Possible False Positive: Rootkit Problem Found

Hello:

Jonathan in technical support asked me to report this ticket (ID: GCJ-623884) here.

I am running CIS Premium (version 5.3.176757.1236) on an old machine running XP SP3. I’m have the same problem as described in thread:

https://forums.comodo.com/antivirus-help-cis/rootkit-problems-found-t67266.0.html

with registry key:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID{F9F9DEBB-68B5-F470-73ABBBDFE6B7698C}{2DE0854A-58E2-477C-18CA38B62B72F56E}{B78F9583-EE49-B075-5FB6B2640AC6C572}\KGHQ1WVPMWYCTK5FHYUB2KQRGA1

Dennis on your support staff previously tried to identify the rootkit (using Geekbuddy). He reviewed a bootlog generated by msconfig and thought we might be looking at a false positive. Additionally, regedit cannot display permissions for the offending key nor can it be exported or deleted.

Can you please update me on the status of this issue?

Thanks…

Hello pete.goss,

Thank you for your submission. We are going to check this.

Best regards,
FlorinG

Am I ever going to get a reply on this?

In regards to https://forums.comodo.com/antivirus-help-cis/rootkit-problems-found-t67266.0.html entries are legit. They’re formed by the following software: ASUS Security Protect Manager.

So yes indeed, you’re looking at a False Positive. No worries my friend.

EDIT: Oh, by the way, to go ahead and remove, just Remove ASUS Security Protect Manager.

Thanks but ASUS isn’t on the PC, neither as an entry in control panel, a search result of the drive, or as a registry entry. I don’t know if it ever was on the PC,as it is really old and only used when a newer machine is down. Any suggestions?

As I mentioned the offending registry key can’t be deleted, exported, or edited. In fact, regedit can’t open it at all and CIS won’t let me exclude it. I’m glad to hear, though, that the key isn’t a rootkit.