Dear board members,
hello to everybody from Turrican!
I encountered a strange issue with my Comodo Internet Security, with the firewall in particular. Yesterday, an Defense+ alert was raised, as Comodo reported a file requesting a connection from the outer limits, asking me to allow/block this. Normally, as every user knows, the file is displayed with its full name and path (e.g. c:\windows\system32\badprogram.exe), so the user can have a look at the requesting program by himself. In my case, there was no program name at all, only a little square [] was shown. Clicking on it resulted in an error message, reporting that the file cannot be found.
I blocked the request, but in the list of programs that have been allowed/blocked to send/receive connections (Firewall → Network Security Policy) I found this strange entry twice, both allowed (!!) by CIS. I immediately blocked the two entries. A few moments later, CIS showed up the same request again, the program called “[]” wanted to receive a connection from the Internet. Blocked of course.
My HiJackThis log has been analysed to be clean in the German Anti Trojaner board, but they asked me to pass this strange issue to the Comodo experts. If needed I can post a screenshot of the strange program.
Maybe a bad request, camouflaged malware, new attack, rootkit maybe? Something evil, able to hide itself or just a strange but?
I run two version of Windows on my laptop, on two separate harddrive partitions. C is holding Windows Vista, D is holding Windows XP Prof. and the issue came up on XP only. On Vista, the firewall list does not contain the strange square.
By the way, the program reported in the threadcast rating, this alert has been blocked by another user before, so it seems, I am not the only one.
Can anybody help? Would be much appreciated!
Thanks in advance and have a nice weekend.
Greetings from Germany,
Turrican