cmdagent hang problem solution

Hi.
Today many of CIS users faced issue with cmdagent consumes 99% of CPU after latests AV updates
Here is workaround how to fix it:

  1. Restart the computer in safe mode
  2. Go to c:\program files\COMODO\Comodo Internet Security\scanners
  3. Remove file bases.cav
  4. Run diagnostics in CIS → Miscellaneous → Diagnostics (it will replace missing base with v.1)
  5. Re-start the system and update CIS to the latest version

Official post of Egemen, please read:

Workaround for the 99% CPU Problem with the latest Virus DB Updates

I was one of those "hang up " victims, to the tune of all day.

Here is what I did that worked, do you recommend I follow your procedure as well ?

“Start” to “all programs” to “COMODO” to “Comodo Internet Security” to “uninstall/update” to “add/remove” .

I then checked “Install Comodo Firewall” (unchecking the other fields). The program did its thing and then I got some sort of ‘Things were reconfigured’ message. I rebooted and the cmdagent.exe was back in its cage.

Of course this took a looooonnnng time to get through.

Thanks,

Reluctant Geek InTraining

My laptop w/ XPsp3 (32) was tied up all day, yesterday, too – a couple of hard reboots didn’t help. By the end of the day, cmdagent.exe was only hogging 50% of the system resources (though I could not perform any functions at all). This AM, I started (I think it was hibernating) and it hung before it would even allow me to enter password to access the desktop. Anyway, I gave it another hard reboot, and when it came up, cmdagent was again hogging 50%. However, I was able to open CIS. I went to the Active Process List, right-clicked on cmdagent.exe, and selected “terminate”. System resources quickly dropped to normal (2-10%) usage. Not sure how this will affect my CIS all day, though…I will perform the workaround as suggested above by dchernyakov to remove/replace the offending code. Thank you –

The procedure above by dcher did not work. Diagnostics did not replace the missing base with v1.

I’ve been working on this for another nearly 4 hours (after all day yesterday), my computer only occassionally boots up, freezes often and it looks as though I am going to lose everything.

I got it working fine this a.m. but after updating AV COMODO crashed my computer.

Pretty serious stuff, pretty disappointing . . .

the one from the second post works fine. Just copy the bases.cav from the repair folder into the scanner one and it will revert to normal.

Don’t be disappointed things happen now and then.

Darkmax,

What repair folder ???

The second post ???

I don’t follow.

Please speciify .

At this point I can’t even boot up . . .

Can you boot in safe mode? When in safe mode navigate with Explorer to the Comodo installation folder; there you will find the repair folder. Then copy as described in Workaround for the 99% CPU Problem with the latest Virus DB Updates.

crypt32 has been mentioned.

I got 50 crypt 32 errors shortly after restoring an Acronis image to C:\ when nothing else stopped 100% CPU burden and I could not use the Internet to get a solution.

Full details are in my topic
https://forums.comodo.com/other_general_gui_etc_bugs/cmdagent_hogged_2700_kbps_internet_bandwidth_i_only_had_05_kbps_left-t46279.0.html;

Regards
Alan

Hi All,

I suffered the same fate yesterday.

I have two laptops. One operating WinXP(Pro)-SP3 and the other Vista Ultimate SP2. Both of my machines suffered the same fate (at the same time of course).

All of the work arounds detailed here in this forum didn’t work for me. I’ll explain each:

  • With my WinXP system, I also have BOINC & SpyBot S&D installed. BOINC was set to operate at approx 70% utilisation usage of the system’s free (left over) resources. The only application that operated at all was Task Manager. (This eventually showed the ‘cmdagent’ problem.) Every other application or task that I tried to launch failed. Numerous attempts to start in Safe Mode failed. I would only get as far as the Windows Logon screen, then the system would reset. (Annoying.) My only recourse in the end was a complete system rebuild. (I should count my blessings though, I didn’t loose any of my documentation data to the only exception of a paused internet download.)
    <>: I didn’t loose data because I have the harddrive broken in to two virtual drives “C” and “D”. All of my data is maintained on D. The only info that is on C is the O/S and software applications. Nothing else. So, when this issue raised its head, it only affected the C drive. The D drive was unaffected.

  • With my WinVista system, my application setup is the same except that I haven’t got the BOINC Application installed. All of the other symptoms were the same as my WinXP machine… including the non-ability to start in Safe Mode. The only thing that worked was allowing the machine to boot normally (over a period of 10 minutes). Then over a period of approx 20mins, slowly clicked my way thru the process of uninstalling the CIS Application completely. Once uninstalled, also executed CCleaner (, SpyBot and PerfectDisk as additional precautions) to remove any legacies.

Also noticed the following side-effects with the cmdagent problem:

  1. On both XP and Vista, I had a memory leak on the srvchost service.
  2. On both machines, additional installed applications of Hamachi and UltraVNC were both corrupted.

Well… both of my machines have recovered.

Question: Has anyone else experienced the above or other additional symptoms?

Regards,

DaveG

I had this same frustration with my personal AMD dual core laptop running XP Pro. It locked up every time I tried logging into Safe Mode, and the normal boot would never complete. Additionally, the CPU usage kept overheating the laptop and causing the laptop to malfunction and threatening to destroy it.

In the end, I rigged up an additional fan to help keep the CPU from melting. Then I went into safe mode, but before typing a password (which is what kept locking that up) I hit Options and then Shut down - which gave me a normal (though long) shut-down. This was important, as the next step was to boot to a live Linux distro, mount the hard drive, (SDA1 in my case,) then go in and commit the surgery on the CAV file. (You can force a mount to an improperly shut down Windows system drive, but it isn’t safe.)

It worked, but man oh man. . .

Anyway, I’m posting this here just in case anybody else is at that point of thinking they need to resort to a complete system rebuild. Live Linux distros are freely available and very helpful in these sorts of circumstances. I use Open Exploit’s Backtrack 4, but any live distro will work.

To mount a fixed drive from Linux, follow these steps:

mkdir /mnt/whateveryouwanttocallit
mount /dev/sda1 /mnt/whateveryouwanttocallit

(You should get no response to this second command - just be returned to the command prompt. If you get an error, it is likely that you did not have a clean Windoze shutdown, as I described earlier.)

Then navigate to /mnt/whateveryouwanttocallit and you should have full access to your hard disk files.

Your system drive may not be called sda - it might be hda1 or sda2 or hda or hda1 or any number of others. Use ‘df -h’ from the command prompt to see what you have to use.

This solution might not be for everybody. Ample information is available through searching online to work through the learning curve.

Good luck!

EricJH,

I cannot boot up at all, safe mode or otherwise.

I had been in safe mode and done all the steps, several times.

I would reboot then get a freeze. Then the reboot would freeze, now nothing at all. I’ve spent a day and a half on this.

Two days ago I was a happy computer user. Now I am not happy at all.

Any tricks to reboot in any mode before I dig out the hard drive and send it to my geek pro brother to recover data ? . . .

Thanks

When you want to get hands on with something truly nifty and amazing try the first part of this tutorial to get into Windows and delete the bases.cav.

That is an awesome tutorial EricJH

I found one error on page two that should be corrected though. It has the following:

md c:\windows\tmpcopy c:\windows\system32\config\system c:\windows\tmp\system.bak

It should be:
md c:\windows\tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak

John

Gentlemen I had the same issues but it happened on all 3 of my systems. 2 Laptops and my Desktop.

Really frustrating stuff pulling my hair out… at one point I wanted to reformat everything but glad I didn’t although I had a lot of time sensitive work to complete.

Initially I thought it was a virus, managed to get AVG going and did a scan on one with no viruses found. I managed to do this by killing comodo and other resource hogs in Task Manager with Ctrl + Alt + Delete shortcut.

So after figuring out it wasn’t a virus I figured it wasn’t hardware because of the 3 systems down at the same time. Odds of that happening are overwhelmingly No.

So I deduced it was an update gone bad either MS or other… so i started with the easier ones… I knew about the cav database delete trick but when I am still on a search mission I choose easier options first. So I uninstalled one program at a time that used updates starting with comodo because it was hogging resources in Task Manager.

Sure enough it was Comodo… I also found out that the computer ran well in Safe Mode which again pointed to a software issue. Unfortunately in Vista you are unable to uninstall programs in safe mode? This is a ■■■■■■■■ feature… considering it will help resolve software issues. I don’t remember it being the same way in XP… as I remember deleting programs in safe mode but I could be wrong.

Anyways all I did after was reinstall everything reboot a few times as requested reloaded the updates and bob’s your uncle. Then I did that to the other 2 computers.

Anyways very upsetting and has me considering migrating everything over to Linux even though I am a Graphic/Web/Digital Media Designer which Linux doesn’t support well, I am thinking of Virtual Boxing my Creative Suite and running it on a faster OS that is more stable.

Just this year alone I’ve had to reformat and resolve more errors than I care to admit, and it has led to tons of downtime in the middle of time sensitive work for clients. It is unacceptable.

I would move over to Mac but the hardware is overly expensive for little performance boost, and I believe they will be the next biggest dog to attack after MS, so if I want some piece of mind better go to the 3rd dog down, and save white hairs.

Anyways sorry about the rant… even through this major malfunction that will upset many and cause so many newb’s some huge repair bills and reformats I still appreciate the Comodo team for their work and can definitely overlook this mistake and their good intentions. Can’t make an ommelette without breaking a few eggs.

Anyways I hope my post has been helpful as some of the others have… and I wish all a Canadian Thanksgiving this weekend one that I thought I would bspend reformatting 3 puters… now I am free to relax and enjoy the great turkey…

Cheers

Its awesome and worked with it on two occasions. It truly works and its magical. It may have been the best find ever put in bookmarks. (:KWL) (:NRD) :■■■■

I found one error on page two that should be corrected though. It has the following:

It should be:
md c:\windows\tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak

John

I have seen it commented by the writer of the article. It was some html issue messing there that he couldn’t or wouldn’t fix or sumping.

Yup, Bookmarked it myself…and printed it out as well. ;D You never know!

John

I printed out the article as well. I copy/pasted it into Word and made it look nice for printing. ;D

Nice to see that I found the reason for my XP system freeze. I solved the problem with one ounce of lead between the eyes of CIS. Now then why is this Turkey update still downloading?

After a clean install there is a download of 104 MB waiting. Depending on your connection it can take a while. During the download the progress indicator will stay at 30%. That is confusing.

In case you want to see where the download is go to Firewall → Common Tasks → View Active connections and keep an eye on cmdagent.exe.