SERIOUS ISSUE REGARDING comodo Antivirus (VERY HARMFUL)

Sorry for the urgence of this thread, but I think it’s worth of a look from the software developers.

Ok, recently (2 days ago) I have installed comodo antivirus (I had also comodo firewall) in my laptop and all was ok until today. Well, it is simple, at startup, when Xp Pro SP2 should ask for Members logins, the sistem crashes and a BSOD appears :

STOP: C00000210A {Errore Irreversibile di sistema}
Processo di sistema Logon Process terminato in modo inatteso
con stato 0xc0000034 (0x00000000,0x00000000)
Il sistema è stato chiuso.

Translated it means:

STOP: C00000210A {Unrecoverable System error}
System process Logon Process ended in an unexpected mode
with state 0xc0000034 (0x00000000,0x00000000)
System has been halted.

Ok, I rebooted , same.
I tried to F8 and go in safe mode, same.
I tried all the boot options of F8, same result.
I googled that and found that it “might” be due to some critical Xp updates that may crash, so I tried to remove them with the restore process (boot from Xp, press R , login as admin and manually remove the suspected updates), but the system didn’t recognize anymore my Administrator Password ( It was blank, but it said incorrect pwd).

What I did ?
I had to reboot woth Xp cd in and remake an installation of Xp over the current one. After reinstallation the system restarted and restored my settings, but it crashed (freezed, no BSODs) like 2 times.
Then I was able to enter in windows in safe mode only and , after I removed ENTIRELY comodo antivirus, well, the system SLOWLY is able to start normally.

What I got now ? A system that must be entirely reformatted since it is terribly slow and unreliable, and all what I did in the very recent days was to install comodo antivirus. I am 100% sure that no Xp updates were installed since they are disabled by default in my system.

So well, 20 minutes ago I didn’t think it was related to comodo firewall, what made me ANGRY was that the SAME THING (identical) happened to my home computer (again xp sp2) and , surprise, I have installed comodo antivirus there 2 days ago.

Now I strongly suspect that the antivirus caused my problems and I am extremely worried because I have to reformat 2 PCs: 1 for fun purposes, the other for JOB.

Please investigate.

These are my system specs:

Laptop:

Dell Inspiron 9100, P4 2.8ghz, 512 DDR, Hd 30 gig, radeon 9700 mobile pro (no shared memory).
With Windows XP SP2, acrobat 7.0, office 2003

Home PC:

P4 3.0ghz, 512 ddr, hd 80 gig, radeon 9800 pro , with winXpsp2, acrobat 7, office 2003.

Now I have to go back to them. A long time will be needed to reinstall all and to search for a new antivirus ( sorry guys, but I really think that you can understand me )

I was using CAVS 2 beta for the last 1 month and I had the same problem today when cavs auto updated. It caused the exact same BSOD and it also detected & removed winlogon.exe as malware. I had to install the HD to another computer, copy the missing file & disable cavs.

I had today the sama problem with the winlogon.exe, the whole system was set to a dead state, when I tried to start again it did’nt work anymore, even in safe mode it wouldnt, I have set back a backup from a day before and set the automatic updater to off and it is working now, I hope the problem will be solved quickly. (:AGY)

Heh guys, as we say in Italy “we are in the same ship” .
I am pretty “happy” that this is a common problem, because maybe this could help comodo group to solve this dredful issue

Got the same BSOD and problems as described above me.
It made me quite angry to be honest, I have a presentation tomorrow, for which I now have to use KNOPPIX to boot and show a dreadful PDF presentation instead of the one I was intended to use.

Thnx Comodo… really

I’ve set up 13 new laptops in the last three days and CAVS is installed on all of them. My last one got the latest update and it’s now crashing the the exact same errors. So I downloaded the updates to another notebook and it’s crashing too. I hope this can be fixed very soon. I would prefer to use Comodo, but I am about to uninstall it from all of them.

HELP!!!. I have 8 computers and all has the same error. As I can repair Windows? (:AGY)

Hello i am from portugal, and i am a computer tecnician, today i got lots of phone calls because of comodo errors, i kept telling my costumers COMODO was a great antivirus but now i have to repair 27 computers, these are the ones that called today, there will be a lot more in the next days.

At least give us some information about what happened with your software that caused this.

Thank You

I’ve requested help… nicely as well.

Edit: PS Welcome to all the new guys.

Yet another edit: If those that have had BSODs can post a zipped minidump (C:\WINDOWS\Minidump), that would be most helpful. Thanks. ;D

Wow, what a coincidence. After using the latest CAVS Beta for several days I also had a Windows problem today. The computer would reboot before Windows fully came up saying there was some serious problem. The computer would then reboot on its own several times. I also had to put in the original Windows CD and repair my system. It took several hours. Once the system was running, I uninstalled CAVS and went back to Grisoft’s free AVG program. I hope this problem that is affecting alot of people is fixed soon. I’ll just wait for the stable version of CAVS to come out. Great firewall by the way. Keep up the good work Comodo.

Same deal here with my other system running the previous beta, cavs detected winlogon as a keylogger and quarantined it hence the system crashed BSOD, unable to get in at all since the winlogon is quarantined, appears someone did a MAJOR royal boo-boo here, sorry but this is unacceptable even for a beta, those that dont have others systems are most likely staring at their systems wondering what happened not knowing that cavs was the culprit, it killed them all, SHUT OFF THE AUTOUPDATE SERVER ASAP!!!

(CNY) This take a bit long time to fix for the support team. I think maybe can contribute to restore windows at the original state. I will test my solution some hour later (late here) if this work, will can restore and open windows to have time for uninstall the corrupted software and start again without any problem. If I have success I will post the solution here!

Be patient, the development team also are human too (:LGH)

The developers will not be up for a few hours yet & the Admins a good 6-8 hours after that, which might cause a further delay… so unfortunately you’ll need to be a little patient. Remember, please post any zipped mini-dump DMP files if you have them or info from the Windows Event logs if any any exists. Thanks.

(J) Booting on XP sp2 recovery disk can’t find C:\windows\minidump using:

C:\windows>dir *. (dos command for list sub directories)

My still up n running XP sp2 machine (Both R Dells’) list a minidump sub-directory under windows. I haven’t rebooted this machine since both downloaded the update and the first one crashed on re-boot.

I have a good command of dos 6, but functionality of the recovery mode CD is limited. The naming convention changes lock me out of directories with names exceding 8 characters.

I will be up another 1/2 hour.

Stop c000021a {Fatal System Error} with a status of 0xc0000034 (0x00000000, 0x0000000)

I have a theory about this. winlogon.exe (or a similar file) is damaged/quarantinated/deleted by comodo so, PROBABLY (i’ll test and try) a way of solving this problem is to:

1. boot the system with knoppix
2. copy in an USB pen a winlogon.exe from a working computer
3. inject / overwrite winlogon.exe from that pen in to the damaged PC with knoppix
4. reboot and go directly in safe mode (F8, safe mode)
5. REMOVE comodo antivirus
6. Pray your God
7. Reboot the machine in normal mode and see what happens.

I will try this this morning, just to test.

Anyway comodo team, this is a very urgent issue, in your place I’d block immediately any updates of this “nice-but-unlucky” product

Hi All,
I apologies for the inconvenience caused by last updates for Beta 2.0. This problem is fixed in today’s updates of Beta 2.0.
If your system is not booting normal, please follow these steps to boot system normal

1. Boot through dos bootable. (if you have NTFS you can get dos bootable in floppy or CD from NTFS Data Recovery Software - Boot Disk - Freeware NTFS Tools)
2. Copy the winlogon.exe file from %WINDOWS%\ServicePackFiles\i386\ OR Copy the same version (5.1.2600.2180 ) of %Windows%\system32\winlogon.exe from other system.
3. Paste it in of %Windows%\system32 directory in your system
4. Disable on-access service (just rename %Windows%\system32\drivers\cavasm.sys), so that it will not detect winlogon.exe.
5. And reboot your system. It will boot normal now. On-access will not work this time.
6. Get latest updates, which has fixed this false positive issue.

Thanks & Regards
Kishor

G’day,

You can still access these from DOS, but there’s a trick. If you want to access the folder “Program Files” under DOS it is called “progra~1”. The convention is as follows : the first six characters of the folder name (excluding spaces) and then a tilde and then the number 1. If you have two folder with names greater than 8 characters and the first six characters are identical then they are referenced as “folder~1” and “folder~2”.

Hope this helps,
Ewen

Yeeeeee !

My solution was very similar to this

I will test is asap !

One more time, Ty for the time and effort solving this problem.

There is still one little problem to solve for those who use FrameWork 2.0.

If you install Comodo, let the on-acess scanner on, and then go to Windows update and try to install FrameWork 2.0, it gives an error. Also, if you try to instal local, you have to disable onaccess scaner to instal framewrk.

For safegarding, i’m gonna to exclude the Framework 2.0 path from onaccess and ondemnd scan.

The first file that gives an error if you try to instal localy is SystemWeb.

Ty for your time
(V)

Second time that a system file is removed. First time it was not as bad, as I could start in safe mode.
I lost all my data this time, because I didn’t know Comodo Antivir was the cause of the problem, and my windows is supplied as a ghost image, so I couldn’t do a recover

Looking forward to the stable version, cause I like the program (and the firewall), but I do not dare to run the beta anymore.