Author Topic: open hosts.bat trying to execute notepad.exe  (Read 6633 times)

Offline r1d1

  • Newbie
  • *
  • Posts: 16
open hosts.bat trying to execute notepad.exe
« on: August 08, 2013, 06:29:43 AM »
Tried the new CIS on an older machine and am getting the same prompt like in the Italian forum:
http://forums.comodo.com/italiano-italian/hips-popup-open-hostsbat-is-trying-to-execute-notepadexe-t97394.0.html

My Italian really sucks ;) so I'm putting it here again.

- an "open host.bat" doesn't exist, never has existed, even not temp..
- message just pops up for 1 or 2 seconds, before another follows
- XP SP3

Thanks and Greetings

Offline fuco

  • Comodo's Hero
  • *****
  • Posts: 472
Re: open hosts.bat trying to execute notepad.exe
« Reply #1 on: August 11, 2013, 05:41:07 AM »
Hello r1d1,

I think it could be a virus.

The good news is that Comodo Defense+ block it.

Try to execute a complete scan.

Greetings

fuco

Offline r1d1

  • Newbie
  • *
  • Posts: 16
Re: open hosts.bat trying to execute notepad.exe
« Reply #2 on: August 12, 2013, 02:42:36 AM »
Thanks fuco,

virus was my first thought too, but neither Comodo nor Avast or Kapersky found anything.
I checked half of Windows-Registry manually, all Autoruns, every Service...nothing unusual can be found...

There is no entry in the Comodo Logs or reports, it's just the pop-up. As I said, I can't locate a file named
"open host.bat", no subroutine call...
Maybe it's a CIS-internal thing, which only occurs under some weired circumstances?


Very strange thing..
Thanks + Greetings

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11455
  • Linux is free only if your time is worthless.;-)
Re: open hosts.bat trying to execute notepad.exe
« Reply #3 on: August 12, 2013, 05:43:42 AM »
Here's a different way to look at it - rather than looking for a file called "open hosts.bat", is it possible that something else is trying to "open" a file called "hosts.bat" and in doing so is invoking notepad to "open" the file?

I'm just trying to think outside the box and kept coming back to this. To me, "open hosts.bat" looks like a parameter, not a filename.

How you track down what the "something else" is, I don't know, but hopefully a thought from left field will get you thinkiing differently.

Hope this helps,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11455
  • Linux is free only if your time is worthless.;-)
Re: open hosts.bat trying to execute notepad.exe
« Reply #4 on: August 12, 2013, 06:17:21 AM »
Thinking further, I suspect that "something else" isn't trying to invoke notepad.exe, I think that notepad.exe is being automatically executed with the parameter "open hosts.bat".

Search all autorun locations (services, registry, etc.) for notepad.exe.

To start with I'd do a search of the registry.

1. Open regedit.exe
2. Click the top entry (Computer)
3. With Computer highlighted, press CTRL-F
4. Enter notepad.exe and press ENTER
5. To continue past the first found occurrence of "notepad.exe", press F3.
6. Keep looking for "notepad.exe" to be present in an autorun (or similar) entry.

Hope this helps,
Ewen :-)
« Last Edit: August 12, 2013, 06:18:52 AM by panic »
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline r1d1

  • Newbie
  • *
  • Posts: 16
Re: open hosts.bat trying to execute notepad.exe
« Reply #5 on: August 12, 2013, 11:59:24 AM »
Thinking further...

Hi panic! Everything is helpful and every idea is highly appreciated. Thanks for you time.
Thus far no luck, no Parameter or any call at all (notepad or anything else) which leads in any way to
*host*  *hosts.bat or even any other *.bat

Right now I'm scanning the whole system and all files+content via text search for any *hosts* terms inside files, but this will take 1 or 2 days. ;)

Thanks to all, have a nice week!

Offline r1d1

  • Newbie
  • *
  • Posts: 16
a step further (open hosts.bat trying to execute notepad.exe)
« Reply #6 on: August 13, 2013, 10:01:23 AM »
I installed CIS on another computer and was able to reproduce the pop-up:
HIPS must be at least in "Safe mode" and popup alerts must be set to "verbose mode".
Next thing is a bit tricky: CPU has to be really busy (at least here with my device) and in this case the same pop-up came up for a very short time right before another

So I'm pretty sure it must be a Comodo thing which you just can't see in usual circumstances, because the pop-up is really fast. That would explain why there's no log entry...
Question is, what exactly does CIS do and why?

Greetings!

Offline r1d1

  • Newbie
  • *
  • Posts: 16
Re: open hosts.bat trying to execute notepad.exe
« Reply #7 on: August 13, 2013, 10:40:07 AM »
Found the term a few times in /themes/default.set....so it is a CIS thing....
See attachment.
I'm no html guy, but it seems the "display:none" in the css messes up, somehow...
<div class="AlertDescription" style="display: none"  >open hosts.bat is trying to <strong>execute</strong> notepad.exe open hosts.bat is trying to <strong>execute</strong> notepad.exe open hosts.bat is trying to <strong>execute</strong> notepad.exe </div>

I'll check the whole thing if time permits.
Greetings
« Last Edit: August 13, 2013, 11:01:34 AM by r1d1 »

Offline caps321

  • Newbie
  • *
  • Posts: 7
Re: open hosts.bat trying to execute notepad.exe
« Reply #8 on: September 15, 2013, 05:57:45 PM »
Just built a new computer, installed windows 7, 64 bit. And installed the new CIS. I'm also getting the same box popping up. Plus, I have to reboot the machine because it won't let me choose any of the options like deny.

Offline L3v

  • Newbie
  • *
  • Posts: 5
Re: open hosts.bat trying to execute notepad.exe
« Reply #9 on: December 16, 2013, 11:30:08 AM »
hi guys,

i'm having the same problem here. right after logging into the system i sometimes get this message, but can't click it. also the popup is only half visible (top half). after about 1 second it is overlapped by another popup informing me that CCC.exe (AMD / ATI driver -> catalyst control center) is trying to do something, although it is specifically set up as "allowed application".

ever since i've upgraded from v5.x to 6.3.x i've had problems with comodo. from time to time it simply decides to forget every single rule i've set, resulting in random bull sh** behaviour like blocking my graphics driver (even with the whole folder set to "allowed application" in HIPS). sometimes it decides to block my antivirus program instead (avira). after telling it explicitly to allow every single exe / dll of the affected program, it will work for 3-4 sessions. of course it then tells me that the rules already exist (you don't say!). then the whole cr*p starts all over again. a reinstall of both avira and comodo only helped for about 5 days. anyone with similar problems here?

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2101
  • Oxygen requires Chuck Norris to live
Re: open hosts.bat trying to execute notepad.exe
« Reply #10 on: December 17, 2013, 01:58:54 PM »
I can confirm the appearance of open hosts.bat in the question window.
Its somehow a hdd symbol, but changes in between one second to the file that should appear in the question.
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there was no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen."

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19580
Re: open hosts.bat trying to execute notepad.exe
« Reply #11 on: December 19, 2013, 11:11:50 AM »
hi guys,

i'm having the same problem here. right after logging into the system i sometimes get this message, but can't click it. also the popup is only half visible (top half). after about 1 second it is overlapped by another popup informing me that CCC.exe (AMD / ATI driver -> catalyst control center) is trying to do something, although it is specifically set up as "allowed application".

ever since i've upgraded from v5.x to 6.3.x i've had problems with comodo. from time to time it simply decides to forget every single rule i've set, resulting in random bull sh** behaviour like blocking my graphics driver (even with the whole folder set to "allowed application" in HIPS). sometimes it decides to block my antivirus program instead (avira). after telling it explicitly to allow every single exe / dll of the affected program, it will work for 3-4 sessions. of course it then tells me that the rules already exist (you don't say!). then the whole cr*p starts all over again. a reinstall of both avira and comodo only helped for about 5 days. anyone with similar problems here?
Could you run Rating Scan and when Catalyst files show up have them moved to Trusted Files list? That's how I deal with them. It may not be pertinent to your case though.

Are the Comodo installation folders excluded in Avira? Can you try uninstalling Avira to see if there may be is a compatibility issue at hand?

If you want to start using the Comodo AV go to Add/Remove components of the Comodo Firewall installer in the start menu.

Offline Xeno

  • Comodo's Hero
  • *****
  • Posts: 518
Re: open hosts.bat trying to execute notepad.exe
« Reply #12 on: December 29, 2013, 11:04:48 AM »
Hi, guys,
It's not a virus, not a system problem, it's a Comodo's bug.

Offline BigMike

  • Product Translator
  • Comodo's Hero
  • *****
  • Posts: 371
Re: open hosts.bat trying to execute notepad.exe
« Reply #13 on: December 30, 2013, 08:31:00 AM »
This is by (bad) design. The "open_hosts.bat" and "notepad.exe" are placeholders for the real programs in an alert message. If your system is fast enough, you will see the correct program names in the alert all the time. But if the cpu load is very high, the alert is displayed and the alert details will be changed afterwards.
It would be smarter to have "empty" placeholders...

Offline Xeno

  • Comodo's Hero
  • *****
  • Posts: 518
Re: open hosts.bat trying to execute notepad.exe
« Reply #14 on: December 30, 2013, 09:34:49 AM »
In this case, it would be better to optimize the alert output to the minimum resource consumption. Less graphics more efficiency.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek