AXLIFROCET.EXE

Several months ago I changed my firewall from Zonealarm to Comodo. I am now being plagued with security alarms suggesting a file called ALFROCET.EXE is attempting to alter my registry. I have searched many search engines like Google and the name always comes up blank.

When I run regseeker I get many entries like the following, but these entries refuse to be deleted. I have even tried deleting them with Regedit without success. I have checked the Windows directory and, as reported by Regseeker, the file does not exist.

HKEY_LOCAL_MACHINE
System\Software\Comodo\Personal Firewall\AppCtr *****
Filename C:\WINDOWS\SYSTEM32\AXLIFROCET.EXE
File or Path does not exist

Has any other Comodo user heard of this file … Help Please

Hi PatBacon, welcome to the forum!

I googled it too without success. So you have no idea what its origin could be? What software do you have, that gives alerts of this file trying to alter you registry (Comodo Firewall Pro 2.4 won’t, but I think 3.0 beta would)? Does the file attempt to connect to the internet?

As for the registry, I think that an entry can be locked from two reasons - either it is related to a running program, or there is something with rights (which I have no experience from).

/LA

Thank you Lioni for your reply. My Comodo version is 2.4.18.184 . I’m running loads of different software, but the only one that advises me of Registry Changes is Spybot (Teatimer). The frequent Comodo warnings suggests that the file could be a trojan. (But the file does not exist ???) When I look in the Registry at the Comodo files there are approximately 20 where reference is made to AXLEFROCET. Every Program I have authorised through the firewall has such a sub folder. This really is a mystery. Hope someone here can get to the bottom of it.

OK, so Teatimer is the alert-giver for the attempts of registry changing. I’ve got a couple of further questions to understand what this is about; How does Comodo’s alerts look like; is AXLEFROCET trying to access the internet as a parent to your web browser (perhaps you could post a screen shot)? What do you mean by “the file does not exist”? It appears to exist if it’s trying to alter your registry and connect to the internet.

Thanks,
/LA

Thanks again Leoni for your reply, The alerts now come, basically from Comodo. I will send a screen shot as soon as I can figure out how. The file simply dosn’t exist in Windows\system32. I have checked it, and also Regseeker advisers me so … But it is Comodo that is constantly warning me about it. I now have more than 20 sub folders in the Comodo registry referring to this non existant file. HELP!!! … And not one of these files can be deleted !!!.

Here’s how to take screenshots:
https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/screenshotposting_for_beginners-t6770.0.html

I suppose you mean that none of the registry entries can be deleted.
It might be because you’ve enabled CPF to protect its own files and registry keys(I guess v3 also got this ability).
If that’s the case, try disabling it, and then try to delete the entry. You should try in safe mode.
Make sure to backup the registry keys, but right-clicking and select ‘Export’ and save it in case it should mess up your system.

Ragwing

That’s a good advice from Ragwing.

I still don’t understand how this program can come back and cause alerts, when it’s deleted. I guess it’s not a hidden file - you do have enabled “show hidden files” in Windows Explorer, right?

Personally I’ve encountered a problem similar to yours; a setup file for a program wanted to access the internet (according to Comodo’s alerts). It was supposed to be located in the local temp folder, but it was not there. After a re-boot the problem was solved. No more alert from Comodo. I guess this is not applicable for you though, unless your problem only has occurred after your last boot-up.

/LA

I haven’t got to the bottom of this problem. However, I think I have fixed it. I did a system restore going back to early August, and the dodgy entries against Comodo have thankfully gone. It was a bit of a pain re-updating Windows, AVG and all my spyware programs, but I hope the problem won’t return. Interestingly, a file appeared in C\WINDOWS\System 32 called AXLIFROCET.dat. I have sent this to the re-cycle bin, so it will be interesting to see if anything is affected. When I again googled AXLIFROCET it came up with 4 ‘hits’. I was delighted to start with, until I realised all of them were pointing to my own posts on the Comodo forum.

Pat, if you still have the file on your computer you can submit it to Comodo (Security > Tasks > Submit Files to Comodo for Analysis) or these sites:
http://virusscan.jotti.org/
http://www.virustotal.com/en/indexf.html

Thanks Soya, I did, several times, try to send the files for Comodo to check out, but the link wouldn’t work. They are now gone - I hope for ever !!!

Yeah the submit to Comodo function sometimes don’t work, but that’s due to the server and not CFP itself.

PatBacon, I’m glad that you’ve solved this, after all. Can we consider this thread as [resolved] then; a subject to close?

/LA

Leoni, I certainly hope this matter can be considered closed. But to my mind it will only be ‘closed’ when I know where this file came from. I certainly didn’t name a file or anything else “AXLIFROCET” but as sure as hell someone, somewhere did. I shall continue searching - and being extra vigilant !!!

Well, technically this issue resolved with system restore. If it’s only a matter of wanting to know the origin of the file then we move this thread to the Malware Removal Assistance board. Just because there’s no results searching in Windows doesn’t necessarily mean the file doesn’t exist (especially if it’s malware because it can hide itself from the Windows shell).

Many thanks to Leoni, Soya and Ragwing for your input. I suppose it can be considered resolved with System Restore. I shall, however, not be satisfied until I found out where this file came from. I shall kep an eye on the various forums hoping for an answer. (It is possible that a mystery file called C\WINDOWS\Temp\NSIS_install_iGB.exe has got something to do with it, This file appeared on my system at exactly the same time as the AXLIFROCET.DAT. Thanks once again

My previous post was incorrect on the board; it should be the General Security board because we’re not really referring to different products here and you don’t need assistance on removing it because it’s already removed :). This way it’ll gain the correct attention and maybe someone else will have more info on that peculiar file. Still, the best way to get to the bottom of the file is to submit it to your AV / AS vendor.

Soya, Thanks again for your interest. I have only been messing about with computers since 1995, so I am a little naive, and, regrettably, I don’t know ahat AV / AS Vendor means. Most of the progams I use - Anti Virus, Spyware etc are free, so vendors (sellers) don’t come into it. Wishing you all the best and good luck. Pat

95? mm…That’s about right after the time I started really using them as well.

There you go! AV = Antivirus | AS = Antispyware :slight_smile:

…and I believe a decent provider of AV/AS should happily accept submitted files, even though their product is free. :slight_smile:

LA

Of course they do. How else will their product database improve? :slight_smile: