Hello everyone. I’ve been using COMODO ANTIVIRUS AND FIREWALL about 3 years now; i recently formatted my lap and installed the same copy of Vista Home Premium as before, following the Vista installation I installed several programas for drivers and utilityes including COMODO WITH FIREWALL.
As usual, I set the AUTOMATIC UPDATES “ON” and when the SP1 update try to install, COMODO sent me several messages that a "B A C K D O O R . . . . " virus had been detected. Well, i couldn’t install the SP1 with COMODO running I had to disabled it for SP1 to be installed and I had to disabled it for SP2 to be installed.
Now I have ran a VIRUS SCANNER with COMODO and the same viruses apears in the COMODO WINDOW EVENT.
My question to everyone and specially for the guys behind COMODO.
WHAT’S GOING ON?; I believe there are thousands or hundreds of thounsands that uses Vista and COMODO in the same machine. IS WINDOWS REALLY INFECTING OR INSTALLING VIRUSES AND SPYWARE ON OURS MACHINES WITH THE SP1 AND SP2, OR THE COMODO’S DATEBASE HAVEN’T INTEGRATED THIS REGESTRY KEYS INTO THE COMODO’S DATEBASE?
THANK YOU GUYS, ALL OF YOU OUT THERE.
It could be a false positive.
Please submit the file to www.virustotal.com and let is analyse. Leave the url to the results page here.
Hi EricJH, I submitted the files several times in the sections designed to do it, but i am not sure where to look up for the results. I apprecite your help very much.
By the way, where I wrote DATEBASE, I ment DATABASE. Should’ve gone to school insted of going fishing jejeje.
When you submit a file to Virus Total you will be taken a to a new page on wich a url will be provided. Do you get to that point?
Otherwise can you post screenshots of the alerts you got?
Hi again,
here’s the results for one submitted file, this isn’t part of the Sp1 or SP2. This is a file of my CREATIVE webcam:
http://www.virustotal.com/analisis/292c400210599dbc00d4a7d7e2fd5ecb4692f833ce4143dc32c61f1e76f8c8f3-1250708505
I couldn’t submit the others files because the system won’t let even though I have admistrator rights, the reason I think is because those are system files, however I have the names, types and location if this is of any help.
name: 0589db52628aca0130050000780acc02.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b_dnsrslvr.dll_faf65b7a
type: (.dll_faf65b7a)
name: 184db7f9628aca01cd050000780acc02.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b_dnsrslvr.dll_faf65b7a
type: (.dll_faf65b7a)
name: 806b9e4eec89ca01320500008405000f.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b_dnsrslvr.dll_faf65b7a
type: (.dll_faf65b7a)
name: 908ca8025d8bca01cd0500006c01100a.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b_dnsrslvr.dll_faf65b72
type: (.dll_faf65b7a)
name: bda80feaec89ca01cf0500008405000f.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b_dnsrslvr.dll_faf65b7a
type: (.dll_faf65b7a)
location: C:\Windows\winsxs\Temp\PendingRenames
[attachment deleted by admin]
The Creative file is more than likely a false positive. YOu can choose to ignore it. You can submit it as described in How to report False Positives - Please read this before submitting ! to help Comodo if you like.
The other files in what folder are they? When they are in System Restore folders you can follow this article on how to open the System Restore folders: http://support.microsoft.com/kb/309531 . That may help to submit them.
Here is a little tutorial on how to make a screenshot without camera:
How to post a screenshot?
To copy a screenshot of the active window push alt+print screen to copy the active window to the clipboard (pushing print screen will copy the complete window to the clipboard not just the active window). The window is now copied to the clipboard. Paste the image in any image editing program, Paint, Paint.net, the Gimp etc, and save the file as 32 bits png image.
At the forum push the reply button. Or when using the Quick reply type some text and push the preview button.
Underneath the text box click on Additional options. Push the Choose button and navigate to the file and select it. When you want to post more images click on the more attachments link.
When done typing push the Post or Preview button.
Thanks for the tutorial, very helpful.
The other files are in this location or PATH: c:\windows\winsxs\temp\pendingrenames; I don’t think this is part of the RESTORE SYSTEM.
However here’s a picture taken with the tutorial You gave me. I appreciate your help and the time You took in this post. THANK YOU ! ! !
[attachment deleted by admin]
That is in the Windows Side by Side (sxs) folders. From Wikipedia:
A common issue in previous versions of Windows was that users frequently suffered from DLL hell, where more than one version of the same dynamically linked library (DLL) was installed on the computer. As software relies on DLLs, using the wrong version could result in non-functional applications, or worse. Windows XP solved this problem for native code by introducing side-by-side assemblies. The technology keeps multiple versions of a DLL in the WinSxS folder and runs them on demand to the appropriate application keeping applications isolated from each other and not using common dependencies.
It is best not to mingle with these folders. I think the file found in the SxS folders is from your Creative cam suite. It is best to simply ignore the alerts as I think it is a false positive. Did you submit the false positive, by the way?
Another tips for screenshots is to use the Crop function of Paint or Paint.net. This way the workplace will be reduced to just the pasted image: the white background will not be part of the image when you save it.
Yesterday I wanted to update my Acer to SP2 on a Vista machine. At the end of the install SP2 got stuck on CIS4 and I got a new pop-up I have never seen before. A small long pop-up with the string as written without option buttons, just plain white box with;
name: 0589db52628aca0130050000780acc02.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b_dnsrslvr.dll_faf65b7a
I even turned CIS off but still CIS gave me this popup and I cant install SP2 from the internet.
How exactly did you turn of CIS?
I clicked right on the Icon in the task-bar and closed the sandbox, turned off def+, firewall, AV.