services.exe -- tried to execute shellcode ... buffer overflow attack

Hello everyone,
first of all, sorry for similar topic, but I simply could not find a reply button in that topic, so I created a new one, if that’s a problem, please join the topics, thanx.

And now, some facts about my problem. Every now and then, it’s hard to say exactly when, but usually after the comupter is turned on and Win XP SP3 is booted, Comodo says that services.exe tried to execute shellcode as a result of a buffer overflow attack. The problem is that when I hit the terminate button, that leaves me with 60 seconds countdown and my computer is going to restart itself. I’m kind of worried, if this is not some malware or sth, and because services.exe is an important part of the windows system. I’m also running Avast antivirus and tried to use Spyware Terminator, performed a full system scan, I also scanned the system with Avast antivirus, but nothing was found. Another thing I used was Procexp to examine processes running on my system, but again, I did not find anything suspicious, the log file from Procexp follows:

Process	PID	CPU	Description	Company Name
System Idle Process	0	75.38		
 Interrupts	n/a	1.54	Hardware Interrupts	
 DPCs	n/a	3.08	Deferred Procedure Calls	
 System	4			
  smss.exe	1324		Správce relací systému Windows NT	Microsoft Corporation
   csrss.exe	1444		Client Server Runtime Process	Microsoft Corporation
   winlogon.exe	1476		Windows NT Logon Application	Microsoft Corporation
    services.exe	1524		Services and Controller app	Microsoft Corporation
     svchost.exe	1736		Generic Host Process for Win32 Services	Microsoft Corporation
      COCIManager.exe	5072		Camera Control Interface	Logitech Inc.
      COMServer2Helper.exe	3060			
     svchost.exe	1816		Generic Host Process for Win32 Services	Microsoft Corporation
     cmdagent.exe	588		COMODO Internet Security	COMODO
     svchost.exe	616	10.77	Generic Host Process for Win32 Services	Microsoft Corporation
      GoogleUpdate.exe	236		Instalační program Google	Google Inc.
     MsMpEng.exe	664		Service Executable	Microsoft Corporation
     svchost.exe	892		Generic Host Process for Win32 Services	Microsoft Corporation
     svchost.exe	964		Generic Host Process for Win32 Services	Microsoft Corporation
     aswUpdSv.exe	1344		avast! Antivirus updating service	ALWIL Software
     ashServ.exe	1396		avast! antivirus service	ALWIL Software
     spoolsv.exe	552		Spooler SubSystem App	Microsoft Corporation
     Apache.exe	1236		Apache HTTP Server	Apache Software Foundation
      Apache.exe	2872		Apache HTTP Server	Apache Software Foundation
     LVComSer.exe	1264		Logitech Video COM Service	Logitech Inc.
      LVComSer.exe	4556		Logitech Video COM Service	Logitech Inc.
     LVPrcSrv.exe	2512		Logitech LVPrcSrv Module.	Logitech Inc.
     mysqld-nt.exe	2604			
     nvsvc32.exe	2672		NVIDIA Driver Helper Service, Version 181.20	NVIDIA Corporation
     sp_rsser.exe	2724		Spyware Terminator Realtime Shield Service
     sqlbrowser.exe	3216		SQL Browser Service EXE	Microsoft Corporation
     sqlwriter.exe	3268		SQL Server VSS Writer	Microsoft Corporation
     svchost.exe	3320		Generic Host Process for Win32 Services	Microsoft Corporation
     ashMaiSv.exe	2652		avast! e-Mail Scanner Service	ALWIL Software
     ashWebSv.exe	2808		avast! Web Scanner	ALWIL Software
     svchost.exe	4568		Generic Host Process for Win32 Services	Microsoft Corporation
     alg.exe	5116		Application Layer Gateway Service	Microsoft Corporation
     svchost.exe	5816		Generic Host Process for Win32 Services	Microsoft Corporation
    lsass.exe	1544		LSA Shell (Export Version)	Microsoft Corporation
explorer.exe	1976	1.54	Průzkumník Windows	Microsoft Corporation
 TSVNCache.exe	416		TortoiseSVN status cache
 NvMixerTray.exe	1036		NVIDIA nForce Mixer Tray Application	NVIDIA Corporation
 MSASCui.exe	1072		Windows Defender User Interface	Microsoft Corporation
 Communications_Helper.exe	1092		Communications Manager	Logitech Inc.
 Quickcam.exe	1152		Camera Software	Logitech Inc.
 ashDisp.exe	1240		avast! service GUI component	ALWIL Software
 MBM5.exe	1260		MBM 5 Core EXE	Alex van Kaam
 rundll32.exe	1300		Run a DLL as an App	Microsoft Corporation
 cfp.exe	1536		COMODO Internet Security	COMODO
 ctfmon.exe	1912		CTF Loader	Microsoft Corporation
 daemon.exe	1932		Virtual DAEMON Manager	DT Soft Ltd.
 GoogleUpdate.exe	1268		Instalační program Google	Google Inc.
 firefox.exe	5928		Firefox	Mozilla Corporation
 foobar2000.exe	1824		foobar2000 Application	
  LastFM.exe	5324
 infium.exe	4860	1.54	QIP Infium	QIP
 SpywareTerminator.exe	4408	6.15	Crawler Spyware Terminator
 procexp.exe	908		Sysinternals Process Explorer	Sysinternals -

Could you please give me some advice what to do? Is that probably some threat or should I ignore that? Or should I try the new beta?

Thanx for every advice and pardon my bad english.

EDIT: I found a log of Defense+ events, so now I know, when did the incidents happen:
First it showed on 22nd of Feb, then 9th of March, and then it started to appear more often – 4th, 7th and 14th of April (7th and 14th of April is the last two times when I booted the computer). And I also forgot to mention, that after the restart, the alert does not appear any more, the problem appears only after the first boot.

Is my question unclear? Unproperly formulated? Have I not provided enough information? Or just nobody knows…?


I’m sorry you didn’t get any earlier support, but I guess nobody knew what to do just as me ( I’m a comodo forums volenteer, not a developer). But perhaps you have a malware ? just a wild guess.
please take a look over here for further instructions on how to remove virusses.


Thanks for your reply eXPerience. I used both Superantispyware and Malwarebytes Antimalware and they haven’t found anything (besides some tracking cookies). I didn’t install the Bitdefender Antivirus, because I already have another one (Avast, as I said earlier).

Well, it seems that my malware is very sophisticated or there is no malware, just bug in services.exe or comodo…

Well, in that case I sujest you use the latest beta and see if that helps ?

sorry I couldn’t help you,