CIS fails to remove rootkit

Comodo fails to remove the following
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version\Version.

how can I remove this? and why isn’t Comodo able to remove it?

What is the alert you get when you try to remove it? Can you show a screenshot of the alert?

sure, I have also attached the log file.

[attachment deleted by admin]

Malwarebytes and Supera Anti-spyware didn’t find anything, could this be a false positive?
Comodo is up to date.

I Believe It’s a False Positive;

Download and extract to desktop and run it; post the report here on your next reply

Here it is.

[attachment deleted by admin]

It’s a False Positive;

From what i see on the report, your PC is OK

Thank you :wink:

I have tried to report it as false positive to Comodo but I receive the message “Report as a false Alert is not an applicable method for some of the selected threats.”
Should I leave it like this and Comodo will eventually remove it from detection, or should I try something else?

I’ll let one of the developers and let the moderator(s) team know of such False Positive,

Thank you for taking your time with me :smiley:

Kind Regards

I am still having this problem! Comodo keeps finding the same rootkit in the registry?
I have tried to access the key using Regedit, but I receive the following error “Version cannot be opened. Details: The system cannot find the file specified”
Could this be a registry error? if so any advice on how to fix it?
I have attached an image of the error.

[attachment deleted by admin]

Anyone? :-\

Aikno, can you try to run Autoruns with admin rights and see if any startup file is missing? (File not found)
Take care on deleting anything so fast!

Thanks Tech,
I have tried it but it didn’t solve my problem.
I had some sartup files missing but deleting those entries didn’t fix anything!
Is there anything elese I could try?

Can you post a screenshot of the error message?

I have already posted it. Is in the 10th message of this topic. If you referring to the windows registry error :wink:

I’ve saw that, but does it happen only when you open regedit?
What occurs on each login of you?

yes it only happens when I try to access this registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version\Version.
It logs in normally, I dont receive any error message during log in.

a-squared is a good application to scan the registry. But, again, take care on what you delete (false positives are there!).
If it is a rootkit, I’ll suggest you scan it with GMER also. Maybe you can post the log here and someone else (I’m not an expert on this) can help.

So I was able to open the key using GMER, haven’t tried asquared.
So is this the key that Comodo claims to be a rootkit


don’t know exactly what o do with this… :-
Could someone tell me if it is malicious just by simply looking at it?

Far beyond my knowledge…