* Home Help Search Login Register  

Welcome, Guest. Please login or register.
October 13, 2008, 12:13:32 PM

Login with username, password and session length

199898 Posts
22950 Topics
55061 Members
Latest Member: maziyarsm

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Firewall
| | |-+  Help for v3
| | | |-+  "safe files database" question		 « previous next »
Pages: [1] Go Down Print
Author Topic: "safe files database" question  (Read 298 times)
sharkman08
Newbie
*
Offline Offline

Posts: 1
« on: July 13, 2008, 10:18:21 AM »
Hi. I got a defense+ alert today saying "please block this request and submit it to COMODO for analysis" but when i try to send the file, it will not send. Please see attached screenshots. After about 6 instances of the same/similar notice, I chose Block and Remember... what do you think about this? Thanks in advance.
Logged
Ragwing
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 3121


Sailor Warrior of Love and Justice
« Reply #1 on: July 13, 2008, 11:06:34 AM »
Greetings, and welcome to the forum!

It looks like you've been infected with a rootkit. Information from PrevX.
Note that the legit Windows-file is named svchost.exe and NOT system32:svchost.exe!
You should block everything related to system32:svchost.exe.
Do a scan with Avira AntiVir. It scans for malware, and also for rootkit.

Rootkits hide themselves in other files, so it's hidden in svchost.exe. As it's a safe file, it's already in the safe list, and therefore it can't be submitted.

Cheers,
Ragwing
Logged


XP SP3 2 GHz 768 MB RAM
5 services / 12 processes
Vettetech
Computer Security Testing Group
Comodo's Hero
*****
Offline Offline

Posts: 4631
« Reply #2 on: July 13, 2008, 11:17:41 AM »
This is also good.

http://www.freedrweb.com/
Logged
Ronny
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 676
« Reply #3 on: July 13, 2008, 01:44:14 PM »
and to know more, also scan with Gmer anti-rootkit to see if it finds anything suspicious.
http://www.gmer.net/index.php
Logged
Japo
x Help from Above x
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 1146


Life starts everyday anew. Prospects not so good.
« Reply #4 on: July 14, 2008, 10:35:50 AM »
Easy-to-use specific anti-rootkit scanners (self-contained exes):

Panda Anti-Rootkit

F-Secure Blacklight (direct download)

Avira also has anti-rootkit scanning capabilities as you've been told, the free version as well as the premium one. Also Comodo BOClean, you may do well installing it and seeing if it stumbles upon anything immediately, it wouldn't be the first time. Gmer's results may be difficult to interpret, but do give it a try. You can never be too sure if you've been exposed to rootkits.
« Last Edit: July 14, 2008, 10:43:34 AM by Japo » Logged
How the right user account can help your computer security
3xist
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2707
« Reply #5 on: July 14, 2008, 10:37:23 AM »
Rootkit Revealer I have found useful at one stage.
Logged
||***Please Read The Forum Policy Before Posting ANYTHING, Thanks!*** ||
Japo
x Help from Above x
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 1146


Life starts everyday anew. Prospects not so good.
« Reply #6 on: July 14, 2008, 11:14:42 AM »
By the way you should get into the Defense+ rules and delete everything about "system32:svchost.exe" (NOT "svchost.exe"). From that point on, always DENYing access in all the popups about "system32:svchost.exe", you may have neutered the threat with CFP alone and you may be able to delete the file(s) manually. But do scan with everything you can, as I said you can't be sure.
Logged
How the right user account can help your computer security
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.283 seconds with 19 queries.
Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com