Hi all. Wonder if anyone has encountered this- Comodo spotting a problem but then it still getting onto your PC.
When visiting a regular site I use last week, ([Possible Malware Site - Link Removed].com , but don’t go there at the minute) I had a Comodo alert pop up for something like “pdfupd.exe is trying to edit the registry” - so naturally I blocked this as it recommended. A bit of googling indicated pdfupd.exe is actually a trojan. The site’s news page had some fresh correspondence about an infection too. Anyway, I was thinking I should be happy, Comodo’s caught it for me.
However, the PC (running MS XP and Opera browser) seemed slow at the weekend - and a search of it found
(a) a copy of pdfupd.exe in the windows prefetch folder ( which I deleted)
(b) 2 new processes running in the startup list in msconfig - one called nettir32.exe and another one, something around 8 letters long & containing “aud” (dauda… maybe, umm), I think. The nettir32 file was invisible in the path shown in msconfig, while the other one wasn’t a normal file path (maybe a registry entry- what do they look like in msconfig?)
(c) one CPU core running at 100%
After trying a couple of things I did a system restore to a couple of weeks back & everything seems perfectly fine now, all the invaders appear to have gone. Whether any l33t hacker is now poring through my collection of pics of old Honda exhaust systems is a bit unclear though. A full Comodo scan shows up as clean, but then it did when Nettir & co were happilly running anyway. Is there anything else I could scan it with?
Cheers
Tim
(Moderator Edit - please don’t post possible malware sites. Thank You. )