Comodo Webiste Compromised??

[el el amiril 0]

Hello dear admin and eset community i ran a checking with the comodo free av and uploaded it on virustotal it shows 2 av detection but when i open it with hex editor and removed some zeros that were in group and save it and uploaded it on virustotal now it shows 4 av detection here is the link https://www.virustotal.com/gui/file/ff8dfc588b2116bb62928af3cc12e0d4f4f714763cd1064572eb54dc8bef5e97/detection

 

im planning to used it on my  company office desktop and my internet security does not detect it also i have a bunch of crack games from popcap but i no longer used them and removed them from my pc after editing those exe in hex editor there were bunch of greyware and trojan result mostly six result in virustotal but not being detected by eset??

What can i adjust in the settings for it to deeply scan through those files?? those zeros where significant threat😔

[el el amiril 0]

i will upload a screenshot of those crack games and virustotal result after removing a bunch of zeros in hex editor

[el el amiril 0]

here is the virustotal result for the crack https://www.virustotal.com/gui/file/e7c96bc6b689f38e14d73b2389b568f85c397b7d6ff911de4ba109bbb954a869

[el el amiril 0]

i was hoping i could find legitimate cracks since those company does not provide additional payment method which i can used

[el el amiril 0]

here are some screenshot

[el el amiril 0]

and here the virustotal result after removing those zeros in hex editor https://www.virustotal.com/gui/file/bbc22d3ed2c070f1abdbe133c1ed8f1d07866380843fe3fa94e9da0ce46da947?nocache=1

[el el amiril 0]

dear eset admin is there an option to scan thoroughly those code as it might put risk in computer system which eset is protecting not just for crack but for genuine apps whose website might have been hijacked as not all website gives their apps sha1 or md5?

[stackz 112]

By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).

[el el amiril 0]

 

3 minutes ago, stackz said:

By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely).

im not really good at programming i only assume it since pc security channel claims it

So those files are fine im trying to install av that is free for my office desktop currently i don't want to pay .

 

[karlisi 26]

Also, where you get the file    cispro_installer.exe? Free Comodo installer is called cav_installer_blahsomething.exe. Out of curiosity I uploaded it to virustotal and there are no detections on it.

[el el amiril 0]

Just now, karlisi said:

Also, where you get the file    cispro_installer.exe? Free Comodo installer is called cav_installer_blahsomething.exe. Out of curiosity I uploaded it to virustotal and there are no detections on it.

from their website @https://antivirus.comodo.com/

[karlisi 26]

OK, I see. This is paid product, not free.

[el el amiril 0]

5 minutes ago, karlisi said:

Also, where you get the file    cispro_installer.exe? Free Comodo installer is called cav_installer_blahsomething.exe. Out of curiosity I uploaded it to virustotal and there are no detections on it.

originally the virustotal result is https://www.virustotal.com/gui/file/956b78ee9a10a0135ea4109e9005eb6be548278b8f5eb954f919a13405c381c2

[el el amiril 0]

3 minutes ago, karlisi said:

OK, I see. This is paid product, not free.

no there were 2 option to clik

[Nightowl 202]

Since you modified it brother , you broke the signature, you modified the contents as then the signature of the maker is broken

This will give an indicator to A.I scanners that this file might be malicious.

Because the A.I usually knows this software/installer as trusted and signed , then suddenly you uploaded it differently and unsigned , it will look suspicious to the Bots(A.I).

The new un-modified installer that you uploaded got 2 detections , those are false-positives , the A.I might detect them because installer is new , it might feel it's a bit suspicous

once you played with the HEX and added ZEROs, 2 more A.I hated your modification and found it suspicious and also you broke the signature of the developers.

 

Since I was marked as a solution , I may be wrong or not 100% accurate , if I am mistaken , please correct me

Edited April 5, 2023 by Nightowl

[Marcos 5,070]

2 hours ago, el el amiril said:

originally the virustotal result is https://www.virustotal.com/gui/file/956b78ee9a10a0135ea4109e9005eb6be548278b8f5eb954f919a13405c381c2

A clean file with a valid Comodo digital signature, not subject to detection.

[Marcos 5,070]

4 hours ago, el el amiril said:

here is the link https://www.virustotal.com/gui/file/ff8dfc588b2116bb62928af3cc12e0d4f4f714763cd1064572eb54dc8bef5e97/detection

Corrupt, not subject to detection.