Comodo BOClean Saved my day, even though I had an AV installed!!

[Guest]

[Eric Cryptid]

BOClean saved my **** today!

I Downloaded a Program from www.download.com which is usually really reliable. It was a program called EasyCash which I wanted for keeping track of my finances. I downloaded it with no detection from anything not CPF Nor Antivir PE Preimium nor Spyware Terminator and then click to install the program still no detection from the above and and then the installer didn't fully install / stopped and closed in the middle of copying files. I looked at my BOClean log to find!!!

04/27/2007 12:55:45: IFSKEYLOG17 MALWARE STOPPED by BOCLEAN!   
Trojan horse was found in memory.
C:\WINDOWS\IFINST27.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: ******

OMG! Not even my Antivirus or anti-spyware caught that one! It stopped it and removed it before it had a chance to do anything!

I LOVE BOCLEAN!!!!!!!!!!!!!!!!!!!!



EDITED
******
topic splitted and Subject line modified to reflect the post..

[FishStyx]

BOClean saved my **** today!

I Downloaded a Program from www.download.com which is usually really reliable. It was a program called EasyCash which I wanted for keeping track of my finances. I downloaded it with no detection from anything not CPF Nor Antivir PE Preimium nor Spyware Terminator and then click to install the program still no detection from the above and and then the installer didn't fully install / stopped and closed in the middle of copying files. I looked at my BOClean log to find!!!

04/27/2007 12:55:45: IFSKEYLOG17 MALWARE STOPPED by BOCLEAN!   
Trojan horse was found in memory.
C:\WINDOWS\IFINST27.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: ******

OMG! Not even my Antivirus or anti-spyware caught that one! It stopped it and removed it before it had a chance to do anything!

I LOVE BOCLEAN!!!!!!!!!!!!!!!!!!!!

Very interesting.  I'm curious as to what IFinst27.exe is and why BOClean identifies it as malware.  I Google IFSKEYLOG17 and come up with nothing.  I Google IFinst27.exe and find the same "virus removal" thread on several support web sites, but no explanation of what IFinst27.exe is, no proof that IFinst27.exe was the problem, or that it is in fact malware.

The other applications didn't flag it because there seems to be no record of it.  Evidently no harm done in removing it, just wondering what it actually is...   

[N.T.T.W.]

I only found one link that seemed useful:

http://www.castlecops.com/t171457-navil_toolbar.html

This seems to say that IFINST27.EXE is something to do with W32/Downloader.AOLK

 

[FishStyx]

I only found one link that seemed useful:

http://www.castlecops.com/t171457-navil_toolbar.html

This seems to say that IFINST27.EXE is something to do with W32/Downloader.AOLK

 

Thanks Anderow, good catch.  Looks like a browser hijack.
Good work BOClean!   

[Melih]

Thanks Anderow, good catch.  Looks like a browser hijack.
Good work BOClean!   

Now you know what we mean by saying:
You should have Comodo BOClean in addition to your AV products  

Its a tool that every PC should have no matter what AV they use!!! 

Melih

[oOeagleOo]

uhm when BOClean detects something, should it not then come with an alert.?

because it sounds like you didnt get an alrt and that the only way you did find out BOClean did find the trojan was because you looked in the BOClean log.

Or do you have "permanently hide traybar icon and alerts" on

[mike6688]

uhm when BOClean detects something, should it not then come with an alert.?

because it sounds like you didnt get an alrt and that the only way you did find out BOClean did find the trojan was because you looked in the BOClean log.

Or do you have "permanently hide traybar icon and alerts" on

Hi,

There is an option in Boclean for 'unattended cleanup and removal'.  With this enabled BOClean will noy display alerts.  If this is not enabled, you will be given an alert and an option for what you want to do.

Mike

[oOeagleOo]

Hi,

There is an option in Boclean for 'unattended cleanup and removal'.  With this enabled BOClean will noy display alerts.  If this is not enabled, you will be given an alert and an option for what you want to do.

Mike

ok 

[Rednose]

Now I am confused When you guys talk about the BOClean log, do you talk about the report you get when clicking " Examine report ", or about something else

Greetz, Red.

[oOeagleOo]

Now I am confused When you guys talk about the BOClean log, do you talk about the report you get when clicking " Examine report ", or about something else

Greetz, Red.

I am talking about the "Examine report" because i think thats the one he is talking about 

[Rednose]

Yeah, that is what I thought too

Greetz, Red.

[mike6688]

ok 

No problem.     

[weaselthatbites]

Just downloaded the easy cash program from download.com...and it came out totally clean. Not only that...but there is no such file on my hard drive as described on my hard drive after installlation.


So where the heck did you get it from...lol. Either that or I downloaded the wrong program...

[~cat~]

This one?
Easy Cash Manager 3.0.1
http://www.download.com/Easy-Cash-Manager/3000-2057_4-10642669.html

[innerpeace]

I saw that program too. It has a bunch of downloads. The OP also mentioned a program called BestCash in another post. I think there is a little confusion with the name.

http://forums.comodo.com/index.php/topic,8348.msg60676.html#msg60676
I was going to download it an submit it to Jotti or VirusTotal to see if they found anything. Maybe the OP can do that and let us know what the filename is and the results.

Download dot com is not the best place to find software. Softpedia and MajorGeeks are much better and safer. 

[Tags:]