Did Comodo Install a Rootkit on my Computer?

hboffshore · November 24, 2007, 10:03pm

Hi All,

Yesterday I upgraded from version 2 to version 3.0. Version 2 worked fine for me in the past and never gave any problems.

I am also running Counterspy Version 2

I ran a Counterspy full scan after installing Comodo Firewall 3.0, and Counterspy identified the following two files installed by Comodo as highly dangerous rootkits.

C:\Documents and Settings\All Users\Application Data\Comodo\common\DB\DDB\DLL\138_d.sld
C:\Documents and Settings\All Users\Application Data\Comodo\common\DB\DDB\DLL\509_d.sld

Counterspy labeled these as the “Hacktool.Rootkit”

These files were installed by Comodo 3.0.

Are they dangerous rootkits? Should I remove them?

Thanks for the help.

Andrew

JJasper · November 24, 2007, 10:11pm

Hello hboffshore

These are files for the Comodo database. Don’t remove them. It is a false positive and should be reported to Counterspy.

John

system · November 25, 2007, 12:12am

Hi to you

I got the same problem, here’s my workaround
I deleted those 2 files and lowered the +Defense from Clean PC to Training Mode

I hope it can help someone

(B) (V)

Japo · November 25, 2007, 12:21am

More than one program is hitting false positives on those, because they’re encrypted. If you delete them CFP will still work but your Comodo safelist will decrease.

gordon · November 25, 2007, 1:29pm

The 11. commandment :
Thou shall not post virus-“warnings” and thereby create unneeded internet-paranoia
before you have sought a second opinion @ :
http://www.virustotal.com/en/indexf.html
http://virusscan.jotti.org/

bluginio · November 26, 2007, 11:18am

prevx csi also detect a file from v3(install folder) as suspicious.but before v3 i had threat fire and it also mentioned it as suspicious (after an upgrade).However i rely on prevx (even more than my av),so if u could report to them.