Comodo Cleaning Essentials BETA Bug Reports

Comodo Cleaning Essentials + KillSwitch & Auto Beta Corner - CCE
1

Please post all bug reports & BSOD’s here and make sure to include:

  1. Your Operating System (32 or 64 bit) and Service Pack revision
  2. Other Security and Utility Software Installed
  3. Step by step description to reproduce the issue
  4. How you tried to resolve the problem
  5. Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory dump) <–This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not required but very very helpfull) (((If you don’t want to post the link to the memory dump, then PM a Mod with the link for the dump))))
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful

It’s vital to provide all this information, so the developers can quickly identify and fix bugs faster.

This format will be strictly moderated. If your messages do not convey this format, they are not going to be taken into account.

For those who observe freeze issues while doing a full scan:

Here is what you need to do in order o identify the problematic file while scanning:

1 - Disable Defense+(If you have CIS installed)
2 - Download Process Explorer from Process Explorer - Sysinternals | Microsoft Learn
3 - Run Process Explorer
4 - In Process Explorer, select View->Lower Pane View->Handles
5 - In Process Explorer Process window, click on cce.exe
At this stage, in the lower pane, you should be seeing handles opened by cce.exe. You are particularly interested in “Type File”
6 - Open CIS and Run a Scan → My Computer.

Wait until the scan hangs. When the scan hangs, you must go to Process Explorer and check the Lower Pane for open “File Handles”. One of those handles are causing this issue. Probably an archive file. Please indentify that file and let us know.

==============================================
**edited by jay2007tech to add on how to produce or force a memory dump (If needed)
How to produce a memory dump

To Configure Your Computer for a Complete Memory Dump If you cannot locate a complete memory dump file or a complete kernel memory dump file, you can configure your computer to record them by generating an event report. To do so, follow these steps:
  1. Click Start, and then click Run.
  2. Type control sysdm.cpl, and then click OK.
  3. On the Advanced tab, in the Startup and Recovery section, click Settings.
  4. In the Write debugging information list, click Complete memory dump or click Kernel memory dump, and then click OK.
  5. Click OK to close the System Properties dialog box.
  6. In the System Settings Change dialog box, click Yes if you want to restart your computer now. Click No if you want to restart your computer later.
'Crash on Control Scroll'. This feature allows a user to manually crash the system, thus triggering the blue screen of death (also known as BSOD) and memory dump generation.

To enable that feature on a USB keyboard:

* Start the registry editor (regedit.exe)
* Locate the following key if you have a USB keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters
  • In the Edit menu, click Add Value and add the following registry entry:
    Name: CrashOnCtrlScroll
    Data Type: REG_DWORD
    Value: 1
    • Exit the registry editor, then reboot.

if you have a PS2 keyboard: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
* In the Edit menu, click Add Value and add the following registry entry:
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
* Exit the registry editor, then reboot.

After the reboot, you can now manually trigger a crash by pressing the SCROLL keyboard key twice while pressing the right CTRL key.
After you created a complete memory dump and restarted the computer, you need to know where the .dmp file is

Click Start, and then click Search.

Click All files and folders.

In the All or part of the file name box, type *.dmp.

Now that you know where it is
Use winrar, winzip, 7zip, or anything like that and create a archive(basicly a .zip file) (that so you can compress 1gb to 300-400mb’s) Thumb Up <—this will save you some bandwidth uploading later, trust me

Now you have a highly compressed memory dump file that’s in a .zip file
Next upload it to megaupload.com and save the link (because we know email won’t allow a couple hundred megabytes at a time

2

And here is the Product designed for “Cleaning”…

CIS is about “keeping a clean pc clean”
CCE is about “Cleaning an infected PC”

but my personal favorite…KillSwitch…I just loooooveee this patent pending technology!!! I can remove malware with just KillSwitch…yup…just use KillSwitch and you will remove malware :slight_smile:

Because of the power of this product we are thinking about making it available only to Sys admins/Techies rather than to everyone…

Melih

3

Post here if you encounter any problem with CCE. We will help you to resolve as possible as we can.

Enjoy it! And happy holiday! ;D

Doskey.

4
  1. Your Operating System (32 or 64 bit) and Service Pack revision : Windows 7 64bits
  2. Other Security and Utility Software Installed : CIS
  3. Step by step description to reproduce the issue : Open killswitch > view > show only the unsafe images in memory
  4. How you tried to resolve the problem : N/A
  5. Upload Memory Dumps on crash if you encounter any : N/A
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful : Killswitch or ‘Dacs’ cannot determine my drivers…
    Realtek win the battle ! :o
    VT for the drivers : http://www.virustotal.com/file-scan/report.html?id=4e0320281fb9d02a4d8571597d157c0df2a85cf17d53775d93cf3c54bec34b24-1293211403

[attachment deleted by admin]

5
  1. Your Operating System (32 or 64 bit) and Service Pack revision: Win7 x64
  2. Other Security and Utility Software Installed: CIS, Panda Cloud
  3. Step by step description to reproduce the issue: hard to say, I think CCE crashed when it was scanning a file that Steam were currently downloading, so maybe the file was incomplete, or Steam was updating it, or the file had access restrictions…
  4. How you tried to resolve the problem: yep, I ran a scan again and it worked
  5. Upload Memory Dumps on crash if you encounter any: I sent a report through the crash window, don’t know if you will receive it
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful: I didn’t do a full scan, only the one where you don’t need to reboot (everything checked except memory on start)
6
  1. Your Operating System (32 or 64 bit) and Service Pack revision: xp sp3 32bits
  2. Other Security and Utility Software Installed: full cis 5
  3. Step by step description to reproduce the issue: no other av products under verdict tab
  4. How you tried to resolve the problem: restarted the application
  5. Upload Memory Dumps on crash if you encounter any
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful
7

Would you please send us a screen shot of verdict tab?

Regards
Haibo

8

Your Operating System (32 or 64 bit) and Service Pack revision: Windows 7 32 bit 32bits
2. Other Security and Utility Software Installed: CIS 5 Full installation
3. Step by step description to reproduce the issue: When i enable ‘Replace task manager’, and try to open the task manager nothing happens. Neither Kill switch nor task manager open up.

  1. How you tried to resolve the problem: If i disable the option, i am able to get back task manager.
  2. Upload Memory Dumps on crash if you encounter any
  3. Attach screenshots to your posts to clarify the issue further
  4. Any other information you think that might be useful: It seems that the ‘Replace task manager’ doesnt work.
9

Have you tried selecting the option, then closing the killswitch; then Press Ctrl Shift Esc
Does killswitch come up?

Jake

Edit: Added Shift to the combination

10

No, Ctrl Esc brings up start Menu. Nothing else.

11

Sorry Typo,

Ctrl Shift Esc

12

Still nothing happens!

13

DACS bypassed ;D ;D

12,1 MB file too large 88)

By the way DACS is working today? I have been waiting half an hour and still I can get the results from an unknown file

[attachment deleted by admin]

14

I have a 45 mb file and i dont get ‘any file too large’ error. I guess there are a few fine tuning required here and there!

15

DACS is overloaded, how maaaany pepole are using CCE? A lot.

Let’s wait few days :slight_smile:

16
  1. Your Operating System (32 or 64 bit) and Service Pack revision: Windows 7 32-bit
  2. Other Security and Utility Software Installed: Avast and Comodo firewall
  3. Step by step description to reproduce the issue: When i enable “Replace Task Manager” option in KillSwitch and try to open Task Manager, the error comes up.
  4. How you tried to resolve the problem. I disabled UAC but that didn’t solve the problem.
  5. Upload Memory Dumps on crash if you encounter any: none
  6. Attach screenshots to your posts to clarify the issue further
  7. Any other information you think that might be useful: none

[attachment deleted by admin]

17

Please right click and select 'Run as administrator!!

18

it wont resolves this bug…
btw , if you have avast 5.1 its maybe behavior shield the problem.

19

I have version 5.0 and temporarily disabled shields but that didn’t help either. Any more sugestions?

20

I don’t know exactly where I report this issue but since CCE is supposed to clean the file then it should be here…

  1. Your Operating System (32 or 64 bit) and Service Pack revision: win xp : 32bit
  2. Other Security and Utility Software Installed: none
  3. Step by step description to reproduce the issue: CCE can’t disinfect a specific well known worm
  4. How you tried to resolve the problem: N/A
  5. Upload Memory Dumps on crash if you encounter any: N/A
  6. Attach screenshots to your posts to clarify the issue further : N/A
  7. Any other information you think that might be useful: here is the VT for the file

http://www.virustotal.com/file-scan/report.html?id=c83c1ba415943e78620344b610251f0dd4932cb63b9c7219b8260c0b58fd52bb-1289598197

and CIMA

http://camas.comodo.com/cgi-bin/submit?file=c83c1ba415943e78620344b610251f0dd4932cb63b9c7219b8260c0b58fd52bb

[b]when doing a full scan the CCE deletes all files that were already patched , even itself …

I tried with a single file " patched with the virus " , the result is the same , it deleted the whole thing ![/b]