Info: https://forums.comodo.com/av-false-positivenegative-detection-reporting/submit-malware-here-to-be-blacklisted-2011-no-live-malware-t66780.0.html;msg521858#msg521858 My question is how safe is my laptop now? I did full scan with CAV (didn’t find anything) and manually quarantine irremovable file. Should I do complete reinstall of Windows?
A BO alert means that your computer is in a vulnerable state if you allow the program that is causing it to run. A malware could abuse the vulnerability. It is does not necessarily mean your system is infected. I say downright no to reinstalling Windows. That is sheer overkill with the information I know now.
It is good to check your computer for malware with various scanners.
When you know and trust the applications and the source it was downloaded from then you can safely allow the program; only when it was not started by an unknown application.
With digitally signed executables you can check the signature and see if it is Ok. If it is Ok then the file is what it says it is and is not infected.
The problem is I allowed program to inject shellcode into explorer.exe, but after that I purged system from it. Is explorer.exe compromised? Friend told me CIS by default is protecting it from access and D+ log does indeed confirm this, only not infected file accessing explorer, but explorer accessing infected file. Does this mean anything?
I’m having the same problem here in the company, say they have comodo shellcode on some machines and not others, what should I do? Format? I’ve seen it’s not worth the back shellcode, which solution or opinion of Comodo? :-TD
Shellcode alerts means that a program is in a vulnerable state. It does not necessarily mean you are infected.
If an unknown file starts a well known application, like Excel 2010m and CIS reports a buffer overflow I would be very suspicious because we don’t know the nature of the unknown application.
If user starts Excel 2010 from a clean system and CIS reports a buffer overflow I am not worried and would allow the buffer overflow alert for Excel 2010.
Ok EricJH , but when the user see the message about shellcode gets scared, he does not understand what is happening, in my case I installed a program from a bank, and after installing, the messages began, the site is secure and shielded. The message now appears in most programs that run, before no warning message appears, the comodo woke up with the first message? It may be a bug?
???
In the end the user must put some effort in understanding. For a car we have driver’s licenses…
in my case I installed a program from a bank, and after installing, the messages began, the site is secure and shielded. The message now appears in most programs that run, before no warning message appears, the comodo woke up with the first message? It may be a bug? ???What programs are now giving the BO alerts? Did you recently make changes to your system or CIS installation (did you update)?
Can you also take a look in View Active Processes list in D+ and see what the partent program is of the programs that you get the BO alerts for? Please take a screenshot of the Active Processes list and post it here.