Sality.ag/Sector.21, one little problem

original thread: https://forums.comodo.com/10551086108810911089108910821080-russian/salityagsector21-ethplusmnethfrac34ethmicroethsup2n�ethmicro-ethsup2ethmicron�n�ethcedil-n�-ethiquestethfrac34ethraquoethmicroethsup1-t72702.0.html;msg517399#msg517399

this thread was generated by automatical translator software

Prologue: I know that some similar topics (about Sality) already exist, but very much ask mods not to delete this.

Essence here in what:
I work as the system administrator at one very-very poor ukrainian budgetary enterprise.
Accordingly, is available:
Wire network Ethernet with broadband access to an Internet, a SMB-share with the rights to write for an exchange of documents under Linux, about 70 workstations with an approximate configuration:
CPU 1.7-3.0 GHz one core, the sample 2003-2006 years,
256-512 MB RAM,
Semidead HDD,
Windows XP Home x86, it is thin optimized under weak machines
Skype and СAV at autorun
Well and epidemic Win.32/Sality.ag

For some reasons, from me not dependent, Skype c autostart I can not remove. And also I can not buy computers more powerfully, to migrate on Linux or paid anti-virus ON, and much that can’t. But tears will suffice, I will describe a problem more in detail:

Last month I have noticed very bad tendency:
Workstations with last version Comodo/cav and last version of bases to it, regularly
infect Sality, which:

  1. Switches off service Windows COMODO Internet Security Helper Service and results an antivirus in a non-working condition. Owing to what the way to an other infection on flash cards or download from Internet. Parental control doesn’t interfere with deenergizing by a virus of service of an antivirus.
  2. Then Sality writes on all local disks files autorun.inf, referring to infected.exe and.pif files. Guzzles uninstalls and infects all processes in the RAM and executed files on a computer.
  3. Infects all network resources with the rights to record, using a hole of safety Windows at processing *.lnk files.

As a result of long and careful researches, I have found the reason:
Service Windows’a COMODO Internet Security Helper Service cmdagent.exe and process cfp.exe start only within 2-3 minutes after desktop loading that is caused by a weak system configuration, dead HDD, and Skype in automatic loading. As a rule, by this time impatient users already have time to infect the computer by inserting flash cards or calling on infected from network share with lnk files.

After treatment by specialized utilities or LiveCD (I have tried them about 10 pieces different) MS Office, Comodo Antivirus, and also Skype Will melt not work - throw out a window about an error and report sending in Microsoft.

Very much I ask about the help:

  1. Translate this thread https://forums.comodo.com/10551086108810911089108910821080-russian/salityagsector21-ethplusmnethfrac34ethmicroethsup2n�ethmicro-ethsup2ethmicron�n�ethcedil-n�-ethiquestethfrac34ethraquoethmicroethsup1-t72702.0.html;msg517399#msg517399 and notification with it of developers Comodo. I think, the problem could be solved working out preloader’a service cmdagent.exe and process cfp.exe, similarly as it is present at other anti-virus decisions
  2. Any variants of the decision without “crutches”.
    Like that: "tell to all grandmothers at the enterprise that it is necessary to wait for 5 minutes after computer inclusion before sticking a flash card or to start to work with documents.

I apologize for a bad form, and that is a lot of the text.

P.S. Sandbox and proactive protection I disconnect because of low productivity and incompatibility with different appendices. The scanner under signatures works “On access” or in “Cumulative”. Autoremoval of threats is activated, memory scanning at start too is activated.

Hi VladMC,
If you can find the FP file,you can submit through this
link:Comodo Firewall | Get Best Personal Firewall Software for $29.99 A Year we can go to have a look at it.
Thanks and Regards,
Lin mengze