Win32/AdInstaller

[Guest]

[KorruptedbyKomodo]

I've been using comodo since V2 on my old XP machine and I was using V3 on my newer Vista machine, The version I was using was 3.0.13.xxx and every couple of days I run the 'check for updates' function and for a few motnhs its seemed like there were no updates. I decided to visit the site and check for newer versions and have found now that its at version 3.0.25.378 which I decided to download.

I went to run the installer and of course was greeted by a message saying that Comodo firewall pro was already on my system, and did I want to uninstall it first. I uninstalled and resarted my machine and then ran the installer for the new version and was immediately Alerted by NOD32 that the firewall installer had attempted to install a variant of win32/adinstaller.

Here's the actual report from NOD32.......

"Time   Module   Object   Name   Threat   Action   User   Information
19/07/2008 16:24:09   AMON   file   C:\Users\DRUIDS~1\AppData\Local\Temp\s1.tmp   a variant of Win32/AdInstaller application   quarantined - deleted   DruidsSleep-PC\Druids Sleep   Event occurred on a new file created by the application: C:\Users\Druids Sleep\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe. The file was moved to quarantine. You may close this window. "

I deleted the installer and tried downloading it again, this time using the 'DownThemAll" extension in Firefox which has the ability to check the MD5/SHA1 checksums and the file I was downloading is totally genuine but still NOD32 throws up this warning each time I try installing the newer version of the firewall.

I ran full AV and Anti-spyware scans on my machine (with NOD32 and Spyware Doctor) and my machine is clean.

Is this why Comodo is free?? the software attempts to install adware without a user's knowledge or consent??

As I said the checksums match so the file hasn't been compromised, so what's going on?? I'm now forced to use windows firewall for the moment until I can find a decent, malware free, firewall for Vista

[Vettetech]

Its a false positive about the new toolbar included in Comodo. Ignore it.

[KorruptedbyKomodo]

Problem is I can't ignore it, NOD32 will NOT let me run the installer, it terminates the process as soon as the 'false' positive is thrown up.

Does comodo have an archive of older versions? I'd like the version I just removed back if possible, one without a toolbar.

thanks anyway

[WaterWall]

Disable NOD when installing Comodo  And when installing make sure you won't install the toolbar  Otherwise NOD will cry again 

[KorruptedbyKomodo]

Disable NOD?  not a chance!!

[WaterWall]

While installing ! Untick the install toolbar in Comodo and then NOD32 will be happy. Turn it on again after the installation 

[doktornotor]

Problem is I can't ignore it, NOD32 will NOT let me run the installer, it terminates the process as soon as the 'false' positive is thrown up.

Right-click the NOD32 in system tray, choose Advanced Setup -> Real-time file system protection -> click the Setup button next to ThreatSense engine parameter setup -> go to Options -> uncheck Potentially unwanted applications -> OK -> OK.

[gibran]

Is this why Comodo is free?? the software attempts to install adware without a user's knowledge or consent??

As I said the checksums match so the file hasn't been compromised, so what's going on?? I'm now forced to use windows firewall for the moment until I can find a decent, malware free, firewall for Vista

Please read Comodo Forum policy before continuing further.

As for CFP installation read Analysis of COMODO toolbar by BOClean standards

I would like to suggest to change your forum display name as well.

As for Nod32 results like Vettetech said it can be considered a false positive.

Anyway please scan other toolbar installers (google, yahoo, ms live search, alexa) and please report back Nod32 results.

[Vettetech]

You are only disabling so you can install Comodo. Nothing is going to happen. As in matter of fact when you install things such as games they tell you to shut off any virus scanner. You do not have to install the toolbar. I also use NOD32.

[Vettetech]

Odd thing is I have NOD32 3.0.669.0 and it doesn't find Comodo toolbar to be an infecting unless you have Threat Sense set to find Potentially unsafe applications which can also lead to false positives. Uncheck that option if you have it checked off.

[WaterWall]

And I say leave the Potentially Unsafe apps ticked. I can save your butt. Just disable NOD while installing Comodo and do not choose to install Comodo Toolbar. After the install - turn NOD back on. 

[Matty_R]

You can get previous versions HERE if you wish.

[gibran]

Odd thing is I have NOD32 3.0.669.0 and it doesn't find Comodo toolbar to be an infecting unless you have Threat Sense set to find Potentially unsafe applications which can also lead to false positives. Uncheck that option if you have it checked off.

Can you check if this happens with other toolbars as well, if this does not happen I guess eset will have to fix this.

[doktornotor]

And I say leave the Potentially Unsafe apps ticked. I can save your butt. Just disable NOD while installing Comodo and do not choose to install Comodo Toolbar. After the install - turn NOD back on. 

It actually detects the Ask.com toolbar and will wipe it... Already been discussed months ago. You can only re-enable it once you've uninstaled the toolbar via Add/Remove programs after you are finished w/ CPF install, so that only actually useful components will be left...

You'll get the same "trouble" with ZA Free, Spy Sweeper or whatever else that bundles this thing (even Nero 8.0) - and no, it's not a false positive, the Ask.com thing IS a potentially unwanted app.

Lessons learnt:

- Ask.com has been a horrible choice of an engine
- make a separate checkbox for the toolbar if you really insist on having it there, instead of pretending the functionality can't exist without it.

[Vettetech]

And I say leave the Potentially Unsafe apps ticked. I can save your butt. Just disable NOD while installing Comodo and do not choose to install Comodo Toolbar. After the install - turn NOD back on. 

Not true cause its unticked by default. With it ticked it leads to more false positives. You still have plenty of great protection with it unticked. I have come across many false positives with it checked off. Thats why its unchecked by default. I should know cause I have NIOD32 on 2 pc's. Others arent using it. I know first hand.

[Tags:]