I cannot find it on my Win 7 SP1 x64 Ultimate. Could you upload the executable to VirusTotal and post the url of the report here? There are multiple mentions of programs using a process called StopService.exe.
What publisher do you see when looking at the Name of the signer in the Digital Signatures tab of the Properties op stopservice.exe? Do you see Comodo there? Can you post a screenshot? Do you have Comodo Internet Security Essentials installed? I don’t have it installed.
The virustotal crowd says it is clean:
Certificate of stopservice.exe, sorry low res:
In C:\Windows\SysWOW64 there are also present:
stopservice.log
stopservicelauncher.log
Both also created october 4, the day I think there was a (small) Comodo update. The update did not require a reboot I remember.
No other programs were installed or updated that day
As far as I know, Comodo Internet Security Essentials is not available as an installer, only zipped, so runs portable and would not leave any traces after running. (Correct me if I’m wrong). However, Comodo Internet Security Essentials is not present on this machine, and has never been run on it.
The machine is allways run with care. I mean, has not been online without firewall, alle browsers are run within a sandbox (sandboxie) etc. etc. I make an image after installing and unpack it every 6 months or so, which in fact is a fresh install. . It hasn’t been running a lot since the last time. After booting up the first thing I do is download my updates if there are any. It’s been 15 years since I had mallware on my pcs’s.
You say you do not have stopservice on your machine. I also have a stopservicelauncher.exe in C:\Program Files\COMODO\COMODO Internet Security. Could you check if you have that? If you do have it, it could be you are not using a function of CIS that initiates the stopservice.exe in C:\Windows\SysWOW64?
Also stopservicelauncher.exe is clean according to virustotal.
It belongs to CIS. I did a clean install of CIS and got an update in which the files got added. That mystery is now solved.
Could you post the crash dump? It may be found in C:\ProgramData\Comodo\CisDumps.
C:\ProgramData\Comodo\CisDumps is empty on this PC. No crash dump there.
(I checked on another machine Running CIS in my household and that one is empty also).
There are warnings in the stopservice.log file though: “Warning: GetModuleFileName(…) returned : 35”
Whatever that may mean.
These warnings dwell between a lot of lines like thes few:
Info: using Win_x64 path for version
Info: version is :58 under V58
Info: using Win_x64 path for path
Info[openRegKey]: success opening registry key
Info: Success writing key for script restart if needed.
Info[openRegKey]: Success closing key.
Info: initializing script at: 01:39:36.151
Then there is: stopservicelauncher.log
It only containes 2 lines:
“Success: script was launched!
Info: exiting now”
Can’t you put up your service.exe for download on yousendit or somewhere so I can replace mine? Maybe it is just my .exe that is missing a bit or a byte.
edit: this is the SHA-256 hash of my stopservice.exe:
E593F19771B5D40F8519384B08ED9A7091FBAA669730B3E809FE7DCE94E3A52B
Could you compare with yours?
The default tool I use to check hashes does not provide SHA256 but only goes to SHA1. stopservicelauncher.exe" 9737DEAFA1F01822D1376D1C0BF4C5124721BA5C. This is the file in the CIS installation folder.
I have the stopservice files, these files seem to be introduced in an update to .6710. Apparently they seem to be something related to Comodo Dragon, try uninstalling Comodo Dragon if you have it to see if it is the culprit. I don’t have Comodo Dragon installed and I’m not experiencing crashes from any of these stopservice files.
Your stopservicelauncher.exe matches with mine.
You didn’t say you now have the stopservice.exe as well. The SHA1 hash of mine is:
CF849DA399127C160A6E3DB890661FFD8BF420FB
Remarkable, no Comodo Dragon is running (or has been running) on this machine.
The SHA1 of stopservicelauncher.exe in the SysWOW64 folder is CF849DA399127C160A6E3DB890661FFD8BF420FB.
I have Dragon installed also on Win 7SP1 x64 Ultimate and I am not seeing crashes. It is must be somethinh specific for his system.
SpaceIndian. Can you check in the following folder if you see crash report for stopservicelauncher.exe: C:\Users%username%\AppData\Local\CrashDumps?
Hi SpaceIndian,
Sorry for the trouble caused.
Please check your Inbox and provide the requested logs for investigation.
Thanks in advance.
Kind Regards,
PremJK
Hi All,
This is related to a defect detected in Comodo Dragon updater in earlier versions.
Done.
I found out Chromodo had been running on this PC. It has been removed some time ago.
There is still a Chromodo Folder in:
C:\Users[admin]\AppData\Local\Comodo
Would the issue be over if I were to simply remove stopservice.exe?
And if so, what about:
stopservice.log
stopservicelauncher.exe
stopservicelauncher.log
I checked another machine that has been running Comodo Dragon. None of the stopservice* files are present. It is completely offline for the moment and has not received the latest updates yet.
You can fix the issue with the following:
Run regedit and locate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
And delete the key:
“StopServiceRestart”
Let us know if this solved your issues.
NOTE: Please use regedit with extreme caution
There is no such key present:
https://preview.ibb.co/g3cQyp/register.jpg
Do you know what this .exe does? Wouldn’t the issue be over if I were to simply remove stopservice.exe? Then there still would be stopservicelauncher.exe in C:\Program Files\COMODO\COMODO Internet Security. Why is it there if stopservice.exe belongs to Chromodo/Dragon?
You need to expand the currentversion key and find and select the runonce subkey to remove the auto-start entry if it exists.
If there is no key present, a system reboot should solve the issue.
Can you tell me if you still see a system slow start after reboot?
I put up a post here about the issue.
https://forums.comodo.com/bug-reports-cis/resolution-for-cis-slow-boot-after-latest-updated-t122889.0.html;msg881725#msg881725
Thanks,
Shane.
Well, the system gets shut down every day, and rebooted every next day. So today I rebooted the fifth time since stopservice.exe is present. The symptoms have not changed during and after those reboots.
After my last post I used the search function once more in regedit to check if it is present on an unexpected location (hardly probable I thought) and lo and behold! It is there, in aforementioned location. I removed it. Rebooted. Problem gone! Rebooted again. Problem still gone!
For the time being at least: StopServiceRestart may not be present, it apparently can one day appear out of the blue. :o
But there is no such key: