500 false positives ???

hey, wtf is going on?

i just reinstalled my whole windows because comodo IS started to delete random system files. after the new fresh install, i didnt notice that it started to update automatically and then launched the auto scan… when i got to it, it said it found 547 threats and some “clean / ignore” window was already opened… and it was only at 84%! i think it wont even boot up now because it didnt even find control panel before i unplugged the sht… (xp sp2 original install from scratch).

i got another system that failed because of the CIS removals, but havent reinstalled that yet…
??? ??? ???

Hi screenshot,

We need more details on the reported issue in order to reach a conclusion on the problem and find the proper solution. Can you please submit some of the files and/or the scanning log at Comodo Antivirus Database | Submit Files for Malware Analysis ? What’s the detection name? Are your installation media and newly installed programs from a trusted source and clean? Can you please scan these as well to verify if they’re state is ok?

Thanks and regards.
Ionel

Just close the window.
Don’t press “Clean”.

i think it pressed something itself after a while because i couldnt even open msconfig or controlpanel to remove comodo…

windows was installed from the original sp2 disk and i got latest cis from filehippo

i need to run the hdd from a caddy or something to be able to submit files, but dunno when i can do that…

CIS shouldn’t be deleting anything by itself. Have you looked in the quarantine?

I’m sorry that whole story sounds suspect

" 547 Infections and CIS is randomly deleting system files. " 88)

Look on the the bright side if it’s true it was time for system restore.

I just reread your post are U saying CIS found 547 infections on a fresh install ?

You must work for AVG. Either that or you got your copy of Windows off the Pirates Bay ;D

CIS does not do a great job with patching viruses to say it diplomatically. You could be infected with one of them. Please try booting from and scanning with rescue discs from Dr. Web or Kaspersky and see if they can fix this or not.

k, where are the log files stored?

somebody please change the subject to better suite the topic…

I do not think it is a false positives issue, it is rather a patching virus issue as mentioned by EricJH like ramnit or virut or something else…

I also feel (it has happened to me many times) that before installing CIS, the system has the virus running in memory and it happens that even CIS can not do much with it (as already mentioned, it is not quite good at cleaning, it would simply delete) the infected files, it would have deleted the files, just my thought.

if your running a patched version of windows all the log files on earth won’t help you. trust

I’m not saying you are, but if you are.

i already said that its installed from original sp2 disk. someone asked for a log and i asked where the log is…
the sys booted up but crashes randomly, so im not sure i can export anything…
and the “clean/ignore” windows still pop up…

Did you try scanning with the live CD’s? If not do that first. If the problem is a patching virus then that is the only way to go.

Let us know what these live CD’s report. When they cleaned viruses the next step is to boot Windows in safe mode and run system file checker from the command prompt as described in this tutorial: How To Use Sfc.exe To Repair System Files - Microsoft Windows Mini-Guides .

Keep us posted.

it did say something about win32.virut.av…, but dunno what ‘patching virus issue’ means…

download these two, burn each to a different cd, then boot from them. To do that put the disk in the cd try, restart windows, go into bios and change the boot order so the first one is CD.

http://support.kaspersky.com/faq/?qid=208282173

http://www.freedrweb.com/livecd/?lng=en

run kaspersky and repair whatever it finds and remove everything else, then run dr web cure it and cure whatever it finds.

looks like kaspersky found 599 of them and dr.web 4 more… have to check how drweb cleans stuff…

dr.web found somekind of trojan.packed.194 - lights.exe (packed by FLY-CODE?)… how bad is that? dunno how i even got this sht on 2pc-s basically on the same half-hour… :expressionless:

Reinstalling Windows even from an original CD does not necessary clean infected HDD. Did you boot up from the CD or some kind of HDD utilities CD and reformatted your harddisk before reinstalling? I’d suggest you do that.

looks like kaspersky found 599 of them and dr.web 4 more

Well it seems like it’s no FP anymore :P0l

Did kaspersky offer to repair the file or just quarantine them also what did they name them?

i did format all the drives(because i also needed another partition) with ntfs quick…, but dunno…
599 of them were probably these win32.virut.av or smth… i think it disinfected them and then i re-installed it again… and then made a system restore because it didnt install 3g drivers -.-
created another user and then all worked fine… now all up and running again…

thanks =)