How do I block something I've asked Comdo Firewall to remember to keep unblocked

Hi, first time poster here.

I installed Comodo Firewall Pro and began getting messages like

C:/Windows/system32/jhjyga.exe has modified avgas.exe in memory. This is typical of Virus, Trojan and Spyware activity.

I’ve never been sure of what jhjyga.exe is, but I know avgas.exe is my trusted AVG anti-spyware application. So on the box below I have checked to allow and asked Comodo to remember this choice. Anyway ever since installing Comodo about 3 weeks ago my computer has been running slower and slower. I’ve just finished a whole battery of Spybot, Ad-Aware, AVG followed by Avast then registry cleaning.

I still get periodic popups from Comodo with similar messages to above. I have the feeling I should always be denying the action and asking Comodo to remember but I have allowed in the past and asked Comodo to remember. So how do I retrain Comodo not to allow any action where I get a msg indicating that such and such is typical of malware behaviour?

Best,

Dave M

Welcome dave_in_gva :slight_smile:

If you have previously added an Application rule to CFP, by selecting Allow and remember, that entry should be in Application Monitor.

The easiest way to ‘re-train’ CFP is to remove all entries from Application Monitor for a given application. Reboot and run the application again…

The prompts you are seeing are typical of CFP. Essentially, CFP monitors how applications are launched. for example:

  1. You have browser X as your default browser
  2. You have a short-cut on the desktop to launch browser X
  3. In Windows the host for your browser is Explorer.exe (CFP =parent)

Dependant upon your settings, the first time you run the browser you likely to receive a prompt, asking you to allow browser X, with Explore.exe as the parent.

If you then launch the browser from some other location, such as an email link from your email client, a new prompt will ask you to allow. The reason being, browser X has a new parent, the email client.

The idea behind this is to stop malicious programs trying to use your browser to access the Internet.

Once you’ve established your rules, you should stop receiving prompts.

Some ways to alleviate prompts, are:

During Installation, select Automatic
Post Installation, go to CFP/Security/Tasks/Scan for known Applications
Set the Alert Frequency (CFP/Security/Misc) to Low or very low

Toggie

Thanks for this Toggie,

One question though if I may. I have seen lots of these prompts, with the same message:

C:/Windows/system32/jhjyga.exe has modified avgas.exe in memory. This is typical of Virus, Trojan and Spyware activity.

Sometimes it is jhjyga.exe, other times it is some similarly named executable - meaning always with a kind of nonsensical string before the .exe extension such as twdsrv.exe etc etc.

Anyway, would I be correct to ALWAYS deny these prompts when I get them? In other words, is the part of the prompt that says This is typical of Virus, Trojan and Spyware activity basically telling me that this is pretty much ALWAYS because of of Virus, Trojan or Spyware activity?

Hope thats clear and thanks for your suggestions on how to fine tune Comodo.

Best,

Dave M

If you don’t know what the *.exe is, then yes, always deny. Check it out using something like google, then go from there.

To be honest, if your getting a lot of these, and the *.exe doesn’t check out, I’d seriously think about a reinstall…

jhjyga.exe, Is that real?

Why not? I’ve seen numerous strange executable names not captured by Google. I can almost guarantee it’s malware. However, to continue this topic I suggest that a new thread be started in the Virus/Malware Removal Assistance board.

Why not? I've seen numerous strange executable names not captured by Google. I can almost guarantee it's malware.

I agree entirely, I just wanted to make sure Dave M hadn’t simply used that as an example, as opposed to it being a ‘real’ executable.

If those are real files on your computer, Dave, then it’s another example of CFP’s protection capabilities

. And if such files are not your computer, then a clean reinstallation is the best method, like in Safe Mode.

Thanks guys,

Yes, the executable jhjyga.exe is for real. The other example I gave is not.

When you say reinstallation do you mean of Comodo or of the entire OS? I hope not the latter…that would seem a pain.

At the moment I am denying all such requests.

One thing I do note is I have browser windows opening on a regular basis offering to scan my drive for errors etc. etc. This despite clean malware scans from AVG, Spybot an Ad-Aware…also clean anti-virus scans on aVast…

Best,

Dave M

As you suspect a parasite/malware two things you could try first (your call of course) are:

1 http://forum.kaspersky.com at that link you should be able to find out how to run the online scanner from KAV. It doesn’t need to install to do it’s work.

2 Do a HJT log on a forum that has the analysis service. I’m too new here to know if this forum provides that but I know Wilder’s doesn’t any more but TechGuy does provide HJT analysis.

If you do decide to reinstall Windows etc from scratch don’t forget to backup your key user files first and take reformat the drive option during install. You will need your M$ licence key to do it. Go slow not fast.

Good luck!

We don’t prohibit HJT posts, but would prefer they be attached as a text or other file.

To All: As stated above about the malware deal:

TY Soya, now I know :SMLR