Built in anti virus

molngab · March 24, 2008, 4:24pm

Hello!

I see, the V3 of CPF has a built-in virus scanner and malware detector.
Can I use these modules instead of my exist virus scanner (e.g. Clamwin, AVG) or the built-in modules are only a “featherweight” scanners (such as the Microsoft free malware scanner-Windows Defender)?

Thanks

system · March 24, 2008, 4:29pm

Comodo scanner is only an on demand scanner which is really first used only when you install Comodo to be sure your system is clean. Its is still a new addition and should nut be used as a substitute for a good av or as. You still need a real time virus scanner. ClamWin is not a real time virus scanner. Also Windows Defender is junk. Use good free av if you want like AVG or Avast. A good aoid virus scan is Avira Premium or NOD32. You can use SuperAntiSpyware free for an on demand scanner also.

lunchpack · March 25, 2008, 3:19pm

I think this is a built in virus rather than an anti-virus!
As I installed comodo firewall v3 on sunday the malware detector has found some critical exe files that i have stored but never executed (my system was clean until sunday). But the detector not only detected the exes, no, it appears that the software also executed those vicious files! I’m really very upset about that!
Since that time the detector found those “malware” (and obviously executed them) i have a lots of explicit processes in \system32, just dated to exactly that time.
Unfortunately I could not repair the operating system and due to an infection of winlogon.exe (also written on exact that time in sunday evening) I had to format the whole system.

If this “feature” seems to be not too useful at the moment I recommend strongly (!!) to rework that feature.

Regards,
Lunchpack

system · March 25, 2008, 3:47pm

lunchpack post:3:

I think this is a built in virus rather than an anti-virus!
As I installed comodo firewall v3 on sunday the malware detector has found some critical exe files that i have stored but never executed (my system was clean until sunday). But the detector not only detected the exes, no, it appears that the software also executed those vicious files! I’m really very upset about that!
Since that time the detector found those “malware” (and obviously executed them) i have a lots of explicit processes in \system32, just dated to exactly that time.
Unfortunately I could not repair the operating system and due to an infection of winlogon.exe (also written on exact that time in sunday evening) I had to format the whole system.

If this “feature” seems to be not too useful at the moment I recommend strongly (!!) to rework that feature.

Regards,
Lunchpack

If your system was infected prior its not Comodo’s fault. If Comodo found and labeled something that clear;y wasnt a virus or malware you should n ot have deleted it. You should have come here first or upload those files that Comodo found to an online virus scanner. Thye were probably false positives and should not have been deleteed. There is a post in here already.

lunchpack · March 25, 2008, 4:02pm

That infected files were downloads from another PC, but the trojans (several backdoor trojans) were definitely installed while the scanner was executed (and nothing else).
For example several newly created exe-files stored in system32 (such as antiviirus.exe, antiviruspro.exe, 50003.exe and other files that are known trojans) ran on the system and were also written in autostart configs (hklm/…/run etc.)
I don’t have a clue where these infections should come from, when not from comodo’s detector?!
The system was definitely clean until I ran the detector, since I have an up to date AV and do malware checks quite regulary.

Lunchpack

system · March 25, 2008, 4:04pm

Which AV do you use? What AS do you use?

lunchpack · March 25, 2008, 4:48pm

I used the Sophos AV (campus license) and Spybot S&R as AS.

edit: virustotal.com doesnot help anymore now, since I was forced to delete the whole windows-installation (As the last rescue efforts with CCleaner / Combofix resulted in a non-bootable system without any rescuepoints…)