…malware connected with it**. I don’t know how long this trojan did exist on my computer. If I have to do something sensibles I do it in secure shopping, of course. So I have not had any problems so far.
I followed @cruelsister’s advice to use Kaspersky VRT with cis 2024, otherwise I
On the other hand I would never have known of this malware being on my pc because I thought with Malwarebytes, Hitman Pro, adwcleaner and CIS my PC was well protected.
Thank you, cruelsister!
Oh, I have to say that despite the advice not to install CIS 2024 on the work computer, I did. The experiences with CIS 2024, all of which I read, were actually very positive and I thought that nothing could actually happen. But I don’t know if that was the cause, the reason.
You are certainly welcome! But about the detection, although as a 2nd opinion scanner K is without peer (and will do the most thorough job in detecting and fixing pesky Persistence mechanisms ignored by the other lesser 2nd opinion thingies) , it does tend to be sensitive. This detection seems to be that of a modified HOST file with a pre-existing trojan can utilize for possible URL re-direction, and in the absence of the actual malicious trigger (which K did not detect) it would cause no security issue, as a trojan must be actually active in order to utilize the data in the HOST file.
I may be totally incorrect here, but I wonder if this host file modification was done prior to the installation of Comodo (as Containment wouldn’t allow this), then K was run after.
But either way, in the absence of an active malicious process you are clean.
Thanks for your answer.
What I believe is that the containment certainly wouldn’t have allowed this. Why?
All I have left to understand what the causes could be is:
For a short time, which could be enough, my PC ran without a firewall, without CIS 8012
The PC ran a little longer with Windows Defender, without CIS
it ran for a longer time with CIS 2024
KVRT discovered this host2 file AFTER installing CIS 2024. But that doesn’t mean that the Trojan only crept in then. Because in CIS 2024, I assume, the container works like in the previous versions, or could there be a “loophole” due to the software still existing in beta version of CIS?
My experience so far with cis is that it has protected my PC up to that point. The first time I have/had to deal with malware. But CIS wasn’t on my PC for a while, which actually speaks for the excellent performance of this software.
I have now found where to find the Trojan or where to look for it. After cleaning up with KVRT, this was what remained of the host entries:
#This file has been replaced with its default version by Kaspersky Lab because of possible infection
127.0.0.1 localhost
::1 localhost
I had many localhost entries with 127.0.0.1 xxxxxxxxxx
Now I have to delete each one and have KVRT checked again.
The entries for the download for comodo are not affected…
KVRT is a really wonderful piece of software, isn’t it? I am not familiar with anything else that actually scans the HOST file and replaces any malicious redirections.
Further, some malware will make such entries and then set up persistence via a long delayed Scheduled Task, so a person would be unaware of either until the malware activates.Although KVRT is capable of eradicating these, best is to use Comodo to prevent such things from occurring in the first place.
So there must have been at least one entry in the hostsfile to which this applies:
a modified HOST file with a pre-existing trojan can utilize for possible URL re-direction
So no, you’re not wrong, on the contrary:
I may be totally incorrect here
I didn’t think that the host file might have been changed by a third party.
I can only agree with the following:
KVRT is a really wonderful piece of software, isn’t it? I am not familiar with anything else that actually scans the HOST file and replaces any malicious redirections…some malware will make such entries and then set up persistence via a long delayed Scheduled Task, so a person would be unaware of either until the malware activates.
It follows:
best is to use Comodo to prevent such things from occurring in the first place.
And comodo has done that excellently so far. So this happened, had to happen, when comodo was not active on my PC.