how does BOclean work exactly?

hello everybody, i’m new here.
i’ve been having a problem for the past couple of days- altough running avg av and comodo firewall, my avg told me i got infected with vb.bvj (i assume its a worm, and i suspect its the skype to blame for).
anyway, the antivirus healed the file, but, a day after- he found 82 contaminated registry files.
plus, i started getting an error message when windows starts saying "could not locate c:\doncuments and settings\Admin\tskmgr.exe , which is really wierd, because tskmgr.exe is not suppose to be there (my gf’s computer got the same thing now, and thats why i suspect skype is the one to blame for, becuase we dont surf to “bad” sites, dont use p2p’s, and are fully protected).

anyway, thats not the point, i guess this is not a help forum, so i gotta think by myself what should i do next with that stupid worm.
my question is- how does Boclean works?
i just downloaded it, after seeing it on the comodo window, and now BO is running, i mean- i think it is- i installed it and i have the icon on the tray, now its on black, but i cant seem to understand how to make it work- tried the manu, but still- is bO meant for checking my computer? if so, how can i run a system check? or does the BOcleaner does that by itself?
and if there’s a malware? how do i know that the BOcleaner took care of it, or even if i just got contamintaed?

thanks for any help
Elad (V)

Greetings eldad234, and welcome to Comodo Forum!

BOClean doesn’t scan files, it can, but it’s not meant to scan for malware, so that database is very old.
If you still want to try it, open BOClean’s menu and drag a file in it.
BOClean works by detecting files when you open them up, and shut them down. Then you will get a option to remove it. All you need to do is to update it.
If you want a more technical answer of how BOClean works, I guess you’ll have to wait for a Moderator or Melih to answer.

Ragwing

hi mate and thanks for the warm welcome.
so if i get you right, all BO cleaner does is just close program? that doesnt sounds that halpful.
lets say i dont open up a file, but the system tries to open a file which is a malware (i.e. a trojan horse is trying to access the internet)- will it close it too? or only files i choose to open?

Hi elad

Hope ragwing doesn’t mind but ill try to add my bit in. As ragwing says boclean is not like a conventional scanner that we r all accustom 2, we don’t phisically execute a scan and then get the results when the scan is finished.

BOclean in this instance will find the (Trojan) as it is a memory monitor which scans the code of newly started process, it will scan the process and see that the Trojan has changed the code, then u will recieve a popup saying that boclean has found a trojan in c:/windows/system32/… (for example) and will advise u further on this threat.BOclean will scan all running processes and not just the ones u execute.

BOclean in my opinion is a must have, it works in a different way to conventional software but is a must have as myself and others will testify that it works and has often saved peoples OS from some bad nasties.

Hope this helps and if u need further advice then hopefully someone with more technical experience will oblige.
Novie :■■■■

elad234, regarding the “taskmanager” thing, i think that what is happening is that there is a regkey in your registry that is trying to run a malware-file, but the malware-file has already been removed, and so you are seeing “cannot find file”… you should try to remove the regkey from your registry and that should solve the problem… you can use “regedit” or, if you don’t like messing with “regedit” you can use other programs to remove the regkey, assuming that there is one to remove… here is a little program that you can use to check at least some “startup” regkeys:

http://www.mlin.net/files/StartupCPL_EXE.zip

here is the link to the website for the program:

http://www.mlin.net/StartupCPL.shtml

if you download the program from the website, i would recommend using the “stand-alone” version…

another program that you can use for exploring “autostarts” is “autoruns”… here is the link for it:

http://download.sysinternals.com/Files/Autoruns.zip

here is the website for the “autoruns” program:

http://www.microsoft.com/technet/sysinternals/Security/Autoruns.mspx

as for BOC, just to add to what others have said, it monitors “memory”… if any malware starts to run, BOC will catch it and kill the process and ask you if you want the file to be removed (and also run a cleaning process)… your antivirus program is the first line of defense, but if something gets pass your av program, hopefully BOC will flag it… it is kind of a backup for your av program, but it also helps to ensure your computer-security… if malware did happen to get pass your av program, it could run in memory without being detected by your av program since av programs don’t typically monitor “memory”, but BOC will flag it if it starts to run in memory (all programs actually run in “memory”)… while BOC only monitors memory, it is not a “junk” program… monitoring memory is all that BOC needs to do since all programs and processes actually run in memory…