BOClean shuts down everytime it blocks a trojan

Hello, I’ve been using Comodo BoClean since it came out and it has blocked me from numerous trojans that nothing else has picked up. However, with that protection comes a problem. Every time the dialog screen pops up to notify me that it has blocked a trojan BoClean shuts itself down if I click on “yes” to delete it from my system. I have never tried clicking on “no” because I always want it gone, obviously.

The windows dialog box that tells me there has been an error comes up and says that BoClean needs to shut itself down. Afterwards it restarts just fine (when I click the program icon). I’m running Win XP Home with Nod32, Comodo Firewall, and Ad Watch real time protection from ad aware se (not 2007). This latest time it blocked urlcaller. This is the report:

07/17/2007 22:41:22: URLCALLER MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\ignored contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: Owner

By this I realize that the trojan was shut down, but I’m not sure if it is still on my system anywhere and I have no way of finding out.

Note: this trojan was supposedly downloaded with a program called ManyCam 2.1 so it could be a false positive. I can find no mention of it anywhere, and other users have downloaded it without problem (though they probably didn’t have BoClean (:WIN) )

Any help would be appreciated. I don’t even know if the trojan is still on my system. I think it is since BoClean shuts down right away.

psych1610

what version of boclean are you running, aparently there was a problem before 4.24 build
‘quote’ Fixed crashes caused by improper timing of memory swapping in XP and Vista when removing malware by caching results for cleanup. ‘un-quote’
thats my 5 cents worth

I’ve noticed the same thing with v4.24. First it blocks it, second time it just crashes.

i am not seeing a problem… i ran the trojansimular and c-BOC flagged the trojansimulator.exe process and i allowed c-BOC to remove the trojansimulator.exe file… then i ran the trojansimulator again… c-BOC flagged the trojansimulator.exe process and i allowed c-BOC to remove the file, and c-BOC did not crash…

i am running c-BOC build 4.24 with win xpsp2…

here is the “report” from the two times that c-BOC flagged the trojansimulator:


07/18/2007 11:33:26: TROJSIM DROPPER MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\DOCUMENTS AND SETTINGS\user-xyz\MY DOCUMENTS\MY DOWNLOADS\TROJANSIMULATOR\TROJANSIMULATOR.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: user-xyz


07/18/2007 11:34:14: TROJSIM DROPPER MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\DOCUMENTS AND SETTINGS\user-xyz\MY DOCUMENTS\MY DOWNLOADS\TROJANSIMULATOR\TROJANSIMULATOR.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: user-xyz

for what it’s worth. ran the trojan simulator and was fine the first time but crashed on the second try. have no idea why. frank.

Tried the Trojan simulator but Avast wouldn’t even let me download it let alone run it!
Top marks to Avast. :slight_smile:

I tryed out the trojan simulator, downloaded ok but avira jumped on it as soon as i started uncompressing the files (avira only looks on the read or write & therefor isnt a system hog).
So I disconected the net & shut down avira (I checked out the simulator at its home page first), then I uncomressed ok.
Ran the install exe 7 times (re-uncompressed for each time because boclean kept deleting the install exe)the install screen only came up for a split second before getting killed (not enough time to even click ‘install’) boclean didnt crash.

07/19/2007 07:31:16: TROJSIM DROPPER MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\DOCUMENTS AND SETTINGS\xxxxxxxxxx xxxx\DESKTOP\TROJANSIMULATOR\TROJANSIMULATOR.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: xxxxxxxxxxx

Sorry for the delay in replying, I was working and had no access. I’m not sure how to identify what version this is. Interestingly though, in my add/remove programs menu it tells me boclean seems to have already been uninstalled and would i like to remove it from the start menu. Oddly enough it still functions. I think I will just wipe boclean out, registry entries, program files, etc. and reinstall 4.24. Just see if that works I guess.I’ll post back here if any problems…

thanks

psych1610

psych, another thing to consider is other security programs that might be causiing a problem… i saw where someone was having a problem with avira’s “antivir”, recently, and the problem turned out to be that “zone alarm” was preventing some dll files from loading, which were associated with the antivir program…

BOClean was shut down for me too, today. I use 4.24 and no other programs.

Log:


07/23/2007 16:48:36: SAVENOW3 MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\ignored contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: *

Error report was sent.

EDIT: Please note, my problem has nothing to do with any simulation. This was from a AVI to GIF converter software I installed, which obviously was infected.

Hmm

SOme problem here too
BOClean V4.22 here on XPHOME.

dl’d the trojan simulator:
NAV popped up: shut down/disabled

Retest
PrevX popped up: shut down
Retest;
BOClean popped up: “removeFile?” > Yes

BOClean then shut down, systray icon gone notheing in task manager :-
Restarted from START MENU > BOClean

Hmm

Nav restarted/reenabled no problems
Restart PrevX would not run: Auto Scan stuck at 99%: this usually implies some connection problem with the PrevX servers. PrevX requires connection to servers for “verification” of files. processes etc

Hmm
Reboot
All looking ok: But PrevX systray icon not present ??
Hosts file gone: Reloaded
Internet connection OK, E-Mail OK, BOClean update ok All else seems ok.
(dont really care what happens to IExplorer)

Check Task manager: all PrevX processes present
Check Autoruns: all looks ok
START MENU > Prevx > No response ( already running ? ) ie No SYSTRAY Icon and no console

Assumption: BOClean has done something.
I really dont want to lose function of other web enabled softs or server connections.
I do understand the theory behind the resets.

I have had a similar issue with BOClean and tests before ( reset winsock stuff and hosts file removed) I always forget to deselect these options when running a test.

I had thought some of these “rewrites” had been adjusted.

I know I have the -ahem- older version of BOClean and I just might have some overlap of security but this is all a bit odd. :frowning:

See attached for config settings.
Any files I can send?
I will try and do this again but 0100H here and will have to likely reinstall PrevX: too tired now.

ANy comments

Regards.

[attachment deleted by admin]

Are you people stating that Melih post a link to a test program that breaks his own company program?If so,too funny!

Hello
It is now 10 days since the first post in this thread.

More than one “serious” user has posted here.
Any response from CBOClean?

I’m going to repeat this when I’ve had some time to back-up and fiddle with configs.

FWIW: scanning the forum it seems as though CBOClean is having issues with HIPS type utilities which are hooking more and more of the kernel.

Regards.
Bloody pushy home users :wink:

Back again: Ran trojan simulator against BO Clean 3 times one day: Deleted threat no problem.

Next day: tried the same thing, Bo Clean quit with an error after once.

Now I say, what’s up with that?

psych1610

I’m not even using ANY kind of HIPS and it also crashed when testing it against malware.

No HIPS here either, CBOClean crashed anyway.

Not a catastrophy, since one get an alert of the crash one can easily start CBOClean again, but it should be interesting to Comodo.

/LA

But wait,4.24 is flawless, read here, as if any software program ever was,lol.So what is the answer for these fine people Comodo? Comodo Forum

The link doesn’t work, pugmug. At least not for me (yes, I’m logged in).

I can’t follow link either??? I’m logged in, and I’m told to log out and try to log in again. That log in fails??? Whassup???

Sorry about the bad link as nothing or no one can be called flawless,which is my point about 4.24,try this link, reply #16 https://forums.comodo.com/comodo_boclean_antimalware/boclean_locks_up_in_system_tray-t10310.15.html