Heur.Pck.MoleBox

Here we go again!! I hate viruses !!! shit!! (:AGY) Heur.Pck.MoleBox this thing has me baffled…Can someone let me know how to get rid of this?? I used CIS to locate it CIS found it I deleted it and it comes right back I’ll try and install a program and it says it doesnt recoginze it…

I got this same virus today from a progam called “folder lock 6”. Been on my PC for a fews now and comodo just now red flaged it. Its shareware program I am using but I had it quarantine to be on the safe side. I had no problem with getting rid of it.

I still cant get rid of it…have you ever caught yourself saying I dont have time for this!!

Ive never had a monster like this while using CIS How did it get through a firewall and comodo without making some sort of racket to find out after it got inside I might be looking to RE/RE which I really dont have time for…Hmm

THEN it gets redflagged?? let me know if theres a way to remove it I did a scan and it found it Quaranteed it deleted it and it comes right back Hmm… (:AGY)

Hey Wesly, Sorry about the troubles - Can you please PMessage me the download link?
I will have a look into it and see what can be done…

Untill then…This may be of some help to you…
You could try adding that file into the “my blocked files” inside of defense+, Setting Comodo to auto-quarintine so you don’t get constant pop-ups.

In that same folder the malware is located, Click → Tools → Folder options → View → Show hidden files and folders.

It’s possible that there is a hidden file in there…(Something like auto.inf)

Hello,

Have you tried:
Download & Install SuperantiSpyware (Free) From http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe

Updating It,

Then Restarting In Safe Mode, Then Doing A Complete Scan?
(To Boot In Safe Mode While Starting Up Hit F8 Then Choose Safe Mode)

Did This Help?

  • Jacob

CIS just informed me that I had something similar inside a restore point…

???

[attachment deleted by admin]

If folder lock 6 is legit andwant it back do this

If you want folder lock 6 back and comodo to leave it alone Do this

To get Folder Lock 6 out of quarantine do this.
1)Go to the antivirus section in Comodo
2)If Antivirus realtime is on, disable it
3)Click on “quarantine iteams”
4)Highlight the program you want back “In this case, folder lock 6”
5)Now click the “Restore” button,NOW ITS BACK TO IT’S ORIGINAL SPOT
6)KEEP THE ANTIVIRUS REALTIME DISABLED, UNTIL YOU FINISH THE NEXT SECTION

Now to get comodo to leave “folder lock 6 alone”
1)Make sure antivirus realtime is disabled
2)Go to the antivurs section in comodo
3)click on “scanner settings”
4)Now click on “exclusions”
5)Now click on “add”
6)Now click on “browse”
7)Go find the file you want comodo to leave alone. (In this case it’s folder lock 6)
8)Click ok
9)After the file you want is added to exclusion, go to “scanner settings”
10)Adjust the antivirus program back to realtime
11)exit comodo
12)Your done :■■■■

===============================================================
To the other person

CIS just informed me that I had something similar inside a restore point...
delete all the system restore points, when sure that the virus is gone and doesn't come back, create a new system restore point

Generally viruses, spyware, trojans, etc that keep coming back. You should go to windows safe mode to clean the infections

I am so very new to all this and I think anti virus etc are very confusing BUT I do like Comodo BUT just now while trying to download think its called Flash Player and also update Adobe Reader and I got that Virus Heur. I wasn’t surer what to do so I quarantined BUT now I can’t find them (3) to remove. AM I in Big trouble??? The Virus Defense does say 3 three threats detected. There was also a “line” asking to accept ActiveX… not sure if that caused the problem. Any suggestions for this trouble (:SAD)

lets start here

I wasn't surer what to do so I quarantined BUT now I can't find them (3) to remove.
If you followed my step by steps in getting it out of quarantine , and the files are NOT there, then you must have somehow gave it permission to delete it when it first got detected
while trying to download think its called Flash Player and also update Adobe Reader and I got that Virus Heur
I guess the obvious question for this is where did you get the programs from ( WEBSITE ).
There was also a "line" asking to accept ActiveX... not sure if that caused the problem
That's sounds like internet explorer., For some program that pops up. Flash player can be used in a web browser for various stuff like , watch movies on youtube. <---an example

I haven’t read anywhere elses here, someone thats having the same problem, I curios on where you downloaded from.
If its for the program itself that popped-up for an update, what website were you on when the pop-up occured

Lets start with that

Very much like IE7 (8 if updated).
The single bar asking to install the ActiveX - that was your browser requesting permission to run the application.
If this is from a valid site (i.e. adobe.com), it is safe to run.
The AV warning is probably a FP. If unsure, you can always test it with CIMA http://camas.comodo.com/cgi-bin/submit

As Jay2007tech has asked, let’s start there. What website?

I was download Adobe flash reader on high heuristics on file fox and it detected part of the file as it was downloading. It was a legit site. Not sure ifs its fixed now?

Can someone tell me what this virus does. I just found it on my laptop running vista business? I have tried CIS to remove but it keeps re installing. What problems will this cause me?

And I need to figure out how to remove it as well. I’m not super techy.

Thanks!

Jabob wrote

Have you tried: Download & Install SuperantiSpyware (Free) From http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe

Updating It,

Then Restarting In Safe Mode, Then Doing A Complete Scan?
(To Boot In Safe Mode While Starting Up Hit F8 Then Choose Safe Mode)

Did This Help?


After you do the scan and delete in safe mode, run it again to make sure its still gone

Also, go to “system restore and delete all the old system restore points, then create a new one.
To get to system restore “Click on START”, Click on “All Files”, Click on accessories, Click on System Tools
, Click on Sytem Restore”

P.S. sometimes “auslogic defrag” program shows up as Heur.Pck.MoleBox (just to let you know) :slight_smile:

I just got this while running a Quickbooks tutorial. I am still of the opinion that the new Heuristics engine is not yet up to scratch and am disabling it until these events stop popping up.

I think that if you go to the Molebox website - www.molebox.com - you’ll find that Molebox is an application virtualization application. (Yeah, I know “department of redundancy department”) It enables an application to be installed without it having to be “installed.” All of its required executables, support files, dll files, etc., are contained within one .exe, and no installer is required to be run.

SO, that being said, it can also be a rather subtle means of distributing malware, hence its detection (heuristically) as a virus. If Comodo AV is detecting a program that you use and know isn’t a problem, just tell Comodo AV to ignore it, or to move it to your safe files.

On the other hand, remember that the internet can be a nasty, scary place, full of truly bad malware for your computer and act accordingly.

OT

Yup. I just got it too. As soon as i put my Warhammer disc in… this virus came up, i clicked qaurentine, but it’s not in the vault?

Surely there can’t be a virus on these discs :S This has really confused me.

Just to add, as i was installing Belarc i got “heur.suspicous@20372676” hit Quarantine and it’s there. This is weird xD

It sounds like a false positive, please submit it to this thread. Follow these guidelines https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected/cis_malware_naming_rules_for_potentially_dangerous_applicationsriskware-t38506.0.html and submit it here https://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0/

If the file is on the Disc it can’t quarantine it.

There are a fair No. of FP’s with Heuristics.
If you Trust the Disc you should select to Exclude permanently on the pop up.

Do you have Heuristics on High setting, you may try Low setting, to see if it still hits.

You also could report the FP as languy99 suggests.

Later

Take notice you can’t permanently exclude files on non fixed disks.

Please submit as a false positive following How to report False Positives/Suspicious Files & How to Submit them