CCE Failed to remove Rootkit

As you can see here, the computer is infected because i did it, with the Rootkit TDSS4 MBR, and the cleaner failed to detect it.
I followed instructions as i always do.
Launched CCE, waiting for base to update, pressing “Full scan” button. CCE ask to reboot to be able to find Rootkit, then i do it, then redoing the “Full scan” button, and after that, the window 0 Threats appears…

The TDSS Killer from Kaspersky find it easily in a few secounds.
CCE need a serious improvement and i will not use it until DACS is included to see the differences.

Thanks for the pics… This is interesting to see! :-TU

Happened to me too… I have sent the samples and screen shots too …long back. No action since then…

under tools, options did you tick scan suspicious mbr and report all mbr modifications before you ran the scan. If not can you retry the scan but this those turned on and show us the result then?>

Nope Languy because the “Tools” menu isn’t on evidence, too small…
So i didn’t even see that Menu ^^
I’m retrying again and put feedback once done.

This time, TDSSKILLER is a false positive…
I tried to report them but failed.

About the MBR FIX : first time it failed, then i restored the suspitious MBR.
I did the scan again, once MBR infected found, i tried to refix again with CCE.
The 2nd times CCE succeed to disinfect.

So the 3rd and last times i scanned again and this time the system is clean
So the suspitious MBR has been found after ticked the option in the small “tools” menu.

This time i say that, the tools still needs improvements :

  • The database why so huge to Download ? Why don’t you put a default database then incremental updates to avoid to Download almost 100 MB…
  • The Tools Menu is too small, and the others buttons are too big, so you need to reduce the buttons and to increase size of “Menu” or to put anywhere else in an evidence view…
    I’m wearing glasses, without them i would read easily the biggest buttons but not the “Menu” one ^^

Anyway CCE failed first times to disinfect and i had to redo it again to make it works.
Can’t you do anything else instead to ask rebooting to be able to find rootkits… Because imagine to reboot an infected computer, will take huge times…

Windows 7 x86.

do it did work, good to know.

CCE uses the same antivirus database as the full Comodo Internet Security which is why it’s so big. Leaving it out of the CCE download makes things more flexible because you don’t need to download that whole 100MB as part of CCE every time a new version of CCE is released (200MB if you’re using both CCE versions).

Note that you don’t need to download the database through CCE itself; you can copy bases.cav from a local Comodo Internet Security installation or download it directly from Comodo’s servers (see this thread for details–CCE currently uses the “CIS 5.3 & 5.4” database).

The database is the same for both 32- and 64-bit so if you’re using both CCE versions you can simply copy it from one to the other.