Hi,
Actually autoruns analyser is detecting photoshop.exe as fls.uknown.
Is this a bug on comodo’s end?
Or is there any possibilty of photoshop.exe being infected on my PC?
Please let me know.
Thanks in advance.
Are you using a legal version of Photoshop or a pirated version? What version are you using?
Can you check the digital signature of Photoshop and see if it is still valid?
I can bet you it is not signed, that is why you are seeing that.
Here’s a response about this in the whitelisting topic:
https://forums.comodo.com/news-announcements-feedback-cis/submit-applications-here-to-be-whitelisted-2012-t80090.0.html;msg587351#msg587351
Here is the quote Chiron is referring to:
AUtoruns is not using the TVL. That means that when the individual executable is not known by the cloud it will be shown as unknown.
That could mean this executable by Adobe is simply not known (yet) or it is a pirated version hence my question to check the signature of the file to see if it is untouched or not.
Hi,
First of all i would like to Thank everyone for the replies.
Ok I wanna know how to view its digital signature?
Please let me know.
right click on the exe and click properties then click the digital signature tab
Hi,
Well I dont know why but it stopped showing photoshop.exe.
But I have some more doubts,it is showing some more entries related to MS word.
What could be the cause for this?
can you take a screenshot so we can see what you are referring to?
Hi,
I am really sorry but how shall I take a screenshot,is it alt + prtsc sysrq or only prtsc sysrq?
Here’s the screenshot
[attachment deleted by admin]
Please do me a favor. Perform a smart scan with CCE, or at least let it start and then end it. That’s to make sure the virus database is completely downloaded and integrated. Then restart CCE and start Autoruns. See if the same files are still present.
I think there may be a bug related to the virus database and I’d like to make sure this isn’t it. The bug in question is discussed here.
Thanks.
Hi Chiron,
I did as you said.
When I clicked smart scan it took nearly 20 or 30 min to download(its a 100 mb file approx) the virus sig database( I think this is the first time me using smart scan). Then smart scan started . It said scanning MBR and i clicked stop as you said but it asked me to reboot to scan for hidden services (dont’t remember the exact word) and then it restarted and said no threats found. Why did it scan when I clicked stop?
And coming to the point after all the above happened I started autoruns analyser and this time it again detected 7 entries as unknown.
(If you want to know the entire history of autoruns analyser on my PC,here it is:
1)First time when I ran autoruns it detected 5 items.
2)then next time it detected 7 items (5 the same as above and 2 related to photoshop)
3) and next time it detected 6 items(5 the same as in first time and 1 related to k-lite)
4)and this time When i ran autoruns analyser it detected 7 items 5 the same as in first time and 2 related to k-lite but not the same as in (3) )
Thank you. Please try it once more, also after starting a smart scan, and see if it detects the same files. If it does then I think the bug is related to the virus database.
Thanks.
Thanks for ur reply chiron,but u left this unanswered in my above post:
It said scanning MBR and i clicked stop as you said but it asked me to reboot to scan for hidden services (dont't remember the exact word) and then it restarted and said no threats found. Why did it scan when I clicked stop?
CCE always ask to reboot to check to see if it successfully removed the detected threats and checks for hidden services, even if you stop the scan prematurely. Since nothing was detected before you clicked cancel it told you, no threats found, after reboot
And i have another doubt.
Actually at the start of this topic some people said that if photoshop is not legal then it will be detected as fls.unknown,in the same way shall I check ms word for a digital signature bcoz most of the entries are related to it.
And now why does it detect K-lite codec pack as fls.unknown?
Okay fine.
I am doing all this stuff after reading how to know if ur infected by chiron and I wanna know that I am not infected. So please tell me one thing,how shall I confirm whether ms word and k-lite codec pack and any other entries detected by autoruns analyser are infected or not?
I am really out of ideas.
Please please help me out.
(P.S. I am in a situation where i need help asap due to some circumstances)
Thanks in advance.
FLS.Unknown simply means the concerned app is yet not whitelisted by CIS i.e the concerned app was not found in any Comodo whitelist database. It may/may not be malware. Hope you are running AutoRun analyzer while you are connected to net, right?
Comodo Autoruns does not look at digital signatures.
Also, please see How to Tell if a File is Malicious.