We were hacked into about four weeks ago. I used Avira’s Internet Security software which has a firewall in it and thought we were safe. WWW.MajorGeeks.com helped me to get rid of the hacker and they also pointed me at their list of software to use. After reading the Matusco(spelling?) firewall listing I was appalled to find that Avira was down at the bottom in the “Not Recommended” area (like 3rd from the bottom). So I dumped the Avira firewall and installed the Comodo Free Firewall. It has helped quite a bit although there are still some problems I am dealing with.
The thing is - yesterday (and again today) I am getting a message that says that the Comodo Firewall can not start but everything is ok. I let Comodo run the diagnostic and that is when it comes back and says that everything is ok. The thing is - Comodo does not come up and run. And if you try to start it manually - it refuses to run. Instead, you have to re-install Comodo Firewall and then it works for about a day. (Remember I said that Comodo refused to come up yesterday too.) It seems to me that if, for some reason, Comodo can not come up and run - that that is a major concern. I am thinking that whatever reason Comodo can not come up and run - that information should be shown rather than just a “Comodo can not start” message.
I say this because this same Hacker went into the registry and mucked around with it on another system so PHP would not run on that system. If the registry has been hacked on this system (the one where Comodo won’t come up and run) - then that should be a major concern of Comodo. The optimum solution would be to make Comodo auto-reinstall itself and then try again to run. That is what I am doing manually but it would be better if Comodo did this itself.
When Comodo would not come up and run - that system did not want to let me surf the net. However, there was internet traffic even though I wasn’t doing anything else. This would indicate to me that I’ve still got something going on with my system. After re-installing Comodo and rebooting the system - I can do anything I want on the internet and there is very little internet traffic. Again, it makes it look (to me) as if someone has done something to my system.
None of the programs (ie: SUPERAntiSpyware, Avira, Malwarebytes, Avast!, Stinger, TDSKiller, etc…) say there is a problem. RogueKiller has found Hijack entries on the system and has dealt with them. ComboFix once said (months ago) there was a Rootkit on the system - but it is not finding problems now.
Anyway, the possible way that I am seeing for hackers et al to get around this is to make it so the system won’t allow Comodo to come up and run. Which is what it seems like is happening on my system. I’m uploading the dump Comodo did when it said there was nothing wrong.
[attachment deleted by admin]