Yes, I had AVG on the machine for awhile, then Avast for 1 year, and now only Comodo.
I can’t export the key as its invisible. When I look in the registry with regedit those two keys do not show at all.
I have tried various registry cleaners, but most of them do not see these hidden keys, and the ones that can see them cannot delete them.
Windows XP Home SP3.
Comodo firewall user since 3 years, together with AVG free version.
Due to AVG slowing down my (very old) computer and to compatibility issues (AVG dfidnt let me install the newest 2011 version because it claims I have CIS and there would be a conflict, while in reality I only had the Comodo Firewall) I uninstalled AVG around 2 weeks ago, and then uninstalled Comodo firewall and installed from scratch the whole CIS.
Initial scans showed no detections, but recently I played in the “Scanner settings” and checked the “enable rootkit scan” box (while leaving the heuristics at the default ‘low’).
So in my todays bi-weekly scan Comodo suddenly finds :
Ok, I downloaded this file put here by jay2007tech (thanks!) but similarly to norain it didn’t change a thing.
Despite running it, despite having changed the folder options to show hidden files, I can not locate
HOWEVER, I have tried to log in with the administrator account and I could see it.
On my PC, I got one account “administrator” (accessible only in safe mode) and another one for myself, with full administrtive privileges. I think that’s the common set up in Windows but Im not sure. Some people use an account with limited privileges for web surfing for increased security, I do not. I always use my account named after my first name, and the “administrator” account exists because it needs to exist.
So basically, the entry in question can be seen when I log in with the “Administrator” account.
I am not sure why it can be seen there and not normally and how to proceed now.
which is told by CIS to be a rootkit, can be seen there. In my normal windows account, it can not be seen, despite this account having full administrative privileges.
Overall, I must say I noticed quite a few threads on the comodo board about suspected rootkit false positives. My limited knowledge tells me its also a f/p in my case, but I’d want to prove it once and for all.
And ideally, Comodo would stop showing this rootkit (or ‘rootkit’?) during the rootkin scan.