A scary FP - if true

Today my CIS scheduled scan scanned and popped up with the following file with ‘high’ critical rating ;

c:\program files\Common Files\ESRI\is08211.dll as backdoor.win32.pcclient.ngo[at]134351760

Instead of disinfecting (deleting) the file I quarantined it because I thought I had CIS for long and no untoward thing is observed till date.

After quarantining, I wanted to search web to see what is08211.dll stands for and whether it is such a dangerous file. I clicked Firefox and a message popped up that firefox cannot initialize due to ‘lack of permission’. Okay, fine, something went wrong and I clicked IE… oh… I can’t open IE. I got a bit frantic and checked the programs in task manager. No new programs were seen, but I thought while quarantining the file, the ‘dangerous’ file did something drastic.

So, now I clicked MS Word to check whether that is working… no way… MS Word can’t open. Everything was fine just 20-30 minutes ago when the ‘scan’ started. So I thought let the dangerous thing remain, I need to save my computer first then ‘handcuff’ the dangerous file and I restored the ‘iso8211.dll’ file. But, in vain. Before my eyes I was losing access to each of my resources. Anything that I open once, will lose the access if I try the second time. I opened My Computer to try to open firefox through that, but when I clicked it again, I had no access and My Computer would not start. The programs under Start-All programs had vanished and the C and D drive could also not be seen.

In short, except CIS (thank God), I could not open anything. Using CIS - active process (task manager was gone by then), I isolated ctfmon.exe, googleupdate.exe and desktop calendar.exe…

Cutting short, after isolating the above three applications and also restoring the iso8211.dll I rebooted and yes, I could get my applications back. I opened firefox and firefox started as if it is starting for the first time and I had to reconfigure each of my add ons and the firefox options itself.

I shall be obliged if you can check whether this is caused by this file, because except quarantining this file I wasn’t doing any work at that time. Whatever else like stoppage of all programs culminated after that.

If you require the file, please send me a PM. Is this such a critical file to cause such a havoc in my machine and if yes, it need to be fixed immediately.

XP SP3, CIS 5.0, CSC-3.0. No other security software

Hi layman,

Please submit detected file as false-positives at Comodo Antivirus Database | Submit Files for Malware Analysis .
So we can check it.



I confirm that the FP has now been fixed. But, can you please confirm whether the problems observed in my computer was due to this or I need to go more deep into it to check with other anti-virus.

No other active process was observed in my computer at that time and I haven’t used any USB and my computer was almost inactive, except the scan, when such dramatic things like wiping out all my icons, invisibility of my physical drives and removal of all programs from the start menu and access to all the programs had happened.