DrHaze, thanks for your input. For your information I ran that deep scan on 2 win 7 computers and it disabled both. (System files altered, registry blocked from restoring and running software not functioning even with reload.) Previous versions were run multiple times without any such problems. A restore of Win 7 with a Win 8 disk and reload of all software got function back. (With a couple unsigned and missing drivers left over.) I am dreading the time commitment to restore the next, since it took me 13 hours with the first and the next is a slower computer.
I am working with a comodo dev right now(not on weekends). i will speak with him. and ask him to run comodo cleaning essentials on his test win8 box. or if he wants a bug report either way . i will pursue this. i have to say it but i am in your boat now and don’t trust cleaning essentials now that i have heard your stories. I am running windows 8 x64 so that verifies 7 and 8. If you are running a desktop for a pc it might make sense to purchase a second hard drive and a copy of acronis true image home version. This way once all of your hard work is done reloading the os and cis6 or 5 and getting the system where you like it you just hook up the second hard drive, wipe off the partitions and hit clone from windows. The PC reboots and it starts it’s own acronis loader from dos and it asks you source and target drive and leave partitions as is(if u select manual instead of automatic). takes me about 45 minutes. after the clone is complete the pc shuts down. you unhook your main drive and hook up your new cloned disk and boot right away on it into windows ,vista,7, or 8. everything checks out, shutdown and hook back you main hard drive and unhook the backup drive and reboot back to the way you were. this way if you do run comodo cleaning essentials and it happens you can revert back to the cloned drive. I really don’t feel like waiting hours for a deep scan last time and then cloning it again. at the moment. i will get back to on what comodo says.
I know I ran into a bug with CCE that made my system unusable and forced me to use system restore. I know it will be fixed for the next release, but perhaps this was related to that.
It’s probably worth making a bug report of.
Thanks.
I am seeing another computer going through “System” whatever that is and this same computer going out through “Explorer” to the internet. How best to stop this. Also I would still like to stop Portabledevices, Mscorsvw, Explorer and Iexplorer from connecting to the internet all by themselves. It takes me oking about 30 pop ups to get IE to connect to the interrnet yet these programs do it without generating any popups. Who designed Win 8 to be this lopsided in favor of unwanted and unneeded connections, but make needed connections so difficult? Thanks (Quick scan is still cleaning in as litle as 8 seconds and now the computer will not connect to the forum despite cleaning the IE10 cash. Using a different computer now. Hope I do not run out of computers.)
OK, I need a little help with this. That other computer comes in through “System” and then goes out through “Iexplorer” to connect to my security cameras. I also noticed that that other computer tries to come to the forum with me and that blocks me getting to the forum. How do I stop “System” whatever that is from doing this? A full Comodo scan comes back completely negative. I am not going to try a deeper Comodo scan and risk what happened last time when the computer was running 7. Help Tanks.
Still needing a little help. Lots of pop ups when I try to put in my password to forum and I need to ok them to get in, but I can not find them in logs. Then IE makes me ok lots and lots of registry changes before I can complete the pass word. What might be the best way to type in passwords faster? Thanks
Well Comodo will no longer connect to the forum, but Google still gets here. Why does “Explorer” try to connect to France as soon as it starts? Three French sites are the first destinations of Explorer. How best to handle this? Thanks
[attachment deleted by admin]
“Explorer” keeps trying to connect to Cambridge at 209.170.117.160. I do not need nor want my computer and software that I paid for to be used to make these unwanted and unneeded connections. I disabled all Win updates and network discovery and the only other software is for the cameras that also do not update. How best to get my property back from the thieves that are using it without my permission? Thanks
I noticed “GSW32.EXE” gets sandboxed by Comodo. It has sinced been removed. How do I stop it being placed and removed. Thanks. Yes. I do not like the placing and removing of files like this on the computer and would like Comodo to be configured to block this activity. HOW???
[attachment deleted by admin]
I am not sure I understand you. What do you mean with removed and placed in this context?
Eric, thanks for your response. As you see in the attached Comodo screen shot of the last post, The file was partially limited on 3 occasions. I have not noticed any such behavior before and I use that computer daily for the same routine only. A search for the file on that computer shows that it does not exist now on the computer. My logic tells me it was placed and removed. Also I was told when you tell Comodo to not give pop ups in Firewall and Defense that it blocks, but that is not true, it allows. Yes, I do change the default allow to block, but it still allows and does not block. How do I get it to default to block when I want to not be disturbed by all the pop ups? Thanks
Eric, I was also wondering if Mac addresses can be spoofed. I noticed that the Mac on one of the security cameras is written on it and the configuration software shows it, but after I connect to the internet a different Mac address takes its place in the router. Can Comodo stop this? Thanks
The process known as Graphics Server or Graphics Server EXE belongs to software Graphics Server (version 6.0 International, 5.8 International) by Bits Per Second or Ringdale or Graphics Server Technologies.Source: gsw32.exe Windows process - What is it?Description: GSW32.exe is located in the folder C:\Windows\System32. Known file sizes on Windows 7/XP are 423,016 bytes (40% of all occurrences), 421,888 bytes, 434,176 bytes or 470,552 bytes.
There is an icon for this program on the taskbar next to the clock. File GSW32.exe is not a Windows core file. File GSW32.exe is a Verisign signed file. The file has a digital signature. GSW32.exe is able to record inputs. Therefore the technical security rating is 6% dangerous, however also read the users reviews.
If you want to remove the program completely, go to Control Panel ⇒ Software ⇒ eNeighborhoods Personal Edition or ShrdSupt.Important: Some malware camouflages itself as GSW32.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the GSW32.exe process on your PC to see if it is a threat.
Can you check if that file is digitally signed as stated in the above and if you have a program called Graphics Server installed?
There are viruses that will live in memory for the Windows session. When Windows closes down it will write its self to the hd and make autostart key in registry. When Windows starts it gets loaded in memory and will the erase the file on the hd and the autostart key in the registry. When did these events get logged? During boot time?
Also I was told when you tell Comodo to not give pop ups in Firewall and Defense that it blocks, but that is not true, it allows. Yes, I do change the default allow to block, but it still allows and does not block. How do I get it to default to block when I want to not be disturbed by all the pop ups? ThanksThe alerts are only for the situation where CIS does not know the file. If the file is trusted it will be allowed or if there is a rule for the file in Firewall Rules or D+ Rules it will also be allowed.
Are you sure the files you want to get blocked are not trusted files? What files does it happen with?
You need to clarify what you are doing.
When you view the MAC address of the camera with the software how are you connected to the camera? Is the camera on your local network or on the internet when accessing it with the software?
What do you mean with when I connect to the Internet? What type of internet connection do you have? Does the camera have two NICs?
Eric, thanks for your reply. The camera has only 1 Mac. I got it off the label and from the configuration software when I connected to it directly via cable to the computer. I then used it ok. (WiFi) I then reconfigured the access point to only connect to known macs and could not connect to it, but I noticed a completely different mac (that I never saw before and is not simular to all the other camers that are identical and have simular macs.) in the router after I connected to the internet with the router that occupied the camera ip address and when I plugged that new mac address into the access point I was able to see the security camera again. I am not a connectivity expert and do not fully understand how these connections are made, all I know is what I did and that is why I asked the question. Thanks (BTW: the camers are blocked from direct internet acess. I use them locally only.)
GSW32 , well I do not think I have “Graphics server” installed on any computer, However, some programs are writen in Chinese but are “MS” programs. By the times in the log, the most likely thing the computer was doing was simply connected to the internet. I do reboot with ‘MS’ updates from “Cambridge” but I do not think that occured at those times. Thanks for your explanation, however despite it being in the log, it can not be found in the computer and this is the first time I noticed it on the computer that only does “MS” updates with Wins new and “more secure” update program that “MS” insisted I use before it would allow Win updates. I do not update/install or downlad anything else on that computer. (Except security software.)Thanks
The computer is clean. Comodo scans memory and disk less than 200,000 objects full scan clean. MWbytes does full scan more than 300,000 objects clean and HMP does full scan more than 1,000,000 objects in about 40 seconds completely clean. Nothing finds the file.
BTW: you neglected to tell me how to get Comodo to block instead of allow when I tell it to stop giving pop ups and yes, I do change the default allow to deny on both defense and firewall. Thanks. (You asked what files I used it (GSW32) with. The answer is none. If the computer used that file then is must have been Win 7 Pro and not me. I do not do graphics especially since MS has not gotten Win7 to read “PNG” files yet. I have been waiting over 2 years for MS to figure out how to do that and to date they have only gone from not being able to read them to being only able to read them on certain days of the week and I do not consider that fixed yet.) Yes, “MS” has been on the computer and only failed to get Win 7 Pro to read them. Still waiting.
The reason I need Comodo “NOT” to allow is simply because “System” keeps allowing other computers to connect despite it being configured not to and I need to block these connections manually with Comodo, but at night I need to get some sleep and I would like to turn off the pop ups, but then Comodo allows all connections despite stating to block in firewall and defense. Yes, I have tested this and tests that pop up and are blocked manually go right through “NOT” blocked when I turn off pop up alerts with both firewall and defense checked to deny. How should this be handled? Thanks.
I am definitely not a computer or security expert and that is the main reason for coming to this forum. MS also does not give any real support for Win. Like MS told me, when I showed the results of “SFC /SCANNOW” of the non recoverable system Win files, that I simply should not use that utility. It was intended for programmers like him and not users like me. MS left the computer that day with the system files still scrambled and not able to read “PNG” files. I get the holographic load disks right from MS and I still use the utilities MS told me not to use to see the integrity of Win. Like “SIGVERIF” that shows all the drivers digitally signed by MS, even though the new Win 8 holographic disk has its genuine verified versions written in non English. I guess MS farms out writing of Win now just like it farms out all the MS tecks that come on to the computer only to leave with the problems remaining. So I want to tell you that I do appreciate all your help in getting Win to work. BTW: I know this is a Comodo forum, but is it physically possible for HMP to actually do a full scan of between 1 and 2 million objects on the computer that Comodo found less than 200,000 objects in about 40 seconds. Thanks