AEC.SYS detected as trojan (False positive?) [Resolved]


Your certainly not alone!

Lets hope Comodo sort it out & fast!



Note to self don’t restart computer in fear of FP

Thank you KEVIN and NANCY for all those wonderful years of support of this wonderful product.

It goes to show how many hours you put into your product since the support was stellar (fixes within an hour or two). But this is life and everyone needs a break.

Looks like some of the team is no where up to speed nor up to your expertise as you have hoped.

(B) of BS

I also had this FP, but boclean crashed first. When i started it, it immediately popped up saying that a trojan had been found in aec.sys, and that it had been stopped.
However, the report doesn;t mention it. ???

As stated in another thread, the latest updates seem to have fixed this problem (AES.SYS) - Thanks.

Not sure abt the other .sys files (other than AES.SYS) that others have reported. Hopefully calm for them too.

Another thing:
From user feedback, the deleted .sys files are put back by Windows. But can the Comodo Team confirm if their deleted registry entries are properly fixed upon reboot as well? TIA

I feel left out, I dont get that false positive :wink:
How come just some have this issue?

My friend let BoClean delete the file. The file is restored, but how can she repair the reg key? Since deleting the file, she cannot get online.

If she would have clicked no, would the reg key still have been deleted?



Just got my update at 6 am (UK time) and this looks like it has sorted that issue out.

Well done to Comodo but maybe next time could it be a bit quicker??



Lucky! Hopefully no issues with very latest update.

If u had the previous (bad) update, the .sys files would be detected during BOClean’s startup scan (e.g. when u turn-on PC, restart PC, or restart BOClean).

If u did nothing to ur PC / BOClean after the (bad) update, you’d have missed the issue. I think that’s wat probably happened.

madcow, she could try doing a “winsock repair”…

i have never tried it, but, according to microsoft, it can be done by opening the “command prompt” and typing “netsh winsock reset catalog” (minus quotations) and then pressing “enter”…

you can adjust BOC’s cleaning options, in BOC’s “configuration”…

i disable all of BOC’s cleaning options so that it will not delete my HOSTS file or my activex controls in “downloaded program files”, or strip my settings in IE… i would rather not have to deal with restoring all of those things after BOC does its “cleaning”…

imo, no one should be running c-BOC 4.23 seeing that it is not working right… it is not supposed to trash your “winsock” when it does its cleaning, so that you then cannot connect to the internet… if you are going to use c-BOC 4.23, i would suggest turning off the “winsock” “cleaning”, in BOC’s “configuration”…

here is what my settings look like (i had BOC’s “automatically start” disabled, temporarily, because of the false-positive):

More weirdness, although I had cleanup of HOSTS file checked, the HOSTS was not in fact cleaned ???

What I do before allowing any security software to delete a file is try and find out what it is. On this occasion that meant visiting these forums, submitting the file to Virus Total and searching google for the file to see what it was.
The BOclean pop up asking if the file should be deleted or not sat there on my desktop until I ascertained if the file was really a nasty.

I would respectfully suggest to everyone to take this route as every security application throws up false positives over the period. A short time spent getting confirmation can save a long time trying to restore your PC to it’s former state. (V)

querty, are you saying that BOC’s cleaning process did not delete the HOSTS file? if that is what you are saying, then yes, that is just one more example of how c-BOC 4.23 is not functioning properly…

if you read kevin mcaleavey’s recent post, he explained that the code in c-BOC 4.23 was all ■■■■■■■ up and that is why it is not functioning properly…

supposedly, c-BOC 4.24 will resolve the problems that people have been having with c-BOC 4.23…

i agree, joliet… i have never had a file flagged on my computer that was not a false-positive… i have always checked them out before allowing the files to be “cleaned”, except once, when i allowed ad-aware to remove an AOL on my computer… thankfully, i was able to restore the file from quarantine… my AOL would not run without the file…

Maybe we should ask Tony to write a turtotial for newbees how you can research a ( possible false ) positive. And ask Melih to make it a sticky here :slight_smile:

Greetz, Red.

Hi this is my first post. I had the same problem on my XP system. After searching the file in question I found a patch from Microsoft [url]Microsoft Support. It refers to a timing error causing a stop error. After running the patch the BOClean Error went away. I hope this Helps. To download the patch I had to Validate first. Also I am not an expert so please check the article yourselves. Goodluck

I checked the winsock from the command prompt. It seemed ok. I read the winsock reset article, but as I remember, it did some things I didnt want to happen. I finally ran a system restore which fixed the connectivity issue, and broke the antivirus proggy… :slight_smile:
I will fix the virus proggy later today. I have told her in the past to contact me before deleting anything an anti-malware proggy might find. I guess she didn’t listen. If she does this again, I think I will tell her to take it to a repair shop. When she has to pay to get it fixed, she may pay more attention to what I tell her.

I had same FP this morning but after my update, manual updating gives the can’t find BOC4UPD.EXE
and this is XP not vista. Will try rebooting again to see if the manual update still doesn’t work.

Just booted up this AM and low and behold… I also got this Trojan FP.
Please advise. (:KWL)

Update must have been more then a Def update. After this morning’s update, Comodo-Boclean does not auto startup on boot & the manual update doesn’t work.
When i got the FP right away this morning I let comodo delete the file.