Dear Comodo,
I’m a Comodo Big fan. I use CIS for protect myself and always use Killswitch and Autoruns to help other’s PC that be infected by malware.
Today, i found a serious bug with autoruns comodo in viewing Userinit and Shell Entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit=E:\WINDOWS\system32\userinit.exe,C:\Program files\mmsehswb\uskqusgr.exe
Shell=Explorer.exe,C:\Program files\mmsehswb\uskqusgr.exe
C:\Program files\mmsehswb\uskqusgr.exe is a malware path that not found by Autoruns. Autoruns separate this entry into three sections. And said that ‘File Not Found’
But, Autoruns (Sysinternal Toos) done perfectly in viewing and find this:
It will be terrible when we choose View->Hide Safe Entries from Autoruns CCE menu, this Userinit and Shell entry will be dissapear because ‘File not found’ is always considered to be safe by autoruns. So, we don’t see anything strange with this two value which should be rated as malicious with red colour highlighting.
Please fix this in next version, so we can done perfectly in remove malware autostart’s key.
Best Regards,
Herman Salim