Hi everyone,
I thought I would ask the experts here for some help. I know that Comodo Memory Firewall apparently has been discontinued, but nevertheless I thought that I would ask if anyone knows which of the following programs is the one which prevents CMF from properly running.
Over the past week I downloaded a few recommended video programs, plus a HTTP monitoring program for my web browsers. Today I decided to install them, but only after creating a system restore point before installing these video programs and the HTTP monitoring program.
Here is the list of programs which I installed. One of them is the cause of the issue.:
dvdflick_setup_1.3.0.7.exe
FreeVideoToDVDConverter.exe
OrbitDownloaderSetup.exe
SetupImgBurn_2.5.0.0.exe
httpwatch.exe
I don’t know which one caused the problem, but after installing them, Comodo Memory Firewall on reboot repeatedly throws an error message about not finding the entry point in USER32.DLL for some sort of function call. I uninstalled all of the above listed programs, rebooted, and uninstalled Comodo Memory Firewall. I rebooted again. Then I tried reinstalling Comodo Memory Firewall and still got the same message (straight from the installer) about not being able to find the entry point in USER32.DLL for whatever the function call was.
I mounted my read-only backup of my computer’s hard disk and compared the checksums for USER32.DLL in the SYSTEM32 directories of both my computer’s hard drive and the backup hard disk. The checksums were identical. Thus USER32.DLL was not modified in any way.
My tentative conclusion is that one of the above mentioned programs permanently installs a dll and/or messes with the registry to take out any form of web browser buffer underrun/overrun protection?
Whatever it is, its sneaky. MalwareBytes Anti-Malware, Spyware Doctor and NAV don’t find anything wrong after full scans. Yet the only way to fix my computer was to do a System Restore to just before I installed the above mentioned programs.
It was late last night when I got my computer restored and Comodo Memory Firewall working properly again. Thus I was too tired to experiment and see which of the above programs is the bad one.
In any event, I think that there may be a new class of malware programs which deliberately and more or less silently try to break various protection programs such as CMF, other firewalls, AV programs, et cetera, by sneakily installing extra DLLs to intercept system calls and without obviously modifying the system registry. I guess that this, more than anything, is what I wanted to bring to everyone’s attention.