Repeatedly sandboxing a non-existent file: Ask.com/UpdateTask.exe [Renamed]

I am running the latest free CIS. Yesterday I started getting an alert about Program Files/Ask.com/UpdateTask.exe being sandboxed. At first I thought, “oh great, Ask weaseled itself into my system”, but upon initial searching my system, Ask is not installed in add/remove programs, Revo Uninstaller didn’t pick up, & there is no files on my computer that I can find that are Ask.com related. The biggest mystery of all is that the Program Files/Ask.com/UpdateTask.exe path doesn’t exist at all. I even checked with all files & folders being viewable ( unhidden ), & even a few thorough windows searches.

I have been getting the sandbox alerts for this same .exe & path all day now. Does anyone know what is going on here ? lol

Thanks

Edit— I wanted to add that I also ran 3 CIS virus scans & cleaned my temp files / folders aggressively.

I would like to also add that blocking it via the Defense+ events menu has no effect. I could see it having no effect on blocking an .exe from a path that doesn’t exist, but what could be triggering these sandbox alerts. I am getting them more frequent now at about 1 every 2 hours. ???

Which version of CIS do you have installed?

Also, could you please post a screenshot of the alert. That would be very helpful.

I have free CIS firewall / anti-virus / defense+. Version = 4.0.141842.828

Here is a screen shot of the alert in the defense+ events log. Also the path to the .exe is (program files/ask.com/updatetask.exe )

http://img179.imageshack.us/img179/3391/screenhunter02apr220147.jpg

EDIT-

Here is the alert, it popped up just now.

http://img202.imageshack.us/img202/107/screenhunter01apr220205.jpg

I have even just re-installed Comodo, & noticed this time around that Ask.com is bundled with Comodo. Which seems interesting that I began getting this Ask non-sense upon installation of Comodo. Anyways, I didn’t click the checkmark for Ask, yet I still am getting the same exact Defense+ alerts for UpdateTask.exe

I think Comodo is great & am very pleased with it, I just wish I didn’t have to deal with this ask.com mess. ???

do you have the folder? c:/program files/ask.com ?

That is the thing. That folder, simply does not exist. It never existed. I am OCD with items on my computer. I am constantly monitoring & manually checking to see what is going on my computer & where. Not to mention all hidden files are set to viewable.

I boot up today & instantly get new alerts for my audio ( RtHDVCpl.exe ) & laptop touchpad ( SynTPEnh.exe ). Which both were previously marked as safe because I had to contend with alerts for them soon as I installed CIS. After setting these two items (again) to not run in sandbox & to trust the vendor for the files, I immediately reboot my pc. Upon Vista booting up, I again get the same alerts for the audio & touchpad as above, even though I chose to not run them in sandbox anymore & to make them safe files. Not to mention I am getting alerts for InputPersonalization.exe, which I also set to not run in sandbox again, & as a safe file.

Things I have placed as a My Own Safe File, simply don’t show up in the list for My Own Safe Files, or if one does show up in there, it vanishes at some point because it wont be there & I will get sandbox alerts for the program.

I have installed CIS close to 10 times trying to fix this problem. And now thanks to CIS not keeping safe files safe, with the advent of the alerts for SynTPEnh.exe, now my scrolling on my touch pad is disabled once again.

And just now the blocked application of ask.com/updatetask.exe brings another alert. The file that doesn’t exist, is impervious to any of my CIS commands. I say block it & I still get alerts. This is driving me crazy.

Before using CIS, I had a mixed bag of my favorite security solutions installed ( like many people ). I was secure & satisfied to a point. The main problem was that all three running at once were a slight resource drain. I found CIS, & with it being all 3 of what I had in one application made me very happy. Low resource overhead & overall a superior product in all 3 areas (firewall/anti-virus/defense+) over what I have used in the past. I just have no idea why I am having these critical, yet simple errors.

I just got a google update alert since google was trying to make an outgoing connection. Just yesterday I set that same program alert for googleupdate, to allow it ( & remember my answer ). But apparently CIS isn’t remembering anything I tell, or at the least it in a random manner is choosing what to remember or what not to.

I am at my wits end because I have tried everything I can think of. The ghost ask.com folder/file can’t be helping things either. If CIS is going to bundle a malicious piece of junk like Ask.com, then it should at least be able to control, even when the user chose not to install Ask.com at all. ???

I hope someone can help, as I want to continue using CIS.

It sounds like you got a corrupted install, I would recommend doing this. Go to c:/program files/comodo, cis/scanners/ and copy the bases file to your desktop. Now go and download revo uninstaller and install it. Also download a fresh CIS installer form the comodo website. Open revo and select CIS, click unisntall and set revo to moderate. Hit next. Go though the comodo uninstaller but when it asks you to restart don’t do it. Hit next on revo when the comodo uninstaller is finsihed, delete all of the registry keys hit next and also delte all of the files it finds. Hit finish and restart. After you have restarted proceed to install CIS paying close attention to install just the AV and firewall. Once the install is finished, it will ask to restart, say no. Go back to the scanners folder and copy over the bases file from your desktop, when it asks you to over write say yes. Now you can restart. Once restarted go and update the av once again, Now everything should be fine.

Thanks, I am attempting this now. I might want to add that on each re-install, I uninstalled CIS with Revo first.

May I ask what saving the bases file & overwriting the new installed one does as oppose to just a fresh install ?

because it will save you download time, why would you have to download the signatures again?

Oh ok thanks. I realized that once I went to download latest updates & it was already up to date. lol

Running scan now, once it is done I am rebooting. Already set up all my policies. Hopefully upon reboot, things will be fine. Only thing I have noticed already is that one of the two files I placed in my own safe files, has vanished. No sign of Ask.com yet, so hopefully that is gone for good. I will report back after I reboot & run the system for awhile.

Thanks for your help.

Wow, I think i give up.

Ask.com is back with the invisible updatetask.exe ???
I have done everything possible & still can’t get CIS back to normal.

YOu might have a rook kit infection or something. Can you please download hitman pro http://www.surfright.nl/en/hitmanpro do a scan and post up a screen shot for me when it is done scanning. This can’t be from CIS.

Very annoying that CIS sandboxes non-existent files. I have that problem with InDesign CS4 (on two computers). InDesign “calls” PerformanceMonitor.exe, but there is no such file (it’s used by InDesign server edition). Had the same problem with a deleted or renamed ComodoSE.exe: it was sandboxed over and over. Had no problem with .779, but with .828 it’s back. :-\

http://img59.imageshack.us/img59/1742/screenhunter01apr230227.jpg

I thought I must of had a rootkit myself, but apparently not.

If CIS has a bug that sandboxes non-existent files, that makes sense, but I can’t figure out why it wont remember safe files.

Can we get someone from Comodo staff to look at this? I’ve noticed a few different posts on the forum complaining about the same thing.

I hope someone does, because I like this product a lot. But receiving daily alerts for the same things over & over. 88)

I wonder what calls UpdateTask.exe. Is it at start up you get the alert? Can you see UpdateTask.exe in Autoruns? Also search for Ask.com in Autoruns.

The subject is widely documented, e.g here (if you don’t like it, you can replace Final Uninstaller with whatever similar software of your choice).

If not able to close the relevant services and processes, you should boot to safe mode, or use a third-party booting device, or boot mbam in safe mode…).

In these conditions, manual removal can alternatively be ensured as the relevant files and registry settings are provided.

It doesn’t, of course, keep to say that Comodo, a security software, allowing and default installing such a, adware/spyware is totallly scandalous.

http://www.finaluninstaller.com/blog/ut/how-to-uninstall-ask-toolbar.html

I can’t find anything about Ask.com anywhere on my system. No start ups, no folders, no valid paths. I also am getting another sandbox alert for another program that does not exist anymore, programfiles/Acer/AcerAssist.exe. So I wonder if it is just a bug with alerting programs that do not exist anymore, but may have some fragments left behind.

I am trying out Final Uninstaller now & will report back.