I am a great fan of Comodo but was truly disappointed when I started having problems with the HKi worm and others despite being covered at SAFE level with CISP and Sandbox etc etc. I coped as best I could in order to save my OS but a reinstall is the only way out.
The next step was to uninstall CISP and all other Comodo products, and then install Microsoft Security Essentials. A scan with MSE revealed that the trojan Alureon.A had entered my system despite the Comodo barriers and this seems to have been the root cause of the issues I was experiencing.
However the trouble with MSE is that they don’t tell you where or in what file or registry location I can find the seed Alureon.A
It seems that the only safe way to get rid of it is a clean install of my OS. OK I can handle that but it makes me even more annoyed that thi trojan which has certainly been around for at least 12 months as not stopped by CISP and further, wa not identified by CISP scans.
Basically I feel let down, and embarassed at having recommended Comodo products so widely.
I wonder whether anybody cares??? Probably the answer is a resounding NO.
thats weird…
pls get in touch with www.geekbuddy.com (its free for 60 days) so that they can fix your computer.
Melih
This would not be required if Comodo products were as good as they claim.
I am a great fan of Comodo but was truly disappointed when I started having problems with the HKi worm and others despite being covered at SAFE level with CISP and Sandbox etc etc. I coped as best I could in order to save my OS but a reinstall is the only way out.
The next step was to uninstall CISP and all other Comodo products, and then install Microsoft Security Essentials. A scan with MSE revealed that the trojan Alureon.A had entered my system despite the Comodo barriers and this seems to have been the root cause of the issues I was experiencing.
However the trouble with MSE is that they don’t tell you where or in what file or registry location I can find the seed Alureon.A
It seems that the only safe way to get rid of it is a clean install of my OS. OK I can handle that but it makes me even more annoyed that thi trojan which has certainly been around for at least 12 months as not stopped by CISP and further, wa not identified by CISP scans.
Basically I feel let down, and embarassed at having recommended Comodo products so widely.
I wonder whether anybody cares??? Probably the answer is a resounding NO.
the worm you are mentioning cannot bypass CIS. We haven’t seen it bypass it in our tests. Of course we would like to get to the bottom of what has happened in your PC and offering a free Help (real, live technical help by experts).
thanks
melih
Let’s see how accurate your prediction was.
1st post - responded to in 5 minutes.
2nd post - responded to in 39 minutes.
3rd, 4th and 5th posts - by then people had recognised you have posted identical posts on 5 occasions
I realize that the miracles of cut ‘n’ paste require little effort on your behalf, but weeding out multiple posts is a real PITA for everyone else.
Please do not double, triple, quadruple or quintuple post. >:(
Good advice re posting - but a cleverly worded answer that gives no assistance. No helpful clues or guidance on the problem and no direction to the most appropriate board - just righteous indignation to mild criticism.
Comodo have a product that I have trusted for a long period. Occasionally I have had installation/upgrade issues that took time and confused effort to sort out - but I persevered because I wanted to keep using Comodo and found their approach exciting. I am not at all keen to use Microsoft’s offering but i need to know and understand why CIS does not identify a trojan that is over 12 months old…
I still want to use Comodo but when I need help from a forum (I find the environment confusing and without, to me, clear directions) I have to try whatever I can. For that I apologise unreservedly.
Melih,
Thanks for taking the time to respond. Who knows how or when it got into my system? Assuming the hypothetical scenario that my daughter temporarily turned off CIS for some inexplicable reason - why didn’t CIS find it in subsequent scans? This is a worry because I am genuinely a fan of Comodo. It seems that once it gets in it can’t be seen???
David
David,
I merged all your posts regarding this warm;
Can you please tell us what version of CIS you had installed?
and If the malware is still present?
or was this just a past experience?
Jake
Thanks Melih,
You understand my concern.
I will see how I go after a full re-install before taking up the geek option.
Is there any guidance to the preferred order of installation of Comodo products into a pristine system?
David
There isn’t really a particular order; but I would install CIS
once installed Open CIS > More > Check For Updates (To Fix the Trusted Vendors List)
then Do a Complete Scan Before moving on to any other product
(CIS > Antivirus > Run a Scan > My Computer > Scan)
hope this helps
Jake
Thanks Jake,
I was using the very latest version as at two weeks ago, and yes, the malware was still present after uninstalling CIS. MSE is the software that found it but could not delete it. Emsisoft probably found it under another name and I have deleted their quarantine file. As an academic exercise I am now going to reboot and see whether MSE still sees it…
I will try using Comodo again when I reinstall my OS with a clean install. But that is a different exercise to the current issue. Melih said that CIS does act against Alureon.A and naturally I trust his word. I wish I knew how it got on to my computer and more importantly how CIS failed to recognise it once it was on board, but it seems to be a question without an answer.
Thank you for not letting this “die on the vine”
David
Jake,
Thanks again.
CIS first, but which other products do you recommend and in what order? ie Cloud etc
regards
David
You are welcome, Just post once for one issue until someone replies 
and if noone replies within a 24 hour period just simply post in the same topic and write “bump”
You could install CIS; and do a scan, i’m sure that it will detect the malware.
As you heard CIS can detect it;
Depends which products you want? what are you going to do with your PC ? Mostly all you need is really CSC and CIS, but i would recommend creating a restore point before each install;
Hope this helped and Is there anything else i can help you with?
Jake
Jake,
I have tried everything and MSE still finds and quarantines ‘Alureon.A’ every time I reboot, whereas CIS unfortunately did not. All that aside, it seems that it is in the MBR. This could be a problem unless there is a way to get at it… I am migrating all clean data files to another drive with the intention of reformatting prior to re-installation. Is there an easier way? I use NTFS so FDISK stuff is out of the question. Forgive me if I am not up to speed with reformatting, but I have the feeling that I have to re-partition to actually affect the MBR…??? Surely I have the wrong bit of data buzzing around in my tired brain? I will get a good night’s sleep and think again - but if you have any tips or warnings to offer I would be grateful.
David
Eureka!!! In a last desperate attempt before bed I googled around and found a reliable site with MBR comments and downloaded TDSSKiller from General articles It was quick, easy, and it worked (or at least I think it did…) because the MSE scan came up clean. Here’s hoping that I can now return to ComodoLand. Thanks for your patience.