Good cleaning technique (disinfection) is as important as detection

First of all, thank you Comodo for protecting my computer for years… yes since the days of CFP 2 and CAVS 2! Even in the days the detection rates were said to be lower compared to others, I stuck to CFP & CAVS. Since the inception of CIS 3.0 it has become better and would detect the virus before it can wreck havoc in my computer.

However, recently, I installed CIS in one of my friend’s computer. Unfortunately, the computer was infected with some Virut virus. Immediately after updating the antivirus, the CIS (realtime detection) said that virut virus was found in the computer and CIS automatically quarantined it. Nice to hear…. But no! CIS detected virut injection in wuauclt.exe, explorer.exe etc. and quarantined it. Within seconds the computer was without a desktop screen and icons. I right clicked on start button to open explorer.exe and explorer.exe was quarantined. I tried to open taskmanager and it was also quarantined. In short, as a layman, I understand that in case if any exe file is opened, the said ‘virut’ would make a hook into it and CIS antivirus would detect it as virut and quarantine it. (I have no idea why defense+ didn’t give any alert). From my friend’s point of view, the computer which was otherwise working was dead within seconds.

Ultimately, the screen was without any usable think as right click of mouse also didn’t give me any options and without a taskmanager, explorer and a desktop screen not even showing the icons the computer was of no use. I had to hardboot by pressing reboot and the screen again returned to the blank screen. Tried safe mode same result (as explorer and wuauclt and taskmanager was quarantined). Fortunately, I hadn’t tried cmd.exe, so I got the option of safe mode with command prompt. Opened CIS through command prompt but the antivirus gave error message that the ‘quarantined files cannot be restored’ stating some code number mentioning that the feature is not supported. Ultimately, I disabled CIS antivirus rebooted it and then copied the above files from another computer and pasted it in its respective places and removed CIS antivirus. Installed MSE and MSE detected the same files, but, ‘disinfected’ it from virut and the computer continued to run without any problems while the viruses were removed. (After removal I scanned the same using CCE & MBAM to confirm that virus is not hiding somewhere, but, it turned out to be a clean computer)

My point is… disinfection feature is a must to deal with the already infected computers, otherwise, reformat of the computer would be the only option. I hope that the antivirus in CIS 6.0 with killswitch and acid cleaning technologies dons these capabilities.

Sorry, but the text was too long.

If you want an antivirus that can erase all traces of known virus,
you still would have the undetected payloads active.

Maybe a RAT?

Anyway, when the day comes where i get a virus,
i would not only erase all virus,
i would erase all worries.
By simply re-installing the operation system.

Infection is, or better, should be a rare… very rare situation. I dont prepare for it to happen. I prepare to avoid it to happen.
I am fine.

Easier said than done, as some people still store everything in c drive and an operating system reinstall would erase the same. Again, the option to completely get rid of everything is by a clean installation including the partitions (to remove possible MBR infections also). So, all the data will go.

Yes, you can ask about backups… but everybody don’t always keep backups, as they never fear that their computer will die that way. (Don’t ridicule that they don’t deserve to use computer, as such things do happen)

Disinfection, as I said is important because as in the instant case I mentioned, CIS quarantined important operating system files thereby making the computer unusable. I got a workaround and succeeded in it. But, all may not be that lucky and he may never return to CIS. So, disinfection is a must, especially for infected systems. Had CIS been able to disinfect the virus (like MSE) and allow the computer to be able to run, there was chance to using other standalone antivirus / spywares to ensure that nothing is left behind.

I could have made my first post by making just a 1 line entry, but, that would not have shown the severity of issue or reason for asking the same. Hence, made it lengthy.

First-of-all, excuse me, but where doed it? 88) Anyway, it’s fine that You are fine :slight_smile:

It’s great, but layman tried to tell something else, & Your misunderstading is the result of:

You were lazy and do not read properly, that’s the point. :wink:

He tried to help his friend with his infected PC but couldn’t do. So the same thing would be with you in similar situation & it cannot be avoided by definition. :azn:
Well, all this just because CIS detects+quarantines viruses, but not cures… :-\ CIS don’t has cure-module, like Dr.Web, for example (which I respect along with CIS).
So, I totally agree with layman - that would be wonderful for CIS in addition to all its benefits also to cure, no doubt, but… But there is a little problem. All other adequate anti-viruses, including that Dr.Web, are paid, while CIS is free. In my sight this is the key. For such a money (namely 0$ ;D) is unlikely to be something different. Must say a HUGE THANKS for everything else so well (& this is not even to mention the Firewall and Resident Shield).

So, in layman’s situation need to do otherwise - boot from any other bootable media & drive out viruses with some free curing utility (like CureIT), then, if treated successfully - boot normally & install CIS, but if not and the viruses can not be cured - that just reinstall the OS, alas.

To reconcile the parties, I will end up so: as a protective system CIS unmatched, there is one aforementioned, but, alas, the inevitable lack - the inability to cure. Well, that should just be kept in mind and do as clockwork written - don’t prepare for it to happen, but prepare to avoid it to happen. 8)
& the problem of those who do not use CIS - is their problem. :wink:

P.S. If sometime & suddenly CIS finds itself with a cure-module - I’ll just be happy, no any doubt! :-TU :smiley:

indeed cleaning is important.

Did you try CCE? (Comodo cleaning essentials) which was purely designed for cleaning.

Hi Melih what do you think about this idea ?

In CIS 6 beta. In scanner settings you can have it automatically have it either quarantine threats or disinfect threats it finds. I don’t know if it does a disinfection procedure if realtime scanning detects something. so You cna look forward to have a disinfection after a scan if CIS 6 final if they keep the feature.

yes good idea…we already do majority of that…great minds think alike :wink: