Hi guys!
I forgot my Defense+ on training mode for a couple of hours.
(I suggest there should be a change in the tray icon if firewall or defense is off, like turn red or something, but thats another subject)
Then the computer started to act strange after i visited a site. Like, a weird text appeared at the bottom right of the screen that wouldn’t disappear whatever i did.
I later found a unknown process in the task list. It was called “gaefh.exe”
original location
C:\Program Files\Uninstall Information\gaefh.exe
Could not be removed, when killed it started automatically again.
Thanks to comodo logs i found that a process with the same name as svchost.exe was starting it. The path for the executable of that process is
C:\Windows\Inf\svchost.exe
Which is not the location svchost.exe should be.
I’ve submitted both files to comodo labs, didn’t see exactly what they do, hope comodo’s brains figure that out.
To get rid of them, remove the keys in the registry under :
\Software\Microsoft\windows\Current version\Run
in hkey_local machine and hkey_CurrentUser
and restart windows,
And DON’T ever turn off your Defense+ … hehe
Cheers :■■■■