one hand this is a great challenge, on the otherhand its kinda funny that Comodo asks for help and step by step Tuto's considering that 80% of the malware above is not detected by Comodo.
It would have been different if the malware is "known" and covered by Comodo rather then providing guidance for malware that Comodo seems to struggle with.

Imagine that ESET, Symantec or Kaspersky would ask their fanbase for a challenge to solve malware step by step while they have no cure against it themselfs.
You see where i am going with this? It just looks very weird.

That said those who like a challenge and have time to spare i would suggest go nuts go crazy and do the challenge, but me personally would not spend a single second on it. (@yigido nice topic dude it really is so my critical comment here is by no means directed to you so please do not let it discourage you in any shape or form.)

Kind Regards Nico

 

[Deleted member 21043]

I don't understand why Comodo staff don't just go through the list and do it themself, it's really not difficult. They should be the experts?

https://file-intelligence.comodo.com/windows-process-virus-malware/dll/GdiPlus - This is a legitimate Windows system file... The DLL is used for the Graphics Device Interface (this is what GDI stands for). If you are infected with malware using a DLL called GdiPlus.dll, you can do a few things such as check the path location of the DLL, check the dynamically linked imports of the DLL to see if it appears to be suspcicious, as well as check the executable using the DLL. If the path location of the DLL is incorrect (for a DLL called "GdiPlus.dll") then that there is a sign that it's a DLL pretending to be a system file. It's possible that a developer may accidentally name a DLL the same as a system file. If there are DLLs like "GdiPlus9.dll", "Gd1Plus.dll" in the Windows folder (or anywhere on your system) being used by an unknown process, this can be a suspicious sign to be investigated into more. >> This was purposefully written to not fit the Comodo template. >> There is also gdi32.dll, both are stored in <systemdrive>/Windows/System32.

https://file-intelligence.comodo.com/windows-process-virus-malware/exe/TeamViewer - This is even funnier, but I'll write something below:

TeamViewer.exe is the main executable to software known as TeamViewer, provided by TeamViewer GmbH. The legitimate copy of this executable is currently digitally signed by Symantec. The latest version of this executable is for TeamViewer 10. The default installation directory for TeamViewer is [installdir]. If you have TeamViewer 10 installed, you may find a service running on your system under the name of "TeamViewer 10 (architecture)" (replace architecture with 32-bit or 64-bit, however I am on x64 and TeamViewer stays with the 32-bit version). If you have not installed TeamViewer on your system, but find processes under the name "TeamViewer.exe" or the TeamViewer 10 service running, then this is a suspicious sign. To clarify more on the suspicions, you can check if the executable/s are digitally signed. If they are not, then that is another suspicious sign. >> This was purposefully written to not fit the Comodo template.

To check with Comodo if your system is infected:

Step l: Download the Award-Winning Comodo Free Antivirus

Step 2: Comodo Internet Security internal Firewall activates Network detection process. So it is important to check on the “Do not detect new networks again” option.

Step 3: After Network detection is done, Press “Close” button for a scan window.

Step 4: Now restart your PC

Step 5: Comodo Internet Security starts antivirus bases update. It takes sometime to get updated.

Step 6: After the update, a Quick scan is executed.

Step 7: If threats are found upon completion of scanning, you will be prompted with an alert screen.

Step 8: It will clean all malware including svchost.exe.

(I seriously found the TeamViewer one incredibly funny but I found the GdiPlus.dll one much funnier, as well as the above quote.. "Award-Winning Comodo Free Antivirus"...).

https://file-intelligence.comodo.com/windows-process-virus-malware/dll/Interop.SHDocVw - Interop.SHDocVw.dll is a legitimate DLL. It's a COM component. >> VERY BASIC DESCRIPTION.

https://file-intelligence.comodo.com/windows-process-virus-malware/exe/skypesetup - It just gets better and better...

Bear aside that detecting based on the path location and the filename/processname is not very efficient and useless in some scenarios, because if the malware decided to patch up the target executable instead of pretend to be another instance of the executable, then you'd need to incorporate more advanced scanning techniques, such as scanning the bytes in the file, comparing the file size, using a hash checksum from a whitelist, and so on... There are many methods.

My above examples were just quick, I could make them more detailed, but why would I want too? I don't particularly want to help Comodo anyway. To be honest, their staff are getting paid to do this work, so why are the users now expected to do?

Seriously, Comodo should know about all these DLLs/executables, and if they don't, surely they have the samples to some to check how the real one operates and then how a malicious one would be different? I am honestly shocked with Comodo now. They could do their own research, it doesn't take long. I'd have thought after all the time they've been in the security industry they'd have learnt a bit about windows processes/files, ...

I'm purposefully not submitting it to them and not writing it in the format how they wanted it (although it wouldn't take long). They should do their own work. They have a whole development team, etc...
Cheers.

EDIT: @Nico@FMA Yes, I totally agree with you. I don't think a company like ESET would ever make such a challenge for their users, instead they'd focus the time it would take to do it into improving their product and writing the guides themself. And besides, what do the users really get from it? Their name as the author? Don't think anyone is bothered about that. What I just wrote was very simple, probably the worst example anyone could think of. But it only took a few minutes, if Comodo put their time in they could do it themself in very little time.

 

[yigido]

On this matter I am with you guys, sorry Comodo. Even they accept that their privilidges is sandboxing the unknown samples not detecting them. As Nico said

I am not really sure how to take this topic as on one hand this is a great challenge, on the otherhand its kinda funny that Comodo asks for help and step by step Tuto's considering that 80% of the malware above is not detected by Comodo.

 

[Nico@FMA]

On this matter I am with you guys, sorry Comodo. Even they accept that their privilidges is sandboxing the unknown samples not detecting them. As Nico said

Thanks and again sorry because it is a nice challenge and again it was not against you m8.

 

[yigido]

Thanks and again sorry because it is a nice challenge and again it was not against you m8.

No problem friend, Comodo is not my company, so feel free to tell your valuable words to Comodo. Because you know somethings better than all

 

[Tony Cole]

I wonder if Melih could do it, you never see the true giants of the industry, avast! Kaspersky, Bitdefender etc., etc., publish such nonsense, I wonder why? Just more Comodo propaganda. I'd rather watch Wimbledon, that said if I could do it.

 

[yigido]

I wonder if Melih could do it, you never see the true giants of the industry, avast! Kaspersky, Bitdefender etc., etc., publish such nonsense, I wonder why? Just more Comodo propaganda.

This question is for me ?

 

[Tony Cole]

Are you Melih?

 

[yigido]

Are you Melih?

Are you kidding? I cannot understand your question. Melih is not MT member so I thought you asked me.
English is not my native language.

 

[Nico@FMA]

I wonder if Melih could do it, you never see the true giants of the industry, avast! Kaspersky, Bitdefender etc., etc., publish such nonsense, I wonder why? Just more Comodo propaganda. I'd rather watch Wimbledon, that said if I could do it.

This question is for me ?

Are you Melih?

Are you kidding? I cannot understand your question. Melih is not MT member so I thought you asked me.
English is not my native language.

No disrespect for Melih, but he has become a spineless person and a even worse businessman.
There use to be a time when his idea's where revolutionary and deeply respected.
However at this point he would not be able to find a malware and solve it even if he would be tripping over it.
Its so bad to see a promising product being killed by the very people that did come up with it...

@Melih what have you done m8? To bad that Comodo only surfing on past reputation as the current reputation is just a joke and based upon hyped news from Comodo and shady & so so security software. Find some courage clean the Comodo house and get rid of the wannabe people within the Comodo team as you know you got sold out and put to the side line and you know exactly what i am talking about.
Get ur products back into shape and i would be the first to applaud for that.... Most of the hardcore fans turned their backs on your products, guess why that is? Find the reason become a world class product... or end up like most other promising products > recycle bin / wayback search engine.

Kind Regards Nico

 

[jamescv7]

File Intelligence is a fine component reference and not totally different comparing to Process Library (created by Uniblue) where same description if the process is somewhat contains issue.

The thing is the steps makes it little bit exaggerated, "Award Winning product", it just make the content of site reliability to be 'so-so'.

 

[Koroke San]

@Nico-fma.8154 I don't think the person @Melih is the same comodo person who is u looking for

 

[Tony Cole]

It's a shame such a product(s), like Nico said 'was' at that point in time revolutionary idea's within the AV industry. Just the same as many businesses they grow too big, or think they do. In fact it's their heads have grown too big! Comodo does indeed have an impress set of features, apps (i.e., their new android range, which is are very good!) and steering in the right course, with good leadership and progression, but without that the software is either a) redundant, or b) set for the scrap-heap.

P.S. yigido I didn't mean for it to come out/sound like that, was unsure what the question was, and within what context.

 

[Kuttz]

I lost further faith in Comodo by asking its users help for removing malware. Never seen a security software vendor asks users help for malware removal.

 

[379EXHD]

I don't think Comodo is asking for anyone's help, they were just trying to give people interested in that sort of thing some recognition if they wanted to participate. If Kaspersky would have tried something similar it would have been great, but because it was Comodo it draws the typical ankle biters just like every Comodo thread. The people who get along fine with it and always have don't bother to even respond anymore. Not what I wanted my first post to consist of, but I call them like I see them. My opinion of course.

 

[Enju]

I don't think Comodo is asking for anyone's help, they were just trying to give people interested in that sort of thing some recognition if they wanted to participate. If Kaspersky would have tried something similar it would have been great, but because it was Comodo it draws the typical ankle biters just like every Comodo thread. The people who get along fine with it and always have don't bother to even respond anymore. Not what I wanted my first post to consist of, but I call them like I see them. My opinion of course.

Kaspersky doesn't need manual user entries for their file reputation website, they have automated it with KSN...
Also this has nothing to do with ankle biting, it's more the way Comodo handles it, they expect users to write entries on their website, promote their product in them and the only thing you get from them is a thanks on their Facebook page. They basically say thanks for wasting your freetime for them and hype their products and in return you absolutely nothing. This makes them look like absolute amateurs.

 

[379EXHD]

Enju , I don't believe the contest was ever intended for someone with your expertise , I can understand you taking it as a insult , your work here speaks for it's self. Would you feel better if they offered you a lifetime license which would add nothing over the free product you would ever use with your expertise. That would be a insult in my opinion. They are doing nothing but making a effort to get people invoved.