New thread in town

Hi guys!
I forgot my Defense+ on training mode for a couple of hours.
(I suggest there should be a change in the tray icon if firewall or defense is off, like turn red or something, but thats another subject)
Then the computer started to act strange after i visited a site. Like, a weird text appeared at the bottom right of the screen that wouldn’t disappear whatever i did.

I later found a unknown process in the task list. It was called “gaefh.exe”
original location

C:\Program Files\Uninstall Information\gaefh.exe

Could not be removed, when killed it started automatically again.
Thanks to comodo logs i found that a process with the same name as svchost.exe was starting it. The path for the executable of that process is


Which is not the location svchost.exe should be.

I’ve submitted both files to comodo labs, didn’t see exactly what they do, hope comodo’s brains figure that out.

To get rid of them, remove the keys in the registry under :
\Software\Microsoft\windows\Current version\Run
in hkey_local machine and hkey_CurrentUser
and restart windows,

And DON’T ever turn off your Defense+ … hehe

Cheers :■■■■

Thanks RAT!

The power of Defense+ is truly unique!


and empty prefetch folder cause sometimes, the malware always comes back at reboot cause it’s in prefetch folder.

Probably not… The prefetch files are not set up that way… If it comes back at reboot… the prefetch folder and its contents had nothing to do with it…