comodo fail #4

pazsion · June 2, 2010, 8:28pm

I was playing a game called K.ill O.n S.ite i was hacked…with what i assume was packet injection, targeted at ram… they loaded something labeled sf.bin which avast isolated… and so did comodo… but then they made an exception and allowed it in both programs… the prefetch files were labeled dc1 through 3… one for each time my pc shut down…

error messages:

something like violation of exception in cfp.exe it needs to be shut down… then K.O.S recieved an error stateing that it can not find memory address xxx, and can not read memory at address xxx… i closed the error windows… i ended the software with the open connections… and then bSOD siteing the same error numbers that cfp.exe error window stated…they basically found a way to create an exception, create a process, and then flood memory or tell it to read from memory that didnt exist… causeing windows to shut down…if i can get it to repeat regardless of what i do, i’ll get a screeny… but as it was happening within 3 seconds i had no control…and BSOD could not be prevented…anything in clipboard would then be erased… so i’ll take a picture / video of my screen if i have too

stealth ports was not enabled… no fw was on. untill the third time… even with everything enabled they still got through…all but stealth ports was enabled… fw protocol analysis was off …packet checksum was off…
image execution was turned on, but no files were told to be scanned… =c i swear i had windows system files in there…now i put everything i could in there…and made sure that sf.bin could not be accessed…useing several blocking features in comodo… i restricted it’s access rights and enabled all protections… now i can’t delete it, and it can’t be used or modified…

here is my defense log showing the blocking and exceptions and then allowing… the ones stateing july are from today… i set my time ahead one month for various reasons…they will be 7/1/2010 - 7/3/2010 etc…

[attachment deleted by admin]

pazsion · June 2, 2010, 8:33pm

dfense+ log

[attachment deleted by admin]

pazsion · June 3, 2010, 12:25am

malware log… from gmer… some of this doesnt look like malware :-\

i’ll click ok and see what happens…

but here is a log for your reference… let me know if anything sets of a red flag for you… :P0l

[attachment deleted by admin]

languy99 · June 3, 2010, 12:39am

so lets see you had CIS complete turned off and now you are ■■■■■■ you got hacked? Well it serves you right, had to say it. Now onto fixing it. Please follow the guide providing logs as you go along.

https://forums.comodo.com/virusmalware-removal-assistance/what-to-do-if-youre-infected-experience-rev3-t41380.0.html

pazsion · June 10, 2010, 9:47am

the problem is, the attacks persisted regardless of any protections i put in place… comodo and several others were repeatedly bypassed…i am not ■■■■■■ at comodo…or the other vendors… they are the solution not the problem… i’m more mad at those who attack me and other people… and use video games as a beta testing grounds, for their hack software and scripts… anything i can do to prevent their success is welcome. I have reason to believe that this was an outside attack or not part of this game or it’s players…it’s timing couldn’t have been more convient tho… and i was not the main target, but part of a bigger “attack” or data mining process… i’m noticing other anomalies on other pc’s and infrastructure that are not mine…

currently i have disabled all permissions for all profiles / users on the effected pc…and removed it from the home network… which will probably lock me out of it after i reboot… but no one will be able to access anything and i’ll be able to continue breaking this last attack down. piece by piece, untill i can certainly find out what failed, or assited in the failure of security for this pc… and our network, and where it came from.

All that i’ve tried…antivirus / fw software is blocked from installing… gives error 1601… regardless of what software i’ve installed…its the same thing… windows installer can not start. error: 1601…

lol a new version of comodo internet security… version 4… was also recently downloaded… have you released a new version?

but i can install and un-install numerous other software

there is a folder labeled c:\program files\windows nt… that is new to me… never seen it on my pc… a dialer.exe and hypertrm.dll will delete…and then restore themselves… several other .dll and exe’s also did this… i poked around and found related processes and registries…and removed them…then the files…only the previously mentioned files remain undeleteable… windows won’t delete the folder, and says files are in use… quite odd…

pazsion · June 10, 2010, 10:10am

i swear there was alot more to this thread…

thx for the link to old software… and tactics for people who are new to this kinda thing…kind of insulting…

but i have yet to do a boot-up scan…

I don’t trust superantispyware… too many similarly names applications have been force installed…
malwarebytes has never helped me.

hijack this has been useful.

avira was helpful but left things behind that

avast found…

but for my situation… everything has failed… and the only method left is boot scan… or remote scan.

I may save this hd for later, if i can’t get it clean. i really want to know how it happened…

pazsion · June 10, 2010, 10:35am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:30 AM, on 6/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS2\system32\Rundll32.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS2\system32\CTsvcCDA.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Outlook, Office, Skype, Bing, Breaking News, and Latest Videos
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Version News – KeyScrambler by QFX Software Corp.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>> ‘Full Speed’ Enabled <<<
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM..\Run: [RivaTunerStartupDaemon] “C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe” /S
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS2\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS2\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS2\system32\igfxpers.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Program Files\Comodo\COMODO Internet Security\cfp.exe” -h
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=2 /w /h
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU..\Run: [Messenger (Yahoo!)] ~“C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKUS\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘Default user’)
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000345&p=ZLxdm151YYUS&si=253401&a=f8FaJxVKKflqrMaUfZT1iw&n=2010032400
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra ‘Tools’ menuitem: &KeyScrambler… - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra ‘Tools’ menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\bibobipb\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276063342187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276063305484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip..{CC738867-917D-4E6D-A250-B678EBB2BEF4}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS2\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS2\system32\CTsvcCDA.EXE
O23 - Service: Windows Live Family Safety Service (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IS360service - Unknown owner - C:\Program Files\IObit\IObit Security 360\IS360srv.exe (file missing)
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS2\system32\PnkBstrA.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file - 11794 bytes

languy99 · June 10, 2010, 2:47pm

I would fix these:

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=2 /w /h

O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000345&p=ZLxdm15 1YYUS&si=253401&a=f8FaJxVKKflqrMaUfZT1iw&n=2010032400

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)

O9 - Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)

It looks like you don’t have avast anymore but if left things behind, if you you can clean these too:

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)

O23 - Service: IS360service - Unknown owner - C:\Program Files\IObit\IObit Security 360\IS360srv.exe (file missing

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

buttoni · June 10, 2010, 5:56pm

Post deleted by author.

languy99 · June 10, 2010, 5:57pm

right if he does not have it anymore.

buttoni · June 10, 2010, 5:58pm

Post deleted by author.

pazsion · September 13, 2010, 4:25pm

it was various forms of DDOS attacks… which have persisted for some time now. still persists to this day…

i’ve replaced my router, and have repeatedly tried to obtain more up to date hardware for the voip router that comcast uses to control everything on their end… these attacks actually prevented them from seeing our hardware and network… it’s over 5 yrs old, but has up to date firmware…but remains an open link for attacks… only the new router is stopping access… it logs each attempt.

recent errors… have caused comodo to shut down. updates loop and do not complete… if i allow them to or if they do, the software becomes curropt… i’ve found that re-d/ling updates before resetting fixes w/e they tried to break /modify

here is a log

[attachment deleted by admin]

pazsion · September 13, 2010, 4:37pm

i have since formatted the drive, having no other drives to use at this time… i had no choice… luckily this software or people persist in their attacks, so i will have plenty to work with in the near future… i’m currently looking into the likelyhood that wifi and other people’s networks are being used to connect as they do. possibly originateing from a local wifi hotspot… there are several in range… all of them have some code as a name instead of netgear/linksys/ someone’s name… 4 or 5 of them only listen, and attempt to ping or find open ports. watching a scan of traffic on individual channels presents this info… i can see beacon signals and weither or not they are asking permission to connect or retrieveing info… for the most part they are probeing for info, and not wishing to connect to the internet…

here is all of the log files, for the fw and agent, and a crash report.

i look up offending ip’s and report them to the associated networks… att, comcast, verison. are the ones most used so far. early on, some have been traced back to RCN corp. which recently aquiired a portion of comcast’s networks… and continues to grab up rights to other networks… comcast denies this.

[attachment deleted by admin]

Citizen_K · September 14, 2010, 12:56am

Hi Pazsion. This looks like a bug to me. Are you willing to submit it in the Bug Report - CIS board following IMPORTANT: HOW TO SUBMIT BUGS (read this if you want them fixed)?

pazsion · September 26, 2010, 8:06pm

recently updated to version 5.0.162636.1135
VDB is 6199

all previous posts for for versions 3 and 4 of the freeware version of internet security…

and the errors/bugs have persisted… only this time a virus was found…over 16 so far since install…

here is the recent logs from another crash report…it appears to be a similar issue.

And yes this is a bug report, yes i have read that post. and thank you… i’m hopeing that everything i am provideing is enough to begin diagnoseing this issue. comodo should not be crashing…

[attachment deleted by admin]

mouse1 · September 28, 2010, 9:22am

I think Eric’s post may have contained a misdirected link. We would be very grateful if you would use the standard format. Please find the standard format here. You can copy and paste the format from this topic.

To understand the reasons why we ask you to follow these guidelines please see below.

WHY WE ASK YOU TO FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Best wishes and many thanks in anticipation

Mouse] here[/url].

Citizen_K · September 28, 2010, 5:41pm

Indeed an old link. Reality has caught up with that.