Ronny,
Bases.cav is much smaller, namely, 590 KB.
Tried your procedure of replacing with the bases.cav in the …\repair folder.
bases.cav size now is 60, 155 KB and version is 1182
haven’t run the hash check. Will get back in a couple of minutes with results of hash check.
Karl
Ronny,
Hash doesn’t check out.
My values are:
MD5: 45cb35671511494c5b23767804a1d234
SHA1: 5a46dec7ee02f26af30670f40f696774d9f706bb
What now?
Karl
Are you sure you used an administrator account ?
Can you check the hash of the bases.cav in the repair folder ?
MD5 - 9F6851B88111B41803039DBB6E099037
SHA1 - F97F1DD63735F6B4110D15AD91CBDC4ECC95A7D9
I just ran the entire procedure on my system.
Boot in to Safe-Mode, open an administrative command-box copy the bases.cav from \repair to \scanners
Reboot, CIS is now on 1157 run “check for updates” and it will download a load of updates to version 1182 with the first mentioned Hashes.
Ronny,
Followed your instructions to the letter.
Alas, the results are the same, namely,
bases.cav 45cb35671511494c5b23767804a1d234
5a46dec7ee02f26af30670f40f696774d9f706bbcda8047f
C:\Program Files\COMODO\COMODO Internet Security\scanners\bases.cav 08-May-09 19:11:19
08-May-09 19:11:19 61,598,106 cav
I reformatted the output from the hash program to be a little more readable.
Is there some url where I can simply download the full, complete, accurate bases.cav for the version of CIS which I have?
How and why my bases.cav got polluted I don’t know and have not the slightest idea. I haven’t played around with any of CIS files.
I doubt that all bses.cav problems have the same cause but evidently I’m not alone in this regard. Big downloads are no problem, after all the ISO for win 7 RC and 2008 server R2 certainly are not small and I’ve given up the time to download them, although haven’t played with the 2008 Server R2 yet.
I appreciate the time and effort you’ve expended and sure hope to be able to resolve this problem.
Thanks,
Karl
Ronny,
Ran crc32 onto end of SHA1 hash.
Now let’s see if I can figure out to incllude the HTML file.
| Filename | MD5 | SHA1 | CRC32 | Full Path | Modified Time | Created Time | File Size | File Version | Product Version | Identical | Extension |
|---|---|---|---|---|---|---|---|---|---|---|---|
| bases.cav | 45cb35671511494c5b23767804a1d234 | 5a46dec7ee02f26af30670f40f696774d9f706bb | cda8047f | C:\Program Files\COMODO\COMODO Internet Security\scanners\bases.cav | 08-May-09 19:11:19 | 08-May-09 19:11:19 | 61,598,106 | cav |
Karl,
I could post you the file somewhere but i don’t think that will fix the problem for you.
There is definitely something wrong with your install, this should not happen.
Can you please check your virtualstore to see if there are leftovers ?
You can find it in c:\users<your userid>\appdata\local\virtualstore\program files\
Is there a folder called COMODO and if so what’s in there ?
Ronny,
I have two accounts of this laptop–one with administrator privileges which I use for install and config purposes and then a standard account which I use for daily activities.
The standard account turned up nothing (as to be expected).
The admin account which I used to install and setup Comodo showed a Comodo folder in the container you specified.
I’ve attached a couple of PNG files produced using Windows Snipping Tool.
[attachment deleted by admin]
Ronny,
A URL to download the file would be appreciated.
Certainly worth a try and should do no harm.
I’ve not played with all of the Comodo options lately but I’ve not noticed any peculiarities.
Thanks,
Karl
It seems to contain a crash dump you can safely remove those… but this does not explain why your AV update does not got to the same size and hash as mine…
Can you search the registry for “virtualstore” and see if there is any comodo there ?
Ronny,
I can and I will but sure would appreciate a url for a correct bases.cav file.
Karl, MCDST, MCTS, MCITP
Please check your PM Karl.
Ronny,
Search of registry using RegEdit produced no VirtualStore entries for Comodo.
Karl
Okay thanks,
Can you run a full wireshark capture of the update process ?
I really like to know why your update only grows to 60MB…
Ronny,
Very unusual is that after using 7z to unzip,
file size of bases.cav = oops! something very strange here. I’m going to go over a couple of steps again because I’ve noticed some conflicting file sizes and I used SafeMode and cmd.exe with admin privileges to replace bases.cav.
Time for a strong cup of coffee, a short walk, and then a fresh look.
Excuse the delay while I regroup and reconcile,
Karl
Ronny,
checked PM, Thanks.
Just updated av database
Included is a PNG of hash values,etc for my present bases.cav
My machine is a Win 7 RC 32X (don’t know if Comodo sends identical fie to all systems).
Thanks again,
Karl
[attachment deleted by admin]
Hello Karl,
How are updates going ?
Mine is at 1190 at this moment.
As far a i know there is no difference in the AV database for XP/VISTA(W7)
Hi Ronny,
All is going well now. Just ran the av update. Now I’m up to 1190.
Enclosed is a PNG of hash for current bases.cav.
Just got a red alert as to a trojan detected by Comodo. I’ve got to run that down and see whether it’s false positive or not. Haven’t installed any new software but did use internet at a local coffee house where I’ve suspected that their router is infected. Guess I’ll stop using their wifi.
Karl
[attachment deleted by admin]
Hello Ronny,
Turns out that my latest possible av was nothing more that a false positive.
Will be reporting the false positive in another Comodo area.
Computrace’s LoJack for Laptops from Absolute Software was the source of the false positives.
rpcnetp.exe and rpcnetp.dll in %windir%\system32 are legitimate if signed by Absolute Software.
Thanks,
Karl
I have the same with a few uninstallers being reported…
Glad updates are working now.
Ronny,
I’ve included a portion of an email which I received from CompuTrace Lojack for Laptops (AbsoluteSoftware).
start of cut/paste*********************
I understand your concerns about the rpcnet*.* and upgrd.exe files.
I don’t have access to the hash files, but it isn’t impossible for us to provide the files to you specifically. However, it does not resolve your issue permanently. The digital signature of each of the LoJack software agents on each customers’ computers are different. While it may temporarily resolve your issue with the Comodo alerts, it’s not going to solve the problem with other Comodo users, and I’m pretty sure there are lots of Comodo users out there.
And, you’ll likely see the problem again if you decide to transfer your LoJack software subscription onto a different computer, as the signature will change.
As a permanent solution, what would we would like to happen is for Comodo’s tech support or software development department to get in touch with Absolute Software, or vice versa, so that the two companies with their relevant departments can work together to ensure the LoJack software agent files can be permanently whitelisted.
Who is your contact from Comodo? Can you provide me your Comodo contact name, direct phone number or email address from Comodo that I can give to my escalation department?
Absolute Software works with many security vendors to try to ensure compatibility between us and them. We would be willing to work with Comodo as well.
Thank you for your time.
Regards,
Tony T
Absolute Software Corporation
Computrace® LoJack® for Laptops
To contact support visit:
www.lojackforlaptops.com/support
How was my service?
csat@absolute.com
end of cut/paste**********
My note: That T in Tony T stands for Tieu
What is going to be the best way for me to convey this info to the correct person/department at Comodo?