COMODO Firewall: WTF are you doing!!!???! [Resolved]

I’m very unsatisfied by this software!!! Continuous PC freezes, harassing autorization requests. Today I’ve tried to uninstall the firewall (and then reinstall it again) looking for a chance to solve this problems. Uninstalling is impossible because the UNINSTALL button is not available in ADD/REMOVE PROGRAMS. I’ve manually removed Comodo, clearing registry entries, as a new installation require a previous uninstallation of the old software. After installation I got an error message (rollback failed o something like that), so I’ve decided to reboot PC.
After the POST sequence XP warn me that file \windows\system32\config\system is missing or damaged, so XP is completely dead. No way to restore it.
Thanks to God I’ve did a system backup on 06/17 and after a new XP installation I was able to restore previous backup image.

I had a good opinion about this software, but day after day this opinion is changing to bad >:(

This is the most irritant continuous request from Comodo Firewall:


The uninstall issues are due to Installshiled a third party tool used to install and uninstall software. Comodo are working on their own installer due to the problems encountered by other users.

Could you give more information about your hardware and software specifications - especially if you have a lot of software connecting to the internet and loading at startup. Also, was CPU useage constantly high and do you know the process that had the high CPU useage.

This information may help find the problem and hopefully solve any issues,

My configuration is:

AMD 64 3800 Venice
RAM 1 Giga

Windows XP SP2
There’s no software connecting to the Net at startup except POPTRAY.

The process that seems to overload CPU should be CMDAGENT.EXE, but is impossible for me to be more accurate because when XP os freezing I’m unable to check the taskmanager.
Do I have a possibility to restore the UNINSTALL button in ADD/REMOVE PROGRAMS?
I’m worried about the fact that if I decide to unistall Comodo Firewall I will not have any chance to do that.

What is that pbwgj.exe application in your system32 folder? It seems to me that your PC is infected and pbwgj.exe is using outlook express to spread itself.

Can you tell us what it is?


I’ve searched for pbwgj.exe with Google but no results are available. My PC is protected with NOD32, Spybot and Ad-Aware and a ipothetic virus is not detected.
Any suggestion?

Is the name of the questionable exe in your system32 folder always pbwgj.exe or does it change?

The reason I ask is that I have a trojan removal program that randomly changes it’s name in memory in order to thwart any trojans that might be coded to look for it. Therefore I always get these types of popups from CPF when I run this program.

Maybe you have some ‘hook’ into OE that does this? Perhaps an email scanner? Maybe even NOD32?

Yes, it is. The name doesn’t change.


you do not know what “pbwgj.exe” does,
you do not know why it is in your “system32” folder,
you do not know why it “injects” code into an email client, outlook express, and runs it,

and you still think CPF is annoying you because it is catching “a highly probable infection and self spreading attempt” attempt(These patterns are exactly the same as email worms’ behavior patterns). What should it do? Just ignore the request as the most other firewalls???
Ofcourse CPF will warn you about such a big threat. And it is clearly written in your popup that “This is typical of virus behavior”.

If you are not sure about that pbwgj.exe application, you can send it to . Actually I would really appreciate if you immediately send that file to us so that we can see if CPF is catching an unknown threat.


I will send a copy of it tomorrow, when I’m back at home (in this moment I’m at work in hospital). I could try to clear it; what’s your opinion about this? Maybe I get serious problems cancelling this file?

I am not sure but it seems like a worm to me. We can analyze it when you send. When do you see that popup? How often?

That file that’s harrasing you is actually a mass mail worm. It’s obvious from parent/application info, not to mention it modified it in memory. Ppl, start reading before saying stupid things…

Seems CPF is doing its job. ;D Where is nod’s threat sense?

Gone missing i’d say hihi


I have found suspect files when looking for viruses and nobody detected it, Comodo Personal Firewall helped me confirm that it was indeed a virus and I sent it to them, at the end of the day Comodo Antivirus was the first Antivirus app to detect this threat, now after 2 weeks others are starting to detect it but not as many as there should be, now maybe when you see notices like this you might want to read them, Comodo Personal Firewall is a good tool in helping to identify Trojans, and other malwares as long as you know a little about system files.


Hi egemen.
Mauro was complaining over the italian forum that CPF causes a great hard disc use.
Most probably “pbwgj.exe” is the problem. It has to be a worm or a virus that moltiplies or enlarge himself because his disc is working costantly.
I am quite impressed that CPf succeded catching it when nod32 failed.

ps. Mauro from now on you have to say: (S) ;D

Its fairly obvious that you have a malware (a new malware that no one catches). So first of all, Congratulations for being one of the first to be infected by this :slight_smile: and secondly Congratulations for using CPF as it just saved your a*** where all the other AV, antispyware failed! Without CPF you could have been happily emailing the world and unintentionally contributing to the spam industry!

You should now pls forward this new malware to Comodo asap so that we can include it in our AV product so that we can protect all other users immediately.

Thank you for using CPF!


Hey ReJZoR,

Ease up dude. Sometimes people don’t fully appreciate what they are looking at. They can read all they want, but if they don’t understand, they’re no better off. The only really stupid question is the one that doesn’t get asked. :wink:

Ewen :slight_smile:

I completely agree , If that Annoying pop_up box keeps coming up then i would have to say that comodo is doing it’s job…

Maybe he could try downloading hijack-this [url][/url] and post it’s scan results either here or in the windows forum. ( see link…)


Under the hijack-this section look for Nellie2, She’ll help you get rid of anything bad infecting your system…

(L) (R)

Please everyone be patient. At 7:00 my night shift will end and I will take my bike to return at home. I will immediately zip and send the ■■■■■■ file at your attention, then I will permanently erase it from my hard drive.
So I can check if hyperactivity of hard disk is gone or whatever else.
It’s very strange that NOD32, Spybot and Ad-Aware doesn’t detect this hypothetic worm… :-\

Every virus, worm, trojan etc. is new and not detected as some point. :wink: In a strange way, I hope this is a new infection and CPF picked up its activity. To my way of thinking, it would prove that the firewall is doing its job (better than any other!!).

Ewen :slight_smile: