Fake Comodo Antivirus?

I just recently got this message from Comodo Antivirus that says there’s malware on my computer and it oculdn’t remove it. Therefore, ti’s prompting me to contact someone. However, I don’t have Comodo Antivirus. I have Comodo Firewall but I use Avast Antivirus. I’m not sure if it qualifies here as it might just be spyware… but all the same, I’m still really worried and I’ll accept getting told to put this elsewhere so long as i can potentially get some answers.

Do you have cloud scanning enabled?

If so , this would produce an AV alert, even though you don’t have the desktop AV component installed.

Cheers,
Ewen :slight_smile:

I have no idea what Cloud Scanning is.

For info on what I have to protect my computer, I have Avast Antivirus and Comodo Firewall. I had it on Game Mode for longer than I shoudl have though, so that might have done something bad.

I’ve tried to get rid of it with TAsk Manager but htat’s failed pretty hard at doing it. So I don’t know what it is besides stubborn. It’s also listed as plain ‘antivirus’ with the generic window icon. Nothing about it being ‘Comodo’.

cloud scanning is bundled with defense +. To see if you have it enabled go to the defense + settings and under the execution control settings there are 2 settings for cloud scanning. Can you upload the file its detecting to virustotal and post the link?

[attachment deleted by admin]

Can I have confirmation that this would be safe? THe settings do say cloud scanning is on but I just wanna be sure.

confirmation for what? sorry you lost me

Well, confirmation on what to do about this, obviously. Is this a valid warning and should I go through with it?

the only way to know is if you upload the file to virustotal like i said in my previous post.

Since Defense+ based cloud scanning is enabled, then the warning dialogue you received is, in all probability, a legitimate alert.

NOTE 1:
I said “in all probability” only because you did not include a screenshot and I wasn’t peeping over your shoulder, therefore I can’t say with 100% certainty.

NOTE 2:
To determine whether the file that triggered the alert is legitimate or not, I would do as wasgij6 suggested - upload it to VirusTotal and see what other AVs say about it.

Cheers,
Ewen :slight_smile:

Whatever the Comodo cloud detected it was obviously not detected by Avast. As you do not have Comodo av installed Comodo can only give you a warning and not quarantine the file.

As you are using Avast av you presumably feel it is better than the Comodo av. In that case you may decide to turn off Comodo cloud and ignore the alert which could be a false positive.

The alternative would be to uninstall Avast and install Comodo av.

I think the choice is yours, but Virustotal would help you to decide, so if you are not familiar with that just follow the link and do what it says.

Okay, It seems I have a trojan on my computer. How do I get rid of it now?

Nobody can help you unless you provide a lot more detail. Did you upload a file as suggested?

If so you can provide a link to the result which may at least give a clue.

I don’t know how I’d upload a file, unfortunately. This is the first time I’d ever have to do something like this.

I did the antivirus scan thing and I found some stuff.

http://i48.tinypic.com/fykihd.png

http://i48.tinypic.com/2rdyb87.png

http://i48.tinypic.com/1zwn7kh.png

I’m not sure if this is where they go but I"m new to this. So sue me.

Kaspersky reports it as a variant of TDSS. My bets would be on TDSS Killer from Kaspersky and thorough testing afterwards with multiple scanners.

What do others think here?

…Yes, don’t translate what this means to the less tech-savvy of the audience. Especially to the person who has the problem in the first place.

What he means is that in part of the screenshot you provided Kaspersky analyzed the uploaded sample and has detected it as a variant of the TDSS rootkit (rootkit definition - Rootkit - Wikipedia).

To attempt removal of the TDSS rootkit, you should download and run the Kaspersky utility called TDSS Killer (http://support.kaspersky.com/faq/?qid=208283363).

Please note that rootkits can be extremely difficult to remove completely. There is no guarantee that the Kaspersky utility (or any other) will be able to remove the rootkit infection.

Cheers,
Ewen :slight_smile:

P.S. A word of advice - Don’t bite the hand that feeds you. It would be smart (leaving simple courtesy aside) to reply politely to the people who are trying to help you. A simple “Sorry, I don’t understand what you mean” would have been sufficient and those people would most likely have willingly responded in a more simplistic manner.

Sorry if I sounded rude there. I intended just some snark but it appears that went a little too far.

All the same, I’ll need to do this tomorrow as I need sleep.

Edit: I actually just went ahead and did it… and it didn’t detect anything.

Try scanning with the following scanners:
Malwarebytes Antimalware
Super Anti Spyware
Hitman Pro
Spybot Search and Destroy

Let us know what they reported and if they could remove when it found something.

Well, with the first two suggested, a good bit of tracking cookies and a toolbar from Babylon was removed. AS well as some other things. However, I think I’m gonna use the rest first and make sure I get everything out and then do another check with Virus Total.