I am using Comodo Internet Security (free) v 4.1.150349.920 with Avira Antivir Personal (free) v 10.0.0.567 and Windows Vista. I have disabled the Comodo anti virus real time scanner and am just using the Comodo anti virus as an on demand scanner. I use Avira Guard as the real time scanner.
I have recently been getting Avira anti virus detections which are allowed. The messages from the Avira logs are:
Event:
11/08/2010 12:23 [Guard] Malware found
Virus or unwanted program ‘TR/2ndThought.AA.2 [trojan]’
detected in file 'C:\Windows\Temp\CB28A7.tmp.
Action performed: Allow access
Avira Guard Log:
11/08/2010,12:23:12 [DETECTION] Is the TR/2ndThought.AA.2 Trojan!
C:\Windows\Temp\CB28A7.tmp
[USER] NT AUTHORITY\SYSTEM
[INFO] No action will be taken on this file.
I have looked in the C:\Windows\Temp\ folder and the file is no longer present. But I do not know if the file has been deleted by the system (a temp file that is no longer needed) or deleted by Avira. However, there is nothing in the Avira Quarantine.
I suspect that it is to do with a Comodo update (probably of the anti virus) but as yet have been unable to prove the connection.
The files detected are always of the format CBXXXX.tmp - does anyone know if these are Comodo files??
i dont know whether they are comodo files but in case u dont find them in oaction temp then u shoudnt worry
Hmm...: you don't know what something is, in consequence of what you should not worry?
A strange argument indeed...
it might be deleted by avira ..
Probably not, they delete themselves.
to be sure do a scan by avira to see if its present anywhere
Again, a strange assumption: avira would be 100% efficient and know everything about everything, whereas cav would not?
The files detected are always of the format CBXXXX.tmp - does anyone know if these are Comodo files??
Definitely.
but as yet have been unable to prove the connection.
You can't: CiS allows Comodo connections by default.
Last but not least, dogdog, don’t ever concurrently run 2 av, even if one of them is only “on demand”:
as you observed yourself, its engine and updates are still running.
Disable Comodo updating by going to the “Real Time Scanning” tab and deselecting the option to update the virus database. I don’t remember for sure, but I think for V4 it said something akin to ‘automatically update the virus database before scanning’. Don’t quote me on that. ;D
See if the detections continue after you stop CAV from updating.
well, i think you didnt noticed your first example: it says “action performed= allow access”
and this doesnt mean that AVIRA was allowed to access it. it slipped through because of a decision. and now it is hidden… i think it did what it was supposed to do, this virus.
there is no need to have comodo av as an on demand scanner.
because it has drivers still installed, and it was meant to be a guard.
good on demand scanners (as they are restricted free versions, but perfect for this job THEN!) malwarebytes.org free version (for regular still undetected new threats) (full name: Malwarebytes` Anti-Malware from Malwarebytes.org)
and
a-squared free (a combination of two very well engines).
they were made to be on demand!
avira is a good guard, so keep it. and look for the right settings. just to mention: enable expert mode!
