NOD32 Problem

I have been using Comodo Firewall for some months and been very impressed. I had thought about switching from NOD32 (which is excellent) to Comodo Anti-Viruspyware (CAVS) but wasn’t sure if that was necessary as Comodo Firewall and NOD32 seem to work OK together

A few days ago I installed Verification Engine and BoClean and everything seemed fine.

However, I just did a cold start after a main power failure (I usually only put my PC in Stand-by) and I had NOD32 reporting the following threat.

Time Module Object Name Threat Action User Information
27/07/2007 20:48:34 AMON file C:\PROGRA~1\Comodo\CBOClean\BOC424.exe Win32/Agent.AB virus Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

This was reported several times in quick succession and I was unable to clear the threat.

I have, rather reluctantly, removed Boclean whilst I try and find a cure, if one exists.

Can anyone help please? Is this the time to switch to CAVS??

Addendum 28/06/2007

This morning got threat warnings from NOD32 in respect of VEngine (see below):

Time Module Object Name Threat Action User Information
28/07/2007 09:12:53 AMON file C:\Program Files\Comodo\VEngine\VEngine.exe Win32/Agent.AB virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comodo\Firewall\cmdagent.exe.

Something very strange seems to be happening since I did the cold start that has me baffled.

Seems that NOD32 is seeing access attempts to VEngine and BoClean as a Win32/Agent.AB virus for some reason.

Have added VEnginge to the AMON Exclusions List and will be interested to see what happens. Did try the same with BoClean but couldn’t actually find BOC424.exe only BOC424.ex~

Hi m8 :wink:

If I were you I would contact ctrlaltdelete with your problem. He is the reseller for the Dutch NOD32, wrote the Dutch manuals for both NOD32 and BOClean and is a long time user of both programs. Maybe he can help you :slight_smile:

Greetz, Red.

i would try uninstalling NOD32 and reinstalling it (if you intend to continue using NOD32)… it sounds like a problem with NOD32…

Hi, thanks for the replies.

NOD32 does seem to be behaving rather strangely after I installed BoClean, even though I’ve now uninstalled that and I’ve put several “safe” entries into the Exclusions. Prior to that it was no trouble at all.

Silly things like the Ebay Tool Bar are also now being flagged all with the same problem. The more it happens the more I’m convinced its a case of false positives by NOD32 but it’s just a pain getting rid of the threat flag window. Looking through the forum several people seem to be running NOD32 and BoClean together so it must just be my setup.

Would CAVS be a suitable replacement, should I decided not to continue with NOD32?

Not surprising, ebay toolbar is well known for containing spyware, etc. :frowning:

Just ask on the ebay Techi board (where I post).


Thanks for the info.

Have now uninstalled the eBay Toolbar (found a couple of references on the eBay techie site as you indicated). It is suggested to run Spyware Blaster to clean out any rubbish but I have Your Uninstaller and this cleans out any registry and orphan entries when uninstalling so should I run Spyware Blaster as well (don’t have it installed at the moment).

Am I right in saying that BoClean does the same job as Spyware Blaster???

Have thought about disabling the various modules of NOD32, rather than completely uninstalling, then installing CAVS, as a trial, would that work do you think? Don’t think there is any other way of temporarily disabling NOD32.

If I install CAVS I could then reinstall BoClean and see how things run.

Hi Old-wrinkley

Am I right in saying that BoClean does the same job as Spyware Blaster???

Spywareblaster is an immunizer, it prevents badware being installed on your system, boclean is a totally different tool it is a memeory monitor wich checks newly started processes and then scans the code before allowing the process to continue…(Im sure someones got a better def than this)

It is suggested that u install spywareblaster on a clean system as it cant immunize against problems already in your system.

Nod32, i have both BOclean and CFP 2.4.(latest update) and i have no problems here, i would suggest not to dissable any of the protection modules.What version and virus signature version do u have on nod at the moment?

The best advice on your nod question on how to temp dissable is to post a thread here; there someone will help u…

Thanks Novie

Hi Old-wrinkley

I am not doubting CAVS in any way but my 2 cents would b to say stick it out with nod and see if u can fix this problem, wait untill CAVS comes out of beta and into a final release then change or trial.The finished article i think will b truely AWSOME and will probably tempt me awaiy from nod.

As regards to ur probs with BOclean/VEngine, if you’re still concerned about BOC424.EXE/VENGINE.EXE then you can always get it scanned at to ease any lingering doubts.This scan should at least erradicate F/Ps.

hope this helps (V)