new Firewall prompt: Hijack_all.exe

Hello, I’m looking for ideas and information on this specific Comodo prompt.

I can’t find anything on Google for the specific application. No such file with this name seems to exists on the computer.

The win7 computer system has Avira anti-virus and I regular run Malwarebytes and Superantispyware when I can on it. It’s not my own personal computer but one that I try to help look after. I like to believe that the system is clean but when this type of prompt happens, I’m a bit concerned.

Please see the attached file.


[attachment deleted by admin]

duckduckgo : what is hijack_All.exe

if your system is clean ; it must be the anti malware program (file association) _ you could submit it or run a copy in the sandbox …

What does comodo show when you press the name in the alert?

if you press the name it is for opening the option and see what is running and allowing you to take actions for or against , i suppose … but do i well understand your question ?

If it happens again l’ll see if I can get the user to hover on the name to get more details on it.

In the upcoming weeks I’ll run a full offline virus/malware scan of the drive and ramp up security settings.
Thanks for help guys.

I just received the same alert, wasn’t quick enough to get a screen shot of it, was wondering what it was and the only thing I found was this and on your google+ group (you have to scroll down a bit) I asked their as well. I tried searching for it via reg edit and couldn’t find it and also scanned with Comdo, MBAM, Hitman Pro & adwcleaner and nothing came up. Also Comodo has about 50 unrecognized files that look like this c:\users\ME\appdata\local\temp\nso61ee.tmp\ns6366.tmp I can’t submit or look them up, it always fails and I can’t find any info on them, any ideas on what I should do? Cheers :slight_smile:

OK don’t worry about those unrecognized files, they must have been part of a program I uninstalled, I removed them from the list redid a rating scan and haven’t popped up again, yet, LOL. But that Hijack_All.exe still has me a little worried, so any info on that would be sweet, unless that’s actually part of Comodo like Trend Micro Hijack This, or something similar, I’m hoping so :slight_smile:

I’m curious what application this hijack_all.exe is to.

Off the top of my head, do you use hijack this? It’s an antimalware tool that has been pretty popular and is used for help in diagnosing computers which may be infected.

That aside, if you don’t, simply locate the folder the .exe is in on your hard drive. When was the folder created? What’s the name of the folder that this executable is in? You should be able to find that information relatively easily, if you’re unable to get that information from Comodo, you can do a search for the file on your computer, something should come up :slight_smile:

Hello Justin,
I was never able to find the file on the computer. I searched several times for it. So no files or folder. I’m pretty sure it wasn’t in any of the comodo quarantines or comodo event logs either (which is puzzling and odd). I’m aware of hijack this program but (to the best of my memory)I never ran it on that computer. It was a new machine and the user generally doesn’t venture too far into the web other than news sites.

Update as of recent: The computer system is running well and so far there’s been no reports that it’s come back.
All regular virus and malware scans come up clean.

No idea where it came from or what it was.
Thanks for the reply.

The developers must know what Hijack_all.exe is as they posted it on their google+ page (see the link I supplied) Comodo #Firewall VS Hijack_All.exe, dated 26 Dec 2014. It must be something like a browser hijacker or something? I mean come on it can’t be that hard to pinpoint surely if they already know about it? :confused:

BTW as with countryman2k, it’s nowhere to be seen, you can’t find it in Programs, you can’t find it using reg edit, even with hidden files turned on, it doesn’t show up in quarantine or event logs, it’s like it doesn’t exist, like a one and done thing (hopefully). Also I’ve never used Hijack This, never needed to thankfully, I can normally solve most things on my own or with some how to guides if need be, although this might be the first time I need to, LOL. :slight_smile:

Could you answer this question? If you click on the link in the alert CIS will show you the properties screen. You will have to move the alert window because CIS is so daft to place the properties screen behind the alert screen.

What does comodo show when you press the name in the alert?

I have no idea, as I stated previously I wasn’t quick enough to do anything, as I was searching for info on what the hell it was, it disappeared, along with the .exe it would seem, LOL?

That been said, as I also stated previously on the Comodo Google + page they made a post about it (seriously has anyone bothered to look at my link yet?) with the heading:

Comodo #Firewall VS Hijack_All.exe and the following image that states it’s properties:

So obviously someone KNOWS what it is? Someone on here needs to find that person so they can share with the rest of us what this is, probably the easiest solution or is that too logical?

P.S. Btw I checked for “Popeye” as well, it doesn’t exist either on my system! :slight_smile:

Anyone else notice the path says ‘C:Program Files\Popeye’ which is an invalid path, instead of ‘C:\Program Files\Popeye’?

Does the file show up in Killswitch when it is set to either Show Only Untrusted Process or Show Only Untrusted Images in Memory. Can you check with Killswitch what parent it has?

When you can find it with KS can you post a screenshot of KS with the properties of the executable?

Anyone else notice the path says 'C:Program Files\Popeye' which is an invalid path, instead of 'C:\Program Files\Popeye'?
Yep but like I said, I didn't create the image, I'm just reposting what was on the Comodo Google+ page, so blame them, LOL.

I tried Killswitch the first time and it showed nothing but for the purpose of answering your question, it showed zero results for both Hijack_All.exe & Popeye, so no I can’t show you any properties, as both I & countryman2k have said, it’s like it doesn’t exist on the system.

Tbph I’m not that fussed as I system restored to a previous well known config, hasn’t popped up at all, yet and every thing seems to be running in perfect order, no viruses, malware, etc afaik, I mean I basically use sandbox mode for everything, so the chances of getting anything is pretty slim, I was just curious as to what the hell Hijack_All.exe was, aren’t you? :slight_smile:

The image of it on Google+ is great. Thank you for finding that. It proves that we are not crazy. :slight_smile: I’d love to know what it is… where it came from, what it does, etc…
I don’t have much to add. It really left no trace. As always I continue to follow this forum and hope some more information can be hashed out.

Nps mate, I got your back, you def aren’t crazy! I’m still waiting for a reply on the Google+ site, obviously it’s still up and running, they’ve posted things this month, find it astounding that there’s little to no info on this when it’s clear as day at least one person knows what it is? Boggles the mind :confused:

Assuming the malware is not white listed you could temporarily enable Block all unknown requests if the application is closed to get rid off it:

Selecting this option blocks all unknown execution requests if Comodo Internet Security is not running/has been shut down. This is option is very strict indeed and in most cases should only be enabled on seriously infested or compromised machines while the user is working to resolve these issues. If you know your machine is already ‘clean’ and are looking just to enable the highest CIS security settings then it is OK to leave this box unchecked. (Default = Disabled)

Assuming it it one of these malwares that lives in RAM most of the time and only when the computer gets shut down it will write its self to disk and create a start entry. Then the above may help to tackle it.

But we aren’t even sure it is “malware” are we? At this point, so far, no one on here seems to know what it is, everything is just speculation until we get a definitive answer, if or when that ever happens? :slight_smile: