I cannot find it on my Win 7 SP1 x64 Ultimate. Could you upload the executable to VirusTotal and post the url of the report here? There are multiple mentions of programs using a process called StopService.exe.
What publisher do you see when looking at the Name of the signer in the Digital Signatures tab of the Properties op stopservice.exe? Do you see Comodo there? Can you post a screenshot? Do you have Comodo Internet Security Essentials installed? I don’t have it installed.
In C:\Windows\SysWOW64 there are also present:
stopservice.log
stopservicelauncher.log
Both also created october 4, the day I think there was a (small) Comodo update. The update did not require a reboot I remember.
No other programs were installed or updated that day
As far as I know, Comodo Internet Security Essentials is not available as an installer, only zipped, so runs portable and would not leave any traces after running. (Correct me if I’m wrong). However, Comodo Internet Security Essentials is not present on this machine, and has never been run on it.
The machine is allways run with care. I mean, has not been online without firewall, alle browsers are run within a sandbox (sandboxie) etc. etc. I make an image after installing and unpack it every 6 months or so, which in fact is a fresh install. . It hasn’t been running a lot since the last time. After booting up the first thing I do is download my updates if there are any. It’s been 15 years since I had mallware on my pcs’s.
You say you do not have stopservice on your machine. I also have a stopservicelauncher.exe in C:\Program Files\COMODO\COMODO Internet Security. Could you check if you have that? If you do have it, it could be you are not using a function of CIS that initiates the stopservice.exe in C:\Windows\SysWOW64?
Also stopservicelauncher.exe is clean according to virustotal.
C:\ProgramData\Comodo\CisDumps is empty on this PC. No crash dump there.
(I checked on another machine Running CIS in my household and that one is empty also).
There are warnings in the stopservice.log file though: “Warning: GetModuleFileName(…) returned : 35”
Whatever that may mean. These warnings dwell between a lot of lines like thes few:
Info: using Win_x64 path for version
Info: version is :58 under V58
Info: using Win_x64 path for path
Info[openRegKey]: success opening registry key
Info: Success writing key for script restart if needed.
Info[openRegKey]: Success closing key.
Info: initializing script at: 01:39:36.151
Then there is: stopservicelauncher.log
It only containes 2 lines:
“Success: script was launched!
Info: exiting now”
Can’t you put up your service.exe for download on yousendit or somewhere so I can replace mine? Maybe it is just my .exe that is missing a bit or a byte.
edit: this is the SHA-256 hash of my stopservice.exe:
E593F19771B5D40F8519384B08ED9A7091FBAA669730B3E809FE7DCE94E3A52B
Could you compare with yours?
The default tool I use to check hashes does not provide SHA256 but only goes to SHA1. stopservicelauncher.exe" 9737DEAFA1F01822D1376D1C0BF4C5124721BA5C. This is the file in the CIS installation folder.
I have the stopservice files, these files seem to be introduced in an update to .6710. Apparently they seem to be something related to Comodo Dragon, try uninstalling Comodo Dragon if you have it to see if it is the culprit. I don’t have Comodo Dragon installed and I’m not experiencing crashes from any of these stopservice files.
I found out Chromodo had been running on this PC. It has been removed some time ago.
There is still a Chromodo Folder in:
C:\Users[admin]\AppData\Local\Comodo
Would the issue be over if I were to simply remove stopservice.exe?
And if so, what about:
stopservice.log
stopservicelauncher.exe
stopservicelauncher.log
I checked another machine that has been running Comodo Dragon. None of the stopservice* files are present. It is completely offline for the moment and has not received the latest updates yet.
Do you know what this .exe does? Wouldn’t the issue be over if I were to simply remove stopservice.exe? Then there still would be stopservicelauncher.exe in C:\Program Files\COMODO\COMODO Internet Security. Why is it there if stopservice.exe belongs to Chromodo/Dragon?
Well, the system gets shut down every day, and rebooted every next day. So today I rebooted the fifth time since stopservice.exe is present. The symptoms have not changed during and after those reboots.
After my last post I used the search function once more in regedit to check if it is present on an unexpected location (hardly probable I thought) and lo and behold! It is there, in aforementioned location. I removed it. Rebooted. Problem gone! Rebooted again. Problem still gone!
For the time being at least: StopServiceRestart may not be present, it apparently can one day appear out of the blue. :o