Please feel free to ask any questions to learn all about Computer Security.

[Guest]

[Melih]

Here you will have access to the world's best security experts to help you learn all about Computer security!

feel free to ask!

Melih
 

[pilger7]

yeah ok i had some body hack my computer threw my space with something called malware,trogen and i guess they used my enternet exployer to monitor well i was going to report but they already wiped there activite from my personal e-mail i got all the software and firewalls and virus killers etc,etc, defraged scaned changed passwords but and removed old software but i still have this stupid window pop up about a networm-i.virus[ at ]fp and something about  files and i'm getting these ad's to by software but there comeing from the same host but my new software says my computer is free from infection?can u help resolve this and help me report or catch this s.o.b. thanks Jay

[Melih]

yeah ok i had some body hack my computer threw my space with something called malware,trogen and i guess they used my enternet exployer to monitor well i was going to report but they already wiped there activite from my personal e-mail i got all the software and firewalls and virus killers etc,etc, defraged scaned changed passwords but and removed old software but i still have this stupid window pop up about a networm-i.virus [ at ] fp and something about  files and i'm getting these ad's to by software but there comeing from the same host but my new software says my computer is free from infection?can u help resolve this and help me report or catch this s.o.b. thanks Jay

Well it seems as if, your machine is still infected!

You can go to the Malware cleaning section of the Comodo Anti virus and put a post there and we'll help you there to get rid of this.

thanks
Melih

[mal233]

Melih,

I have the logmein.com problem as well. I will attach the log file to see if that helps you fix this problem. AVG 7.1 and 7.5 do not ID these files as a virus.  They are two updates to best of my knowledge. Hope this helps.

Mark

[kishork]

Hi Mark,
These detected files are have capability of remote administration and hence these are detected. Other AVs are also detecting it. You can varify it by scanning the file from virustotal (virustotal.com)

If you want to use these files, you can exclude them from scanning

To exclude files/folders from scanning, do the followings
1.Go to main window->Settings->On Demand->Advanced->What items to exclude->Select. Then selects files/folders to exclude from scanning.
2.Go to main window->Settings->On Access->Advanced->What items to exclude->Select. Then selects files/folders to exclude from scanning.


Thanks & regards
Kishor

[LeoniAquila]

Thank you for this opportunity!

I would like to ask about rootkits, which I think are some very small programs hiding deep down in the system. But I don't know what they are capable of. Are these threats serious? Does Comodo (Firewall or AV perhaps) prevent from rootkits?

As I heard of a free anti-rootkit called Sophos Anti-Rootkit 1.2, I tried it and it has now searched through my system (XP with CPF and avast). Now I'm a bit concerned because it actually found a non-removable, hidden registry key: \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40
Do you have any idea at all what this is about? My only idea is that I've used the Neowin UXTheme patch to open up for other Windows themes than just the original Microsoft theme "Luna". The patch makes changes to Windows system files, maybe this is the reason? 

[Soyabeaner]

I'm not an expert, so ignore this post if you don't mind.

I would like to ask about rootkits, which I think are some very small programs hiding deep down in the system. But I don't know what they are capable of. Are these threats serious? Does Comodo (Firewall or AV perhaps) prevent from rootkits?

Destructive?  Potentially.  Look at the Sony deal.  CFP 3 will prevent it because of HIPS.  CAV currently should because it already has HIPS.

\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40
Do you have any idea at all what this is about? My only idea is that I've used the Neowin UXTheme patch to open up for other Windows themes than just the original Microsoft theme "Luna". The patch makes changes to Windows system files, maybe this is the reason? 

I also used Neowin patch for extended Windows themes, but I don't have this registry key (or maybe it's not visible with regedit.exe?).  I discovered that it's Daemon tools / Alcohol120%, so you're off the "hook" lol.

Remember that with any security scanner there could be false positives.  As with anti-rootkits, they could detect legitimate rootkits / hooks as well, so watch out for that.

[LeoniAquila]

Thank you Soya for your answer. I've read something about the Sony stuff, will check it further!

You're right about DAEMON Tools, because this has been confirmed in another forum where I posted a message yesterday. And it should be harmless.

Now, more rootkits: After my message here yesterday, I scanned with Spybot. It only found some logs, of which one belonged to Media Player Classic from Gabest. I removed this, and "just for fun" I made another scan with Sophos Anti-Rootkit, which actually listed another rootkit that referred to this Gabest thing. Quite strange I think, but I suppose it's harmless too.

By the way, isn't the Neowin patch a very smart thing to make Windows look nicer?

[Soyabeaner]

Now, more rootkits: After my message here yesterday, I scanned with Spybot. It only found some logs, of which one belonged to Media Player Classic from Gabest. I removed this, and "just for fun" I made another scan with Sophos Anti-Rootkit, which actually listed another rootkit that referred to this Gabest thing. Quite strange I think, but I suppose it's harmless too.

I think it's more false positives than strange.  Don't rely on one anti-rootkit scanner.  Rootkits are the newest breed of malware, so it's better to try more anti-rootkits if you're so interested.  I also have MPC and Gabest is its developer .  You can also see associated files with MPC in CFP's Component Monitor.

By the way, isn't the Neowin patch a very smart thing to make Windows look nicer?

Hopefully it isn't the cause of other "unexplained" issues with CFP, but no doubt it's necessary to ease the eyes .  Why Windows would limit to just a few themes (that isn't even beautiful) is beyond me.

[LeoniAquila]

Ok, good to know that there is protection available

As for Windows styles and CPF problems, there is at least one issue: when resizing the title bar (well, you don't even need any patch to do this!), the UI title bar of CPF becomes black and the three buttons on the right disappears (but the functionality of the buttons remains). When maximizing the window, the title bar becomes transparent instead! However it becomes normal if you reboot (still with the new title bar size). Really not a big issue, but I've posted a ticket to Comodo anyway, which they have responded to. They will try to solve it for CPF version 3. Perhaps you have noticed this too, since you obviously change themes (and thereby probably also title bar size)?

/L

[Soyabeaner]

You're about the 5th user to report this, with myself included.

You did know that rebooting isn't necessary, didn't you?  Just open Task Manager and end explorer.exe.  Then go to File > New Task (Run...) > enter explorer.exe (in some environments the .exe extension isn't even needed when running known Windows commands).  This is definitely a faster procedure because some programs are still running.

[LeoniAquila]

I don't reboot anymore, the issue isn't serious enough I think! Just restarting Explorer seems like a simple method, I havn't tried it though.

/L

[jhunjhun]

Hi , I'm just new to COMODO. I just installed  COMODO firewall the other day. I quite feel safe and confident surfing the internet. And I really thank COMODO for this. As I study the different function of this software, under Activity>>>Log, there is a lot and continues of traffic going on. And the description said Inbound Policy Violation, Access Denied(UDP or IGMP). Most of the source come from nbdgram and some are nbname. I just want to know if this thing is normal.. Hoping for any answer.

Thank you,
Jhun

[panic]

nbdgram and nbname are caused by Windows peer-to-peer networking. It's caused when a LAN workstation startsup and advertises its name and details across the LAN.

Providing you want to join the LAN, you 'll need to run the "add a trusted network" wizard (under SECURITY - TASKS). This will automatically create rules that allow LAN based comms to occur and your error messages will disappear.

Cheers,
Ewen :-)

[arjunpa]

I like to know whether i can uninstall comodo antivirus beta 2 properly?

[Tags:]