Comodo BOClean Saved my day, even though I had an AV installed!!

[Guest]

[TonyKlein]

Comodo BO CLEAN also saved my life.
I downloaded a weather report tool from the internet along with some bonus downloads and came out with the following report from BO-CLEAN. Comodo Anti-virus didn't detect it, nor did spybot search and destroy 1.4, or Ad-aware.

It is indeed a correct detection  : 

http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453079971

[ctrlaltdelete]

I found hundreds of those so called "codecs" and tested a few variants.

First with online sources (jotti's, virustotal etc.) and finally run the trojan.

If my AV did not detect the trojan (as suggested by Jotti and Virustotal) BOClean would have saved my ass   


Results with a lot screens and info;

http://members.home.nl/ctrlaltdelete/dnschanger/index1.html

[~cat~]

Heh, you can change the file number on the "playcontact" download link and come up with a new "variant" (repacked with different hash) for each number on those.
I was up to 1290 last night (IIRC) before I quit.
Detection separates real detectors from the hype products.
Nice write up!

[panic]

1290! You need to get another life ~cat~!

Great write up ctrlaltdelete

Ewen :-)

[~cat~]

1290! You need to get another life ~cat~!

Not a total of 1290, the file number prior to the extension was 1290. 
CBO catches them no matter how many different combinations they create so it's not necessary to check every one.
Looks like play-mega was in the mix as well.
There were over 20 comment spammed links on another forum I'm involved with all pointing to play-megaxxxx.exe's.
Same story with as many downloads as made up numbers. They must have a generator that mass produces the exe's.

Looks like the "others" are catching on.., a day late for some.

[John]

uhm when BOClean detects something, should it not then come with an alert.?

because it sounds like you didnt get an alrt and that the only way you did find out BOClean did find the trojan was because you looked in the BOClean log.

Or do you have "permanently hide traybar icon and alerts" on

Bingo!  This is something that just happended to me when BOClean falsely disabled IE7 on one of my family's computers.   Read about my issue here: http://forums.comodo.com/comodo_boclean_antimalware/boclean_423_destroys_ie7-t11365.0.html

[Succat]

This, just a few moments ago...


11/10/2007 06:14:43: BKDR-KONIK VARIANT STOPPED BY BOCLEAN!   
Trojan horse was found in memory.
D:\CONTENTS\DOWNLOADS\IMAGING & MEDIA\MUSIC & SOUND\HAMMERHEAD RHYTHM STATION\HAMMERHEAD RHYTHM STATION V1.0_INSTALL.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Operator

 

Well done and many thanks, Comodo!


Succat

[needs_rework]

Congratulations to anyone (real or otherwise) that fin d value in these products. These are poor products taking up too much CPU and causing system crashes. I wouldn't have bothered posting this if at least somebody at Comodo earned their money developing a working uninstall program. Please get the uninstall feature right before dumping these products on the masses. Thanks.

[Melih]

and you represent which AV company If i may?

 

Melih

[LeoniAquila]

LOL, touché!

LA

[SpacemanPT]

man... these guys never give up, do they???

after reading through this topic i decided to try boclean... didn't think much about this software until now

[Josh123]

Congratulations to anyone (real or otherwise) that fin d value in these products. These are poor products taking up too much CPU and causing system crashes. I wouldn't have bothered posting this if at least somebody at Comodo earned their money developing a working uninstall program. Please get the uninstall feature right before dumping these products on the masses. Thanks.

Get a life mate   Show some respect.

[J2897]

Congratulations to anyone (real or otherwise) that fin d value in these products. These are poor products taking up too much CPU and causing system crashes. I wouldn't have bothered posting this if at least somebody at Comodo earned their money developing a working uninstall program. Please get the uninstall feature right before dumping these products on the masses. Thanks.

Format your hard drive if your PC's on the blink, don't blame Comodo products. I have Many Comodo products installed and my CPU very rarely leaves 0% unless I'm doing something. Also, none of my systems crash.

[Tags:]