Bo clean

Just like to say in 1week bo clean has stopped 4 trojan horses! I now feel more comfortable opening programs on the web. Thanks Stuartm

Welcome to the house of Comodo stuartm!
You might want to look into some of Comodo’s other quality software as well.
As soon as Kevin puts the finishing touches on the new release (4.24) I understand he’ll be working with the other products here as well.

~cat~ we are already on 4.23 :wink: The new version will be 4.24 :slight_smile:

Greetz, Red.

Oops, edited. Thanks Red!
Guess who hadn’t been to bed yet. :wink:

Thanks for posting Stuart.


Yep, good to hear it :slight_smile:

Btw ctrlaltdelete send me a pm today with his research on “playscan1189.exe”, a so called “video codec” :(, that contained a “Vundo” and a “Zlob” variant, and that was stopped by BOClean too :slight_smile:

Greetz, Red.

thats exactly what Boclean is designed to do…:slight_smile:


They were probably either false positives, or you’ve been playing where you shouldn’t be!! (:WIN)

1 trojan was caught on ebay! The others by trying to download a registry cleaner! Any ideas what esellerate malware is? Stuartm

Well A Googie of the name brings up a few things, one being it was a competitor of Digital River, the company that had a monopoly and am of course Digital River was the same company Kevin used.


Always nice to hear examples of situations where a program like BOClean is doing its job :slight_smile:
Since it’s designed to catch malware, I sometimes wish that I could get infected more often, just to watch BOClean in action!

Well I saw it in action when I suggested it to my father because his PC acted weird. It immediately found the Virtumonde malware. Unfortunately it wasn’t able to get completely rid of it. But it at least did name the thing.
So I found a software (VundoFix by Atribune) that was able to remove Virtumonde:
Would have been nice, if BoClean would’ve cleaned it completely but nobody is perfect.


Unfortunately you may not be completely rid of it… Vundofix doesn’t completely do the job with the latest variants of vundo…

You might add…

combofix to the mix to be sure
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you.

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

How do you know CBOC didn’t kill the active infection?
I’d normally assume you’re seeing dead remnants but without more information I can’t say for sure.
If someone has a copy of the malware in question I’d be happy to run it on a test box to see.

The infection has taken place before. Both my AV and BoClean told us that evil things are going on. I let BoClean delete the file but the Virtumonde was in more than that file and recovered after a system restart. I think we got rid of it with VundoFix but to be sure, I’m going to send him ComboFix to be sure. Thanks CajunTek!

It seems I was a little quick:
That ComboFix program seems a little fishy! After it had finished scanning, BoClean detected “Nircommand” in the Folder C:\COMBOFIX\ (which doesn’t and didn’t exist).

@CajunTek: Are you sure that this program is not malware itself?

Hi Weaker :slight_smile:

Combofix is no malware. It is a tool that is used by a lot of Malware Experts.

Greetz, Red.

Not all the AVirs on Virustotal like the ComboFix.exe. There is very little documentation as to what it does and will do. I probably would not use it myself.

Here’s a quote I found - note the statement about deleting automatically:

"ComboFix specifically targets SurfSideKick, QooLogic, Look2Me or any combination of that group.

It also nicely picks out Vundo infections and clears some, but not all.

One of the better things it does is pick files recently created which can give clues to other infections. It’s very robust too. You can use it to unhook any dll in the system32 folder. You can use it to delete up to as many as 8 files using its command line functions.

It deletes a bunch of files related to the infections above automatically and is updated fairly regularly.

There is more but that’s it in a nutshell."

Research what people recommend and decide for yourself if it is good for you :slight_smile:


Heck, most AVs aren’t that fond of vundofix either… or the smitfraud removal tool…

I use combofix regularly on infected PCs and have never had an issue with it… Take a visit to dslreports security cleanup forum and you’ll see I am not the only one who uses it… It’s a good tool and used without switches is at least harmless…

But why does BoClean come up with that Nircommand malware when ComboFix was nearly finished? This is my concern. It quarantined svchost.exe as svchost.exe.vir. However, if svchost was infected before, why didn’t BoClean come up then?

This is what Virustotal says to that svchost file: