CIS fails to remove rootkit

hi,
Comodo fails to remove the following
Rootkit.HiddenValue@0 HKEY_LOCAL_MACHINE\Software\Classes\CLSID{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version\Version.

how can I remove this? and why isn’t Comodo able to remove it?

What is the alert you get when you try to remove it? Can you show a screenshot of the alert?

sure, I have also attached the log file.

[attachment deleted by admin]

Anyone?
Malwarebytes and Supera Anti-spyware didn’t find anything, could this be a false positive?
Comodo is up to date.

I Believe It’s a False Positive;

Download and extract to desktop and run it; post the report here on your next reply

Here it is.

[attachment deleted by admin]

It’s a False Positive;

From what i see on the report, your PC is OK

Thank you :wink:

I have tried to report it as false positive to Comodo but I receive the message “Report as a false Alert is not an applicable method for some of the selected threats.”
Should I leave it like this and Comodo will eventually remove it from detection, or should I try something else?

I’ll let one of the developers and let the moderator(s) team know of such False Positive,

Thank you for taking your time with me :smiley:

Kind Regards

hi,
I am still having this problem! Comodo keeps finding the same rootkit in the registry?
I have tried to access the key using Regedit, but I receive the following error “Version cannot be opened. Details: The system cannot find the file specified”
Could this be a registry error? if so any advice on how to fix it?
I have attached an image of the error.

[attachment deleted by admin]

Anyone? :-\

Aikno, can you try to run Autoruns with admin rights and see if any startup file is missing? (File not found)
http://technet.microsoft.com/en-us/sysinternals/bb963902
Take care on deleting anything so fast!

hi,
Thanks Tech,
I have tried it but it didn’t solve my problem.
I had some sartup files missing but deleting those entries didn’t fix anything!
Is there anything elese I could try?

Can you post a screenshot of the error message?

I have already posted it. Is in the 10th message of this topic. If you referring to the windows registry error :wink:

I’ve saw that, but does it happen only when you open regedit?
What occurs on each login of you?

yes it only happens when I try to access this registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version\Version.
It logs in normally, I dont receive any error message during log in.

a-squared is a good application to scan the registry. But, again, take care on what you delete (false positives are there!).
If it is a rootkit, I’ll suggest you scan it with GMER also. Maybe you can post the log here and someone else (I’m not an expert on this) can help.

So I was able to open the key using GMER, haven’t tried asquared.
So is this the key that Comodo claims to be a rootkit

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version]
"Version"=hex:e6,30,71,e6,bc,93,54,70,23,94,85,e7,5c,53,35,e2,3b,b1,63,c2,09,df,6f,2f,23,3b,74,83,d1,7b,21,65,eb,9a,6e,72,bb,43,32,95,b1,e5,92,3f,fd,e8,9b,4b,69,68,96,45,1c,0c,cb,9b,3a,f7,32,bd,a6,ee,2e,13,fe,60,69,b9,80,af,4c,26,c3,ab,8c,61,a9,e9,db,52,a8,e8,ff,f4,1d,42,16,64,b0,59,fb,44,7d,42,d2,c8,90,da,ce,b4,7f,2d,17,7e,ee,bc,11,69,25,43,66,3f,df,77,e1,e8,d7,5c,98,85,bb,69,4c,08,60,23,6d,27,0e,0f,95,66,88,77,f8,48,50,79,bb,a3,c0,ed,09,97,35,e0,fb,f3,b6,74,da,ba,a9,83,8c,d9,a3,53,c2,31,81,16,00,6a,9f,ef,1e,b8,2f,4e,57,03,b2,bc,6b,ca,b4,76,9c,1b,99,46,ae,c4,c4,24,10,47,0c,db,e5,8f,59,15,dd,b5,9e,87,b5,72,8f,fd,92,99,63,71,36,5a,e4,bf,e7,0c,8f,1f,62,15,85,7c,d9,99,29,92,6f,b7,c2,36,03,38,40,93,e7,12,ab,31,2a,a6,f8,2b,83,48,8c,51,c9,fc,26,8c,e9,bb,79,18,99,50,ad,46,72,2a,d8,e0,12,00

don’t know exactly what o do with this… :-
Could someone tell me if it is malicious just by simply looking at it?

Far beyond my knowledge…