asr_25670.exe crashes Comodo

XP sp2
Comodo 3.14.130099.587
Database 4254

I was puddling about on the PC when up popped a virus message about unknown heur or something, naming asr_25670.exe.

I DAGS and found nothing. While I was doing this the Comodo popup disappeared. I recalled that the file was in Win/system32, so I found it and scanned it. One threat was found. So I decided to quarantine the file. Immediately I did that Comodo crashed “Comodo has encountered a problem and has had to terminate” etc. and had to be restarted.

this is either rather worrying or that very file seems to be part of Comodo.

EDIT: I will add that when trying to upload this message, my internet connection ceased to function and I had to kill the connection controller and restart it. this may or may not be connected.

Any input appreciated.

Nick

I think that was a false positive, if you can open CIS log viewer (CIS directory got separate log viewer exe), you can check the exact application name.

Thanks for the reply.

The log still shows the asr_25670.exe as the name of the file.

What makes you think it’s a false positive, and why would Comodo have crashed the instant I quarantined it?

Nick

Sorry. Also, what do I do now? I restored the file and Comodo just finds it as a threat again.

Nick

Hm, or maybe not (if that’s not a hardware driver file)! Please, upload the file to virustotal.come or use CIMA.

hmmm…thanks for the pointer.

I went to totalvirus, and every search showed a worm

I will try to kill it. But right now Comodo V4 is broken on my machine. >:( I posted about it: a missing cfp.dll

Nick

Try running Diagnostics from under More. Does that fix it?

Otherwise you can try to copy the cfp.dll from the repair folder to the COMODO Internet Security folder. When needed do it in Windows Safe Mode.

Also follow What to do if you’re infected - eXPerience Rev.3 to see if that can get rid of it.

Thanks for all the replies.

OK. I have really messed this thread up. I apologise. I have had a heap of trouble with Comodo, which started just after this crashing happened. Failed updates (3.13.xx), failed installations (V4)

But it all seems resolved. I now have V4 installed and working. the trojan has been quarantined by Comodo, no crash.

I will check out that link to cleaning up, because I am pretty sure that often, these files are somewhere else and will simply be reactivated.

Nick