CCE Cleanup

What would be proper way to use CCE for cleanup?

There are 4 things mainly

  1. KillSwitch - Malware processes should be Killed or Deleted?

  2. AutoRun Analyzer - Disable or Delete?

  3. CCE Scan

  4. Quick Repair

In what order the above tools would be proper to use?

Here’s what I would do.
1- Killswitch kill malicious processes. Note names and paths.
2-Disable autoruns for malicious processes. Note names and paths.
3-Smart Scan with CCE.
4-Restart and see active processes and autoruns. If all is well, delete/backup the noted things.
5-Another scan with CCE.

Quick repair if only need arises.

Okay, I’ve written an article about How to Clean An Infected Computer and my the simplest method I suggest for people, since I’ve already asked them to ensure that their system is infected by following the advice I give in How to Know If Your Computer Is Infected, is to just use CCE and Kaspersky TDSSKiller.

I based my approach largely off of the advice given in this post. Therefore I’d really like anyone’s comments, here or there, about what the best way of using essentially CCE by itself is.

Thanks.

Hi Chiron,
I have read (and printed out) your directions concerning cleaning the computer.
I ran the TDSS Killer and got 0 problems.
I then ran the Comodo program (CCE) and got 14 "hits:. I also ran the Comdo KillSwitch and had about 4 or 5 entries show with a gray background.
In your column you suggest offering the results of the scan to the Comodo tean
I made a jpg file of the 14 problems, but am not sure how to submit these to the Comodo tam.
Reading further on, it seems I have to click on each file and eventually gt a way to submit each one.
Am I correct in how to get Comodo information about these 14 problems?

well, I was going to send you the picture of my troubles, but hacen’t figured how to do that either.
My enail address is XXXXXXXXXX.

Walt in Indiana

Mod edit : private email address removed

The article is meant to be followed while connected to the internet. It includes many hyperlinks which will direct you to the pages you need.

A link to the page that allows you to submit potential false positives can be found on this page.

Please let me know if you have any other questions.

Mod edit : private email address removed

Chiron,

I never saw the additional options before, must not have looked far enough down. Sorry.
I have now enclosed 2 jpg files, the larger one showing all 14 reported problems, the other just showing
the end of the report.
Hope this is more helpful than my trying to describe it in words.

Walt

[attachment deleted by admin]

I would advise letting it move all of them to quarantine except for those marked as Heur.Suspicious and the one for Heur.Packed.Unknown.

For those it would be best to manually navigate to the path referenced and upload them as false positives on this page. Comodo analysts will then send you an email back letting you know if they are really dangerous or if it was just a false positive.

Please let me know if you have any more questions.

Thanks for the advice. Turns out I deleted two of the files, “system.info/windows.exe” as I never use it and the same for “printshoot.exe”. I submitted the ClientMsMpEng.exe and asked if it woluld effect my Microsoft Client Security program. Also submitted "felixx2.exe. And, will quarantine the rest.
Glad you asked if I had more questions. Dangerous question to mo ask me.

#4 in how to know if you’re infected states “Use comodo Autorun to investigate Registry entries”.
I never could find “Open Autorun Analyzer” I even reinstalled CCE, but when I run it I get 3 options, Full Scan, custom Scan, and Kill Switch. Under custom Scan are several options, but nothing about Autorun.
You must be getting sorry you ever started this issue.

Walt

No problem. I operate under the assumption that if one person has a question that means that many more also have the same question, but just aren’t taking the time to ask it. Therefore I thank you for asking these questions, which help me to improve the article.

You go to the tools menu, just as you did for KillSwitch, and open Comodo Autoruns. However, you need to go to the dropdown menu to find that option.