This morning CIS says there’s an update and do I want to go for it, so like I fool I say OK and off we go. One reboot later the PC is borked big time and the only way I can get in is to run in safe mode. A lot of messing about later I’ve manually disabled enough of CIS that I can get to the desktop in normal mode.
Similar thing happened here previously:
Crash on boot
The culprit there was D+, which I’ve resolved by having that disabled. I checked CIS after the update and it was still disabled. I can run CIS now (after disabling all CIS context menus, services, etc) and it is still disabled. Nevertheless, if I allow CIS to come up at boot the PC spontaneously reboots around the time that CIS would appear in the task tray.
CIS says it is 3.10.102194.530
Windows is XPPro SP2
Oops. Sorry for the bad link to a different thread.
Essentially, when my PC gets to the deskstop and starts to populate the tasktray, the screen goes black and the PC has rebooted to the BIOS. No warning, no pause, just instant reboot. In my original post, which I can’t find right now, I traced this to D+ and found that if that was disabled the rest of CIS would work OK, which is how I’ve been running it ever since. Now I’ve done the upgrade I get the same problem (i.e. instant no warning reboot) even though D+ is still allegedly disabled.
Any chance of being able to downgrade back to the previous version?
do you have any other security software running?
So, is it possible to downgrade? I really need to have some AV working.
Try the following clean install procedure:
Start with exporting your configuration to a folder that is not part of the Comodo folder under Program Files. This way you can restore your configuration after the reinstall.
Uninstall CIS and reboot. Then run [url=http://system-cleaner.comodo.com/]Comodo System Cleaner[/url] to get rid off registry keys.
Then delete the Comodo folders under Program Files, Program Files\Common Files, C:\Documents and Settings\All Users\Application Data\ .
For Vista/Win7
Users%username%\appdata\local, Users%username%\appdata\roaming\ and \Users%username%\appdata\local\virtual store
To be even more thorough open Device Manager and set it to show hidden devices under menu option View. Then see if there are Comodo driver(s) left in non Plug and Play drivers. If so select the driver → click right → uninstall and reboot.
Now delete the following:
C:\boot.ini.comodofirewall (this file may not exist).
WARNING: Do not mistakenly remove the original “boot.ini”.
C:\WINDOWS\system32\drivers\cmdGuard.sys
C:\WINDOWS\system32\drivers\cmdhlp.sys
C:\WINDOWS\system32\drivers\inspect.sys
C:\WINDOWS\system32\guard32.dl
a. HKEY_CURRENT_USER\Software\ComodoGroup\CFP and HKEY_CURRENT_USER\Software\ComodoGroup\Comodo Internet Security
b. HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\CDI\1 *
*(If you have other Comodo products installed, delete only the values
for CFP)
c. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\cmdAgent
d. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\cmdGuard
e. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdHlp
f. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inspect
g. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
\cmdAgent
h. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
\cmdGuard
i. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp
j. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect
k. KEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
\cmdAgent
l. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
\cmdGuard
m. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdHlp
n. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Inspect
o. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent
p. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard
q. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp
r. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Inspect
s. HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
t. HKEY_USERS\S-1-5-21-1202660629-746137067-2145843811-1003\Software\ComodoGroup\CFP
u. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT *
v. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD *
w. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP *
x. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT *
y. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDAGENT *
z. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDGUARD *
aa. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDHLP *
bb. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INSPECT *
cc. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDAGENT *
dd. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDGUARD *
ee. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDHLP *
ff. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT *
gg. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDAGENT *
hh. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDGUARD *
ii. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDHLP *
jj. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT *
kk. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x32
ll. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFP_Setup_3.0.14.276_XP_Vista_x64
mm. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CFPLog
nn. HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CPFFileSubmission
oo. HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro
*Note: It may not be possible to remove these “LEGACY” keys. If you cannot delete them, leave them in the registry. However, I have subsequently found that you MAY be able to remove these keys in Safe Mode by using a third-party registry tool. To permanently remove them may also require modifying the Permissions for each key. See: https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_info-t17220.0.html;msg119226#msg119226
Now you should be good to go
Thanks for the instructions. However, I’m a bit concerned about running the cleaner because it picks up 2571 errors. To pick an item at random that I can check, it warns about:
File Extentions → HKEY_CLASSES_ROOT.a52
The a52 extension is set by VLC (the open source video player) and on checking the actual registry key there is nothing obviously wrong:
[HKEY_CLASSES_ROOT\.a52]
[HKEY_CLASSES_ROOT\.a52\shell]
[HKEY_CLASSES_ROOT\.a52\shell\AddToPlaylistVLC]
@="Add to VLC media player's Playlist"
[HKEY_CLASSES_ROOT\.a52\shell\AddToPlaylistVLC\command]
@="E:\\Video\\VideoLAN\\vlc.exe --started-from-file --playlist-enqueue \"%1\""
[HKEY_CLASSES_ROOT\.a52\shell\PlayWithVLC]
@="Play with VLC media player"
[HKEY_CLASSES_ROOT\.a52\shell\PlayWithVLC\command]
@="E:\\Video\\VideoLAN\\vlc.exe --started-from-file --no-playlist-enqueue \"%1\""
If I create a file - test.a52 - it has the VLC icon attached, and if I right click it then select ‘Open with…’ it correctly shows VLC as the recommended program.
Is there somewhere that the cleaner will tell me why it thinks this key has an error? And if I select ‘clean’ what will it do - clean whatever error is there or delete this key? As you might imagine, I’m loath to either let the cleaner vape all this stuff or go through each of the 2571 errors to determine if it’s valid or not.
I don’t know why the scanner flags the VLC entries; it looks like a false positive to me.
You can untick the entries that are linked to VLC so the cleaner won’t delete them. In case you would delete the VLC entries you can restore them by running the VLC installer again or manually restoring the file association under Control Panel → Folder options (when on XP).
Comodo System Cleaner also will make a back up by default and also has Registry Protection. Read the help file to learn about the latter.
When you still feel unsure about using the cleaner you can skip using it and follow the manual procedure.