I have a trojan in my computer. I can block its behaviour with Defense+.

I’ve discovered I have a trojan in my computer. It injects code into running programs. I’ve installed a program called Comical from SourceForge, and launched it the first time with no errors. The next time I executed it, several Defense+ warning window appeared and I allowed all of them. The result was that the program began to malfunction. I’ve uninstalled it with RevoUninstaller and the same behaviot happened, but this time I blocked all the Defense+ warning windows. The program run flawlessly from then. Do you know a good tool to remove the trojan (or rootkit)?. Comodo Antivirus doesn’t detect it, but I don’t know the support it has for detecting trojans as it’s mainly a firewall (and a very good one, as it has allowed me to surpass the trojan effects).

I’ve taken several screenshots of the trojan actions, but as I don’t know how to post them here, I’ll write a description of them:

  • Comical.exe is trying to install the global hook Comical.exe
  • Comical.exe is trying to access Explorer.exe in memory
  • Comical.exe is trying to install the global hook dwmapi.dll
  • Comical.exe is trying to access directly the keyboard
  • Comical.exe can’t be recognized and is about to access the protected COM interface C:\Windows\System32\svchost.exe
  • Comical.exe is trying to install the global hook explorerframe.dll

If a trusted program you’ve just installed tries to do something like this, please consider you may be infected with a trojan/rootkit.

Hi jlcb03,

Programs from Sourceforge ’ should ’ be virus free.

Follow Chiron’s guide here:- http://www.techsupportalert.com/content/how-know-if-your-computer-infected.htm to check and if everything is O.K, it also explains how to submit files to COMODO so they can check if they are suitable for Whitelisting :slight_smile:

I would probbly scan with malwarebytes and hitman pro to make sure you are okay.

I updated the executable to Virus Total. None of the scanners showed it to be a virus. The first time it was ever seen at VT was in 2009.

I am pretty certain this is no virus. The sheer fact that D+ flags potentially dangerous behaviour by a file does not mean it is malicious. The flagged techniques are used by legit programs as well.

Moving this to D+ help board.

Greetings all!

Hi jlcb03,

1st, I hope that you’ve downloaded the latest version (0.8) of Comical App from the legit source

Then, as Dolphin66 said:

Sure and we are still “waiting” … heheh! :wink: for the one with the virus. I’m using tones of those Apps for ages.

Furthermore, as EricJH correctly pointed:

and that is true!
All those requests/alerts are correct and “Allow+remember” are correct users’ choice

As far as I am concerned you are using the system that is either Vista or later
Aside note: That’s very bad, as a matter of fact, that you did not supply any info about your system.

Why? Because it always makes any investigation much more complicated

For example, you will not have the alert about “global hook dwmapi.dll” on XP, but you will when using Vista and higher

So you may read about legit MS library → dwmapi.dll, say here and that one must not be stopped/blocked

Interestingly enough (in case you are curious) you may read about Dependency Walker since as far as I know MS uses part of that free code in there library as many other free SourceForge codes all over the place.

Since the said App is written in C++ and uses enhanced graphics (high-quality image scaling algorithms) that is understandable that it will use those APIs, where appropriate

So are definitely not infected/rootkited by using the Comical

If you are saying that that Application is crashing, which is not the case here on both XP SP3 32bit and Win 7 x64, you have to contact the developer(s) of Comical

But if you are not convinced & you system is misbehaving, please follow the advices given above in order to investigate

In addition to the list given by Rman87, I would strongly suggest either
Emsisoft Free Emergency Kit: portable malware scanner (no installation required, can be run from USB Flash drive… just unZip & always update prior to scanning )
or their free version of Emsisoft Anti-Malware

Cheers!

If and may.
Keep your eyes open.