Antivirus Event: Can't resolve - Trojware.js.TrojanDownloader.Agent~EWH@22692244

Whenevern I open up IE and look at virtually any website, I keep getting the warning about a Trojan Trojware.js.TrojanDownloader.Agent~EWH@22692244.

I choose clean and even quantine and it seems to just keep telling me over and over again…so I’m assuming something has happened. The location is shown as:

c:\documents and settings\user\local settings\temporary internet files\content.IE5

I don’t even show a folder under temporary internet files.

Can someone please get me so help on how to recover from this…apparently it must have slipped through Comodo and it looks like my computer has been infected with something and it doesn’t appear that Comodo can clean it.

HELP Please !

It’s most likely a false positive, if you look elsewhere on the site you’ll see a bunch of us have had exactly the same popups today.

Ok, thats a relief. It cleared up…either because of the second virus def update from Comodo or the fact that I asked IE to delete all cookies. Its seemed to be interpreting a cookie as a virus.

I’ve been getting this too. Even when I went in to clear Internet Explorer data, a warning popped up. Most-likely a false-positive, but I’m uninstalling/reinstalling Java, Flash, and Shockwave just in case.

Please submit this file as possible false positive to Comodo following How to report False Positives - Please read this before submitting !.

I will move this topic to the f/p board.

Ok, I was wrong its back. I guess deleting the cookies was only a temporary fix.

I would be happy to send you the file…but the file location as specified by Comodo does NOT exist.

Am having the same messaging and also unable to find the file noted by the Alert.

Windows XP:
My Computer->Tools->Folder Options->View->Hidden files and folders->turn on Show hidden files and folders->OK. :wink:

At what site does this message show up? What browser are you using?

Is the notification anything serious? I got the same problem? I did the Report As False Positive and I also tried Disinfect and Quarantine?

It may be a false positive. At what site does this happen?

Hey, having the same problems here too. Running Win 7 64 bit, Comodo up to date. Using IE 8. Was working just fine yesterday, and now today I get the problem randomly.

Here’s a list of sites that have set it off so far. Most are my daily sites or places I always visited before, and shouldn’t count as malicious to my knowledge.

It does seem to happen rather randomly though. Sometimes I can visit the site just fine, other times it triggers on nearly every other page. Doesn’t seem to have any visible cause or trigger on the users end besides loading a new webpage or downloading a file.

Board I moderate:

Gmail does this too, but I can’t link to my logged in Gmail account, obveously.

Facebook triggers it. Also, when scanning %appdata% the temp file for the “like” buttons on facebook is caught as a virus as well.

There are many others too, but like I said, it’s inconsistant at best when the error pops up. :confused:

This is the locations that keep getting flagged by comodo during use of the web.
C:\Users--MyUserNameHere–\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\268N16B6\mail[5].htm

The number at the end of the mail[5].htm file keeps going up as more hits occur, it’s like when you get duplicate files in the same directory.

I’ve also noticed that it seems to be triggered most by websites with either dynamic content, or forums with email links. Not sure if that helps any or is just my luck though.

Hope this info helps,


Same problem here, the location doesn’t exist and the warning is popping up randomly. I get it in my email inbox, facebook, google, actually, any site I’ve gone to today, including this one.

I am using Windows 7 32 bit and IE9

It’s on every ■■■■■■■ website imaginable, what is wrong with this ■■■■!? IE9 here…

Did that, got as far a looking for Temp Inernet Folder (which is suppose to house the “trojan”)in the Microsoft folder. It aint there.

Guys fix this thing its killing me!!!

What you have to do is go to the folder “Temporary Internet Files” then manually type in the \Content.IE5 in the address bar and hit enter. The folders should then come up.


p.s. You can`t upload it to VirusTotal

I get an alert for Trojware.HTML.Exploit.CodeBase.~Exec[at]226875254 with IE9. As the link denotes there is a topic for this. This f/p is confirmed and will be fixed. As a workaround you can temporarily switch to Firefox or Opera browser. Not all of the f/p’s show up when using another browser.

There is being worked on.

FireFox 4.0.1webmoney advisor plugin!

Yeah i just got this pop up along with the exploit one and i dont even use IE.just incase were any of you running bittorent because i know comodo has a fp for it when it tries to auto update