Hi there. I have a malware infection. Every time I boot windows, comodo identifies file “C:user\user name\appdata\roaming\Installer_91.exe” as “.Unclassified malware”. It shows as successful quarantined. However whenever I restart windows or power off then back on, comodo finds the file all over again. Something is putting it back after comodo removes it. It also must be part of my auto start in windows but I can’t find anything in start-up that could be causing this. Can anyone help me get to the bottom of this and eradicate it? Thanks in advance for any help given.
try to use some of second opinion scanners and then reinstall comodo again if comodo cant block something is putting back after removal or changing settings to cruelsister settings you can google it
Hi futuretech. Just to update, i’ve downloaded cet and am running atm. I did a quick scan but it found nothing. I’m planning on running a full scan in aggressive mode just shortly.
I’ve ran the autorun analyser and im looking at it atm. There are thousands of entries and a lot are highlighted. Does the highlighted ones specify suspicious entries? I’m still reading into how to use it.
Also, during this my comodo stopped a couple of files and this time it gave me a name for them. They are as follows.
File c:\users\user name\app data\local\Microsoft\windows\inetcache\ie\xq2fg7v8\launcher_91.exe
Identified as Malware[at]#18p6chpxff2bj
File c:\user\user name\app data\roaming\launcher_91.exe
Identified as Malware[at]#18p6chpxff2bj
Does that mean anything to you? Does it help any?
do you sync with other machines or browsers. if so, disable it
just run this
click on one time scan
enable potentially unwanted applications
do complete scan and remove
and
Virus Removal Tool
Download
Remove both of these when done. These are good for to detect and clean. You still comodo to prevent from getting infected in the first place
good luck
Just a thought - have you done a search on Launcher_91? It comes up with several game related items, such as Minecraft and others. It could possibly be a false positive, but if you have, or had any of the results installed, you could check with uninstalling them first