Can someone tell me what’s happened here and whether my computer’s infected please, Comodo’s complexity has got the better of me.
I’m using the free firewall with Defense+ Version 5.3.181415.1237, Avast free antivirus 6.0.1000, on an XP SP3 32bit system and Firefox 3.6.16 browser, all up to date. A few days ago (10th April) I clicked on a link to a website and got a popup warning from Comodo. I immediately closed the suspect tab, and I’m afraid I didn’t record what the warning said, I assumed comodo had blocked any damage from being done. Since then I didn’t think anything more about it, until 16th April, when I opened Comodo and saw that the summary screen said “Comodo has blocked 33 intrusions”. The details are in the attached Defense+ Events export log “Defense+Events.pdf”, also showing some records of what I did since:
After I opened the website 10th April, I am confused that it reports this “0.4377…exe” file as being scanned and found malicious many hours later, but that I’ve had no popup warnings since, and it isn’t obvious to me what action Comodo took about this file. I am concerned that it is listed in my Temp folder and appears not to have been deleted, and why it was showing up during defrags on 13th and 16th, (which I didn’t run manually, and wasn’t aware was scheduled). The two notifications on my Comodo summary screen below “Defense+ has blocked…”, state “0 unrecognised files…partially limited” and “0 applications… sandboxed”. I looked in my Temp folder as listed in the attached event log, and searched the disk for the file “0.4377…”, nothing found. I even booted up in safe mode and deleted the Temp folder, which was recreated and shown as empty after a normal reboot. An Avast scan showed nothing. I then downloaded and ran Comodo CCE (17th April), which came up with the results shown on the attached screen dump “img006.jpg”. I hit clean for all the threats listed, including Citrix which I have deliberately installed. I don’t know if the other high ‘Threats’ are the same or different problems, or false results. I ran defrag on 21 April, and “0.4377…exe.” is still showing up as shown in the log.
The only other thing I can add is that “0.4377…exe.” shows up in the registry under the following branches:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\2\HIPS\Policy\0\Rules\0\Blocked\0
HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\2\HIPS\Quarantined Files\0
under “DeviceName” and “Filename”.
This indicates to me I should be able to find it in a Comodo quarantine or similar (and delete it), but I can’t.
So I am now thoroughly confused as to whether this computer is infected, clean, or what to do to remove any remaining dodgy files and stop further warnings. Comodo may the best for security, but when you do have a problem, it is to me just too user unfriendly and unhelpful.
Can anyone shed any light on this?
Thanks.
~Jennie~
[attachment deleted by admin]