Got a nasty infection of Vundo. Kept rebooting luckily I had a copy of Malwarebytes open and stored so I was able to go to Safe Mode and using Windows Task Manager was able to run it and stop the reboots. Ran it a 2nd and 3rd time and seems to have solved that problem.
Ran several other programs none found anything and also ran SDfix that found a bat file which it uninstalled but everything is okay.
After rebooting CMF did not reinstall in the tool bar. No error messages or warnings!
I used Revo uninstaller to uninstall CMF and then tried to reinstall and could not.
CMF says that it is already installed. There are no traces in Revo, and Windows Uninstaller.
Deleted it from Comodo Programs files, under each user having administrator rights under Applications, Comodo Folder found an empty CMF Folder deleted those, and under Registry Keys HKey-Local Machine Software Comodo deleted the CMF folder. Also scanned the registry for comodo Comodo Memory Firewall and deleted all highlighted items. There are probabaly other items but did not know the terms to search for.
I still get the install the message "Comodo Memory Firewall is currently Installed do you want to uninstall .
I say yes but see nothing happening wait about 15 minutes reboot and try to uninstall CMF again and the same warning is shown.
Since I cannot reinstall CMF I cannot use its uninstall to try again.
Thank you for help and suggestions.
Oh a standard recommendation when removing malware is to turn OFF System Restore, so that option is unavailable.
Bump Bump Bump
I further scanned the registry and deleted several references to Comodo_Memory_Guardian also found several referances to Comodo Memory with ?? in front of the file located in Program Files but did not see ANY reference to Comodo Memory Firewall in Program Files Comodo.
Also saw reference to CMFD not sure if it was Comodo Memory Firewall but deleted 32 keys.
When clicking on the installer I still get the message Comodo Memory Firewall is already installed Do you want to uninstall. I click yes and see something happening for a few seconds on the HD light but NO indications on the screen anything is happening for the uninstall.
Can someone in the development team give me any clues on what keys or folders to look for. I thought I deleted everything that has Comodo and Memory or CMF deleted.
The files folders and registry keys are now a guess for me?
“H E L P” from the The Comodo Memory Firewall Development team would be appreciated!
First things first. You need to make sure you’ve fully removed all traces of the vundo infection.
Your best bet is to run SuperAntispyware Free and do a full system scan. There are often bits and bots left all over your system. (Scan takes a long time but SuperAntispyware is very good at removing every last bit).
Next, I’d uninstall any Comodo products you currently have installed.
After reboot, remove c:/Program files/Comodo ; C:/Documents and settings/all users/application data/Comodo ; C:/Documents and settings/[username]/application data/Comodo
I’d then run ccleaner available from www.ccleaner.com and run it to remove any junk and run it’s registry cleanup and remove any invalid entries. Reboot again and try installing CMF again.
Hope this helps.
Not so sure about the removing all Comodo products Eric.Reason i say this is if the virus is still hidden somewhere and then cpf where installed,if the scanner missed it,it would be considered clean.
Look for any keys marked CDI under comodo group,there are several relating to cmf there.
[attachment deleted by admin]
The suggestion for removing all comodo products was only after complete scan and removal of the virus with SuperAntispyware free etc and if there was dificulty pinpointing which particular registry entries / directories CMF relates to.
Here is what I’ve done to this point scanning in regular and safe mode and using online scans sure takes time and get frustrating with cookies and false positives.
Waiting to see when someone will reply in that thread!
Surely someone on the CMF Development Team could make recomendations or at least a program to run to see were the new install is stopping.
This is not malware causing CMF not to install but a hidden reminent that I missed ?
Thank you for helping with this problem.
I will uninstall everything but the firewall if needed. I plan on updating it in August or September. want to see how the universal suite compares in performance to the firewall with add ons. The suite should be lighter but will they both give the same results?
Sorry to get back late UncleDoug,
You can delete following key and you should be able to re-install CMF:
Please let me know if you still not able to install it.
Thank You, Thank YOU, THANK YOU
Something so simple ! If I could have identified it 88) this would have been solved days ago.
But in doing so (It was TOO Easy), I wondered if a password protect might be needed before any changes could be made to any Comodo Folders and Files including Registry files.
Thank You again,
All of these can be done with CFP. You can define what registry keys and folders to protect from change.
Thinking further, it would be good if CFP recognised when another Comodo app was installed and automatically inserted protection rules fro the appropriate registry keys and folders.
Thinking further, it would be good if CFP recognized when another Comodo app was installed and automatically inserted protection rules fro the appropriate registry keys and folders.
That would make Comodo even more convenient, include with that certain files from each program to the excluder list in each to keep cpu / ram usage low (Automatic Recognition)
But what about those that currently prefer another firewall. In my case I am still using CPF2 and will be updating at the end of August Middle of September. Even though I am one of those that like to select which products to use I just knew a Comodo Suite was coming and wanted to wait to see the comparison in performance and resource usage.
The availability for others , of a password protect in various Comodo Programs adds another level of security for those that are not running the current CPF with D+ set as it should.