Author Topic: RE: CIS Virus Database Will Not Update On Windows 10 PC  (Read 2476 times)

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #30 on: July 16, 2018, 12:49:21 PM »
Hi and thanks for the quick reply.

Re: TSSK.SYS
Quote
TSSK.SYS is reported and classified as a PUP (potentially unwanted program). TSSK.SYS installs as a plugin to your Web browser, intercepting your online activities, altering the content of Web pages and search results, and displaying an outstanding amount of highly invasive advertisements.

That's why I use browsers other than IE and iexplore.exe is not allowed to run on this PC. Or any of my PCs for that matter.

Can you comment on all four programs and what function they have? I only briefly looked into them.

4? Do you mean 3? Or do you mean the 4 autostarts?

Tencent makes QQ, an IM client, among other crap.
Rising is responsible for the AV as previously mentioned.
There was no Baidu AV installed (but the drivers were there anyway, no doubt bundled with the OS)

I would say disable drivers per manufacturer. First Tecent related because it is a PUP and reboot. Then I will wait or your comment on the others.

Will do so now.

Update: Received error "Error changing item state" while trying to disable 2 of the Tencent drivers
1. QQFrmMgr   QQFrmMgr: QQ Frame Manage Driver   Tencent   c:\windows\system32\drivers\qqfrmmgr.sys
2. QQProtect   QQProtect: QQProtect Application   Tencent   c:\windows\system32\drivers\qqprotect.sys

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #31 on: July 16, 2018, 02:53:04 PM »
Hi and thanks for the quick reply.

Re: TSSK.SYS
That's why I use browsers other than IE and iexplore.exe is not allowed to run on this PC. Or any of my PCs for that matter.
Even when you don't use IE the PUP will more than likely connect to the web.

Quote
4? Do you mean 3? Or do you mean the 4 autostarts?

Tencent makes QQ, an IM client, among other crap.
Do you use QQ IM client?Do you have QQ browser? What programs by QQ do you have installed?  Does it install surprise programs? I don't know the program but there is suspicion of spyware getting installed with it:https://en.wikipedia.org/wiki/Tencent_QQ .

Quote
There was no Baidu AV installed (but the drivers were there anyway, no doubt bundled with the OS)
May be Rising used Baidu AV and left behind traces uninstalling? I would disable everything Baidu because you don't seem to be using it.

Quote
Will do so now.

Update: Received error "Error changing item state" while trying to disable 2 of the Tencent drivers
1. QQFrmMgr   QQFrmMgr: QQ Frame Manage Driver   Tencent   c:\windows\system32\drivers\qqfrmmgr.sys
2. QQProtect   QQProtect: QQProtect Application   Tencent   c:\windows\system32\drivers\qqprotect.sys
Try running Autoruns as admin. When that doesn't help boot to Safe Mode and run Autoruns and disable.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #32 on: July 16, 2018, 04:54:50 PM »
Even when you don't use IE the PUP will more than likely connect to the web.

Eh? How would it get through the firewall since I have everything blocked except firefox.exe and a couple of other safe browsers. Does it inject itself as a dll into an instance of svchost.exe?

Do you use QQ IM client?Do you have QQ browser? What programs by QQ do you have installed?  Does it install surprise programs? I don't know the program but there is suspicion of spyware getting installed with it:https://en.wikipedia.org/wiki/Tencent_QQ .

Yes, g/f used QQ. No way, no rubbish browsers allowed...that'd be worse than IE...  :o  Nothing else of QQ's crap either.
And no surprise programs. You can choose what to install but you have to be careful.

May be Rising used Baidu AV and left behind traces uninstalling? I would disable everything Baidu because you don't seem to be using it.

Probably. There is nothing Baidu, only some search extension and homepage for IE but that's a moot point.

Try running Autoruns as admin. When that doesn't help boot to Safe Mode and run Autoruns and disable.

Yeah, it's weird cos it didn't work even with admin in safe mode. I nuked it via the registry and adding permissions. Long winded but worked.

BTW, I also have Spybot installed and regularly apply immunization and keep it updated and do scans (as with CIS) but in 3+ years there's never been an infection or any malware or the like...just the single QPCore BS as the PUP.
And I block everything non-essential for the basic functioning of the QQ IM client, i.e; install it then deny everything except qq.exe then see if the program functions. If it doesn't then I let them have premissions one by one. I am completely anal about that, obviously because I am aware of just how crappy it is and of all the garbage that it can install and the {insert pretend service name here}.exes it runs - or tries to run in the background, ha ha -  for all the ads and other crap.
« Last Edit: July 16, 2018, 04:58:05 PM by MedNz »

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #33 on: July 17, 2018, 09:44:57 AM »
Eh? How would it get through the firewall since I have everything blocked except firefox.exe and a couple of other safe browsers. Does it inject itself as a dll into an instance of svchost.exe?
These processes run as a driver and are therefor allowed anything. Disable them.

Quote
Yes, g/f used QQ. No way, no rubbish browsers allowed...that'd be worse than IE...  :o  Nothing else of QQ's crap either.
And no surprise programs. You can choose what to install but you have to be careful.
Disable everything belonging to Tencent including QMInject and QMUdisk. These are the ones you blocked with CIS but you might as well disable them using Autoruns while being at it. Also disable the QPCore service.

Quote
Probably. There is nothing Baidu, only some search extension and homepage for IE but that's a moot point.
Uninstall the extension anyway. Then disable all drivers belonging to Baidu.

Quote
Yeah, it's weird cos it didn't work even with admin in safe mode. I nuked it via the registry and adding permissions. Long winded but worked.
That would have been the next thing I would have adviced but you beat me to it.

Quote
BTW, I also have Spybot installed and regularly apply immunization and keep it updated and do scans (as with CIS) but in 3+ years there's never been an infection or any malware or the like...just the single QPCore BS as the PUP.
And I block everything non-essential for the basic functioning of the QQ IM client, i.e; install it then deny everything except qq.exe then see if the program functions. If it doesn't then I let them have premissions one by one. I am completely anal about that, obviously because I am aware of just how crappy it is and of all the garbage that it can install and the {insert pretend service name here}.exes it runs - or tries to run in the background, ha ha -  for all the ads and other crap.
I looked at the IE tab and noticed a BHO from Tencent called Account Protected BHO Class. Unless you need it you could consider to remove or disable it.

Then as to the entries Bejing Rising. You said you installed their AV. Assuming you use no other tools from Beijing Rising I would suggest to disable them also.

All in all it's quite a list of drivers running under the surface which could cause the performance issues you're witnessing with updating CIS.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #34 on: July 17, 2018, 01:46:21 PM »
Quote
Then as to the entries Bejing Rising. You said you installed their AV.

Actually it was installed already and I uninstalled it.

Anyway, everything, and I mean everything, has been nuked, deleted and shat on personally.  ;D  Sorry, I've already spent more time on this than allotted for and I'm going to have very little time in the next 2 weeks so I'm going to have to avoid a disable this today, wait a couple of days, disable this tomorrow, wait another couple of days and see what happens kind of scenario. Let's see if Comodo now behaves itself....

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #35 on: July 17, 2018, 04:33:32 PM »
I don't think you need to wait for days after each change in this case. I am curious to know how the update process now goes.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #36 on: July 23, 2018, 01:44:55 PM »
I don't think you need to wait for days after each change in this case.

Wrong there buddy. This time it was 3 days before it started to screw up again. Thanks for the suggestions about drivers and all, but it isn't to do with CIS' update issues as this PC is now super squeaky clean after ridding it of those drivers, re-checking none had reappeared and after scanning for everything with both CIS and Spybot.

Latest pic is below. This time it didn't even get to start displaying a percentage complete.

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #37 on: July 25, 2018, 04:52:24 PM »
Thanks for reporting back. Could you post another Autoruns output for a last look in the drives and services corner?

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #38 on: July 26, 2018, 09:39:55 AM »
As requested.

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #39 on: July 26, 2018, 02:59:28 PM »
I see no third party drivers that interact with networking. Does your problem still happen or is it now intermittently?

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #40 on: July 26, 2018, 03:56:21 PM »
Does your problem still happen or is it now intermittently?

Erm, it's always been there and it's always been intermittent, i.e; the update will always get screwed up but one can never predict just how long it will be after a reboot that it will screw up. Maybe the word intermittent is not appropriate here.....more like unpredictable.
FYI I haven't rebooted since I posted the last screenshot. As a habit I don't immediately reboot after it screws up - I'd end up rebooting every couple of days if that were the case! It's a pain in the butt to reboot just because CIS screws up so I don't because I have needs to keep the system running for as long as I can - 24/7 - and, since I have never had an infection (due to the firewall and HIPS configurations being completely anal and everything needs permissions to do anything), I am confident I am reasonably secure.

You really need to examine the code and see where there's a dead end that could be causing this.

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #41 on: August 07, 2018, 12:29:34 PM »
Further to this post: https://forums.comodo.com/antivirus-help-cis/cis-virus-database-will-not-update-on-windows-10-pc-t120943.0.html;msg879256#msg879256

I was going through Sergey's messages on Skype (when we were doing remote sessions) and he said that he got it to start updating again after he turned off HIPS and force closed cmdagent.exe. So I am now doing the same thing as Sergey and cmdagent.exe then restarts automatically and I then turn HIPS back on and run the update (or vice versa, it doesn't matter whether HIPS is turned on again before or after I re-initiate an update).
Although the closing and restarting of the .exe and subsequent update goes well, there is an interesting negative trend. When it decides to stick again (it will work for a couple days then stick as I have reported before), it acts / sticks in exactly the same manner as the first time, i.e; it has stuck at exactly the same place as in that pic titled Update stuck at nothing and it's done this 4 times consecutively. Just to clarify, I have not rebooted after the post linked above, but I have closed cmdagent.exe 4 times and re-initiated the update process multiple times.

So, what seems to be happening is the code which is broken is either still in memory and / or has nothing to do with cmdagent.exe. Since I have reported this problem I have experienced the sticking in slightly different stages of the update process but this is after a reboot each time. If you go back through the attached pics you will see that there are quite a few and the stages it sticks at appear to be random. For ease, I have listed them below;

1. 01 May: Update stuck at 50%
Reboot
2. 13 May: Update stuck at 50%
Reboot
3. 16 May: Update stuck at 2%
Reboot
4. 13 Jun: Update stuck at 50%
Reboot
5. 21 Jun: Update stuck at 2%
Reboot
6. 25 Jun: Update stuck at 51%
Reboot
7. 24 Jul: Update stuck at nothing
8. 28 Jul: Update stuck at nothing
9. 03 Aug: Update stuck at nothing
10. 07 Aug: Update stuck at nothing
11. waiting for it to stick at nothing, LOL

I think 4 times in a row is a good indication that there is a pattern and that a reboot resets the pattern. What I'm going to do is monitor this and after the next reboot I'll keep track of whether it sticks at exactly the same position. Maybe this will help you track down the problem.....

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #42 on: August 09, 2018, 06:17:20 PM »
Did Sergey indicate they are getting an insight in the problem or are they still trying to figure it out?

Offline MedNz

  • Comodo Family Member
  • ***
  • Posts: 51
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #43 on: August 10, 2018, 12:19:10 PM »
Unfortunately he resigned himself to the presumption that it is a network connection issue on my end (last remote session was 21 June). He asked whether I was still having the issue on 04 July and has not been in touch since.

Online EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24706
Re: RE: CIS Virus Database Will Not Update On Windows 10 PC
« Reply #44 on: August 13, 2018, 01:19:52 PM »
Usually I would aks one of the network admins for a brief advice. He then would ask to let the member produce a tracert and a test with wget. But he unfortunately left Comodo.  :-\

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek