I have a fully updated comodo Firewall + AV set to Paranoid / On Access with sandbox enabled and someone gained remote access of my computer.
I had not clicked on any links, or even browsed to any webpages. The only application that was executed on the machine was Steam.exe (gaming service) and HL2.exe (Counter-Strike Source).
I was playing a game, and the next thing I know, I am no longer in control of my keyboard and mouse. So I alt+f4 out of the game, mouse and keyboard still going crazy. Someone was remote controlling my machine, and Comodo had no idea.
I’m curious how such an obvious threat could make it through the Comodo firewall without even prompting me as to weather or not it should be blocked / sandboxed.
Anybody with any insight please let me know what you think. Because I no longer feel any sort of security from using Comodo.
I have seen those BTHPorts before I’m almost sure they are False Positives.
In the current state I can’t say I’d trust the machine, next best bet is to analyze it with a bootable DVD equipped with tools to find malware offline.
Are you familiar with those?
Maybe you can dump your MBR to a file an upload it to virustotal to verify if any of those find malware in your Master Boot Record. The tool I normally use for that is found here: http://red.boot-land.net/mbrwhisky.html – Please be careful with it as you can kill your disk with it.
Only use it to save the MBR to file of the disk that shows “ACTIVE”.
I did a little more troubleshooting to see if I could figure anything else out.
It must have been profile specific, because I created a new user account in safe mode, booted back up and logged in to the new user account and nothing happened. When logged in to the affected user account, random keystrokes would happen rapidly.
That (the keystrokes) is what led me to believe someone had remote access to my machine initially. However the random keystrokes continued even with no network/bluetooth connectivity (I pulled my BT Dongle and Ethernet cable out of my machine and rebooted).
So, It was some kind of odd infection that just hammered out random keystrokes constantly to keep you from doing anything. I haven’t seen anything like that yet.
But, I keep all of my data on a Buffalo RAID5 NAS unit that I only connect to the network when files are needed. The only data I keep on the single HDD inside of my PC is Windows 7 and my games (Easily re-downloadable via Steam) so I nuked the drive with DBAN and reinstalled Windows.
All is now good after the reinstall (obviously =D). I just didn’t have the time to chase this any longer, and as I didn’t lose any data it was a no brainer at this point to reformat.
I am still curious about if anyone has heard of malware that just types random keystrokes repeatedly? It was new to me.
Thanks for your help! I doubt this infection was the fault of Comodo. It was probably malicious code embedded inside of a previously trusted .exe if I wasn’t prompted by Comodo.
You guys here in the forum are awesome, and Comodo was the first thing I installed after my reformat.