??rootkit injection

This is beyond me but here from post #56

Is this real exploit?

Sorry if this has been posted and addressed already, I couldn’t find it>

That thread is little difficult to follow, jumping in at page 3. The System Idle entry in CFP3A1s Log is, we believe, a reported bug. It shouldn’t really be reporting System Idle… but we’ve had no confirmation of any CFP3A1 bugs. So, we don’t know either (there’s no documentation yet).

Is a rootkit a real threat? Yes, absolutely. CFP3A1 might have nailed it… but, its difficult to tell… as System Idle doesn’t make a lot of sense. I’m not 100% sure if SystemJunkie has found something or not… it would be better posted here (obviously)… but, I think he’s researching & seeking confirmation from other posters at the moment. So, perhaps he’s not ready to bring it to Comodo.

Thankyou

lol it’s often difficult to analyse some of System junkies posts, but he does have some interesting screenies.

Regards.

CFP3A1 might have nailed it..

Could you explain what you mean with CFP3A1?

So in case you think that comodo prevented intrusion, then only for a short time,
some boots later comodo alpha is already corrupted. So the only way to control
a little bit the unknown is to reinstall comodo each 2nd or 3th reboot.

CFP3A1 = Comodo Firewall Pro 3 Alpha 1

Corrupted? Do you mean the known CFP3A1 bug of loosing all its registry settings? Re-install every 2 or 3 reboots? Personally, I use a simple registry Import to recover from that CFP3A1 issue. However, if you are testing CFP3A1, then you are posting in the wrong place. There are OS specific topics in CFPs Beta Corner.

I think I am right, I thought you were interested in rootkit inf.

http://i12.tinypic.com/6gxnfpx.png

Sure, best to start a new topic though since this topic asked if rootkits were a real threat (answer was “yes”). Given the screen shot, I suspect your info is probably not exactly the same thing. If it is directly related to any of the CFP 3 Alpha’s (new alpha released yesterday), then that should be posted in the correct topic (OS specific) in CFPs Beta Corner. I’m not trying to be awkward or anything, it is just that the CFP Devs are, obviously, a bit busy at the moment & posting it in the right place will get the right sort of attention.

since this topic asked if rootkits were a real threat
No I know "rootkits" are a threat I was asking if this ( info in the screenies from system ■■■■■■ ?stormy mind) was a bypass of CPF

But any further than this may be is over my head: so go to it guys :slight_smile:

Wilder’s SystemJunkie is StormyMind?

Then this is concerning the Alpha testing of CFP 3. It should really be posted to the Beta Corner.

I noted that SystemJunkie said that GMER & CFP 3 causes BSODs. Actually Rootkit Unhooker (RU) & GMER are very incompatible according to RU. RU causes GMER to fault and/or BSOD… apparently.

Wilder's SystemJunkie is StormyMind?
Dont know: thought the screenies looked similar
I noted that SystemJunkie said that GMER & CFP 3 causes BSODs. Actually Rootkit Unhooker (RU) & GMER are very incompatible according to RU. RU causes GMER to fault and/or BSOD.. apparently.
EP_XOFF has stated he has removed the "gmer ban" from current version of RkU.

Last free version of RkU released here http://forum.sysinternals.com/forum_posts.asp?TID=962&PN=34
New version of gmer tool here: http://gmer.net/index.php

Not really sure how stable new version of RkU is yet: offers vastly increased functions.

AS you say:

Then this is concerning the Alpha testing of CFP 3. It should really be posted to the Beta Corner.

You could close this ??

SystemJunkie’s screen shots on Wilders show that he is using an older version of RU.

CFP Alpha stuff: I was pointing out that CFPs developers would probably not look here for CFP 3 Alpha feedback or bug reports. That is all.