Recognizer v1.6.1 Released for Comodo Internet Security v10

Status
Not open for further replies.

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
Hi All,
We are pleased to inform that we have released Recognizer v1.6.1 for Comodo Internet Security v10.
Thank you to all users who participated in RC testing.

Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:

Backdoor (2)
Backdoor.MSIL.Bladabindi
Darkcomet

Fileless Trojan (3)
Gootkit/Xswkit
Kovter
Poweliks

Password Stealer Trojan (1)
Primarypass

Ransomware (59)
7ev3n
AdamLocker
BleedGreen
BTCLocker
Cancer
Censer
Cerber
CloudSword
Critroni
Crowti
CRY LOCKER
Cryakl
Crypmod or ZeroCrypt
Cryptolocker
CRYPTOMIX
Cryptorium
CryptoWall
CryptXXX
Crysis
DeriaLock
DMALocker
EnkripsiPC
Falock
FireCrypt
Genasom
Globe Imposter
GOG
Haperlock
HiddenTears
Hollycrypt
HydraCrypt
JigsawLocker
Kangaroo
Kelnoc
Locky
Manifestus
Matrix
Philadelphia or Stampado
Ransom.NoobCrypt
Razy
Roga
Sag2.0
Sage
SageCrypt or Milicry
Sarento
Satan
Shieldcrypt
Spora
TeslaCrypt
ToCrypt
TorrentLocker
Trojware.Win32.Filecoder.Ishtar.B
UltraLocker
Wallet/Dharma
WannaCry
Xmas
Xorist
XRatLocker
YourRansom

Trojan (24)
Carberp
DarkKomet
Lethic
Necrus
Rematsu
Ropest
Sopinar
Spatet
TrojWare.MSIL.Injector.~QWE
TrojWare.MSIL.Kryptik.IAS
TrojWare.MSIL.NanoCore.E
TrojWare.Win32.Agent.ZAQ
TrojWare.Win32.Fynloski.B
TrojWare.Win32.Injector.~DLDO
Trojware.Win32.Matsnu
Trojware.Win32.Phase.A
Trojware.Win32.PSW.Fareit.A
TrojWare.Win32.Ramnit.qg
TrojWare.Win32.Spy.Recam.zkg
Trojware.Win32.Spy.Weecnaw.H
Trojware.Win32.TrojanDownloader.Small.PRQ
Trustezeb
Ranbyus
Nivdort

Virus (1)
Grenam

We have released recognizer in test mode where in case recognizer detects a file, it won't report to user but will inform to back-end and after we have analyzed detected files and ensured we do not have false-positive, we will update recognizer again and release in alert mode, where user will be notified of detected malware.

You can run program update manually or via auto update you will get recognizer.
You could verify if you have latest recognizer by looking at "Settings --> Advanced Protection --> VirusScope", where you will see latest recognizer as shown in enclosed snap.

You should also be able to verify following file:
C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10\recognizerCryptolocker.dll
File Size: 268 KB (274,624 bytes)
SHA-1: b8edeb5e6040156b38a89d7faa19ffdbca497846

In case you observe any abnormal CPU or RAM usage, please do report with list of active applications in sandbox.

Going forward you can expect more frequent releases of recognizers.

Thank you for all the support and feedback.

Thanks
-umesh
 

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
619
XData Ransomware (not listed)- Detected

Antivirus scan for d174f0c6ded55eb315320750aaa3152fc241acbfaef662bf691ffd0080327ab9 at 2017-05-24 12:47:56 UTC - VirusTotal

XData Ransomware on a Rampage in Ukraine

2uny0dz.jpg
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I admit. I did not even know this is in CIS. It's in CFW too. Seems like something for MTs video test perhaps :) In Comodo terms, the Viruscope alert is as close as it gets to a sure thing I guess. Hope they keep it very much focused on sure thing nasty malware and not run of the mill types...
 
  • Like
Reactions: Fel Grossi

Fel Grossi

Level 13
Verified
Top Poster
Well-known
Jan 17, 2014
619
I admit. I did not even know this is in CIS. It's in CFW too. Seems like something for MTs video test perhaps :) In Comodo terms, the Viruscope alert is as close as it gets to a sure thing I guess. Hope they keep it very much focused on sure thing nasty malware and not run of the mill types...

Certainly, but for now, it's still under test. No detection will be displayed, only for analysis of the COMODO engineers, to know about false positives. So, tests only when detections are "released".

We have released recognizer in test mode where in case recognizer detects a file, it won't report to user but will inform to back-end and after we have analyzed detected files and ensured we do not have false-positive, we will update recognizer again and release in alert mode, where user will be notified of detected malware.
 
  • Like
Reactions: AtlBo
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top