Please Help , trying to fix and install comodo. Installs and then stops after reboot giving error and option to diagnose but clicking that does nothing.
I guessed i had a virus as comp was giving BSOD with ntpkrnl.exe checked with blue screen view. I ran comodo cleaning essentials and malware bytes but both found nothing. Running combofix did find an instance of a virus called Sinawal root virus but im not sure yet if it has cleaned my system fully as yet. Im considering maybe this was causing the bsod attempting to corrupt the above driver, i also got bsod with tcpip.sys as the cause.
I have checked online for a fix to installing the latest version of comodo all weekend, even installing vs 5.0 installs and stays put after reboot but virus database is not updating nor checking for upgrade works either as it advises can not find the necessary file.
I have done the recommended options for uninstalling comodo using Chirons guide and using a comodo uninstalling tool.bat file but nothing as yet has worked. i had read somewhere about the following registry keys that require deleting in system/control sets services
cmdagent but i can not seem to delete these registry keys even though i have permissions as administrator.
Another post someone had advised in order to delete using regedit32 you need to click on the registry key “mode” then import a “emptyhive” file which will allow me to delete these keys, except i do not know how to go about doing this as im not sure what is meant by the emptyhive file ?
I managed to finally run and save a copy of the diag, can anyone take a look at this and see where the problem may be. Im only going to post part of the log where it advising “Failed” as it is far too long a doc.
Could you attach the diagnostics report to your post? It is very hard to read without make up.
I am not familiar with Combofix. It’s a tool that typically needs expert’s guidance in understanding and working with it. There are other sites where they could tell you if the assumed infection has been cleaned.
Please try uninstalling CIS and reboot. If that does not work or after rebooting boot to Safe Mode and run the clean up tool from Chiron’s article as an administrator. Then boot back to Windows and try installing again.
As to the BSOD’s you had. Is ntpkrnl.exe the name of the file that caused a BSOD or should the name be ntoskrnl.exe (a Windows system file)? The other crash was also caused by tcpip.sys which is also a system file. Please let Windwos run System File Checker to see if the system files are still intact.
First you need to zip the xml file Diagnostics produces.
How to attach a post? Start with pushing the reply button. You will be taken to a new page. Under the text field push Additional Options; new options show up. Notice the Attach field and use the Choose option to navigate to and select the file you want to attach.
When attached and when your text it ready you can post it,
here is the zipped comodo diag report i got and saved. i’l try the sfc /scannow option to check the system files and let you know if anything comes up.
I have tried using the uninstall tool from Chirons post but at startup it advises can not find cmdagent. Checking the registry i find cmdagent keys are there. The current owner of the folder and subkeys is the admin which i am logged in as but also selecting another username is not working either as it advises “registry could not set owner on the key currently selected , or some of its subkeys”.
I did see another post somewhere i can not remember now where but someone suggested to import and “emptyhive” file which it seemed to work for deleting these registries for some people, but i dont know how to go about creating an “empty hive” file to import to the registry…
Do you know what this means or anyone you know who can help.
This morning i’ve searched for some info on registry hives so that i can find an answer to deleting these keys so a new installation of comodo will work and stay put after a reboot.
I exported the cmdagent folder to desktop and opened with notepad and deleted everything in there and saved as .reg file. Once i attempt to import it to either the sub key mode or the folder of cmdagent i get “the file is not a registry file” error.
I’ve also attempted to go at it using cmd prompt and the following commands “reg load and reg unload” neither are allowing, reg load advises " the process can not access file as it is being used by another process" and when using reg unload returns “Error: Access is denied”.
I wonder what the other process is using these keys.
Thought i’d post this seeing as im trying to solve this mess.
I’ve now used Sysnative PsExec to run Regedit in System privilege mode and i still cant access the registry keys to delete. . If you can get back to me Eric with any ideas as i’ve run out. That be great.
Could you try taking ownership and deleting the individual subkeys of cmdagent service? Starting at the bottom of the tree and work your way up.
Also check with task manager, with show processes of all users enabled, if cmdagent.exe is running in the background. When working in Safe Mode that would not be necessary.
Hello Eric thanks for getting back to me. cmdagent.exe is not a process running in task manager and the ownership for this key is on my admin username but i get the “Error while deleting keys”.
Have you heard of any others having the same problem before ?
thanks for replying back, i’ve also changed to everyone and also renamed the cmdAgent registry to cmdAgentold, i changed permisson to everyone in subfolder mode and also renamed this also to modeold but i still get the error “Cannot delete, Error while deleting key”.
i also have tried deleting this using sysinternals regdulnull by command prompt in admin mode and going to the folder regdulmull where it was extracted to, putting in the full path. The odd thing is it seemed to work saying it was deleted successfully but even on reboot this key is still there. i have managed to deleted the other registry keys i believe are related to comodo.
i have used Revo uninstaller and the comodo uninstaller tool in safe mode and still cant get comodo to stay after a reboot.
i am now suspecting malware of some sort that is causing this. Any ideas of what i could do next. I contacted geekbuddy and they connected remotely and advised that to continue they will need me to pay for the annual membership.
So at this point are you still trying to delete the registry keys? is CIS still installed? From your diagnostic file it looks like you are running windows 7 is that correct?
There is an alternative route using Device Manager.
First run "set devmgr_show_nonpresent_devices=1’ without the quotes from the command prompt. Then open Device Manager → View → show hidden devices. When done look under Non Plug and Play drivers → when you see a driver that belongs to CIS select it and click the right mouse button → choose uninstall —> do this for all CIS entries → reboot your computer.
Be careful when doing this. You don’t want to uninstall Microsoft/Windows related drivers of course; even some Microsoft drivers may show up as non active please don’t uninstall them. It is best to make a system restore point before.
When you don’t know which drivers are related to CIS post a screenshot of Device Manager with Non Universal Plug and Play drivers showing. We can then guide you.
i can not delete this key cmdAgentold which i had renamed and have changed permissions to everyone. i can not install the latest comodo as it vanishes after reboot. i have uninstalled using Revo uninstaller and ran comodo uninstaller tool in safemode but that looks like it has errors when running as it outputs a load off error can not find registry key and also error access denied.
i have tried deleting this key now with registrar registry manager, psExec from the cmd line, malware bytes regAssasin and also sysinternals regdelnull from cmd line , none have worked all advise error access denied.
really need a solution to this problem… any ideas anyone… ?