Ten days ago all seemed great. No more Norton, Comodo running smooth. Since then repeated hangups in IE. Outlook fails to download email, system hangs, CPF constantly asking if it’s OK for the same program to access the web (learning mode).
All thats bad enough but I’ve also had Windows File Protection telling me that unrecognized files have replaced previous ones- ‘Insert XP CD-rom now’ to restore these. 2nd time is now as I type this.
The first time was a few days ago, it was late at night and I shutdown thinking I could do this in the morning. Big error. Next day my PC presented me with a blank screen and a re-installation of the OS and software was the only way I could see as curing the problem. Luckily I had data backed up on a 2nd HDD. With an OS on it that I was able to use by changing the jumpers on the two disks to swap the both from master to slave and vice versa. Looking into the windows/system32 folder on the two drives it seems there were over one thousand files missing from the failed drive and that’s a conservative estimate.
I don’t want to jump to conclusions and blame either CPF or CAV but I used NIS for at least 2 years without any glitch and certainly without WPF being invoked. So is something getting into my pc to overwrite/ delete files? Is some part of the Comodo installation overwriting files? Have any of you fourumites had/ heard of this(these) problem(s)?
All helpful suggestions greatfully received
Luckily I saved a backup image of my disk yesterday which is saved on the 2nd HDD but that’s only a last ditch remedy and I could be in this same position in a few days time if can’t get to the bottom of the problem. Thanks for reading this far! Whew!
Dave
Edited: CAV status now showing License status as ‘Not available’ when it was registered fine earlier!
Hmm… I’ve just moved this. But, after reading it more fully… I think it should really be in the CAVS section.
There have been reports of instances where lots of system files disappear. One of first the files to be noticed is HAL.DLL (search the forums for this file & you’ll see what I mean), with HAL.DLL missing the system is cannot boot & displays the message that HAL.DLL is either missing or corrupt.
I don’t think this is an issue with CPF.
One more thing. If SFP (System File Protection) wants you to restore files from the XP installation disk, then you should be aware that the file being returned might not “fit well” in your current system. This is due to the fact that the file might have been subject to an MS update & thus SFP just restored an out-of-date version. The results can be unpredictable.
Edit: Once you have replied, I’ll move this topic to the CAVS section if you agree.
Thanks for the response Kail, CPF or CAV section doesn’t matter to me!
Yep the missing Hal.dll msg did appear but when I replaced that the next missing file was announced after 3 or 4 replacing files/ shutdown/ restarts and still getting a missing file msg I compared the system32 folders on the two drives and this is when I noticed the problem drive had fewer files than the older but now in use drive. 2034 files on the one in use and 1085 on the problem drive (So not the over 1000 I remembered but close) I didn’t fancy the job of replacing all these files one at a time!
The warning about File Protection replacing the files with ones from the cd is of concern as I have run SP2 and a load more updates since then. But my main wory is how to trace the cause of the files being deleted in the first place.
If you think it might, and I stress ‘might’, be a CAV issue in what way would the be, failed to interecept a virus or deleted files or quarantined files what?
CAV has two files in quarantine both from the slave drive, drive f:, mazecube-dm[1].exe and a0008368.exe in system volume information_restore[f5da… both of which are given the name not-a-virus:adware.win32.Trymedia I only mention these in case they’re of any interest
It might matter to the level of help you get. The Comodo CAVS people lurk in the CAVS forum & other users of CAVS will also hang about there. So, if you agree… I’ll shift this to the CAVS section.
Yep the missing Hal.dll msg did appear but when I replaced that the next missing file was announced after 3 or 4 replacing files/ shutdown/ restarts and still getting a missing file msg I compared the system32 folders on the two drives and this is when I noticed the problem drive had fewer files than the older but now in use drive. 2034 files on the one in use and 1085 on the problem drive (So not the over 1000 I remembered but close) I didn't fancy the job of replacing all these files one at a time!
The warning about File Protection replacing the files with ones from the cd is of concern as I have run SP2 and a load more updates since then. But my main wory is how to trace the cause of the files being deleted in the first place.
I can’t answer this. I’ve only been running CAVS myself for less than a week & I’ve not encountered this problem. Although, I know others have. To my knowledge, there is no definitive answer to this. It’s not know if it CAVS or something else. Although, all those who have posted on the issue believe, understandably, that it is CAVS related.
If you think it might, and I stress 'might', be a CAV issue in what way would the be, failed to interecept a virus or deleted files or quarantined files what?
CAV has two files in quarantine both from the slave drive, drive f:\, mazecube-dm[1].exe and a0008368.exe in system volume information\_restore[f5da....... both of which are given the name not-a-virus:adware.win32.Trymedia I only mention these in case they're of any interest
Other than… wow… CAVS found an infections inside a System Volume directory? That’s impressive, to me, on 2 counts… 1) the infections got there & 2) CAVS found them. I guess this also shows my limited knowledge of CAVS.
Any ideas of where to go now?
I’d like to move this topic to CAVS forum where Kishor (CAVS Dev Leader) can take a look at it.
OK to move it over, sounds like it would be a better section to be in. I’ve just been reading the stuff about missing hal.dll- + other files- and it doesn’t sound good. As a semi IT illiterate bod I’m amazed that CAV does this much damage.
And it certainly sounds like CAV’s fault when telling it not to scan the missing files prevents them from being ‘disappeared’.
I hope this doesn’t come over as sour grapes but I think the bit about this being beta software should be more prominent, or delta, omega… whichever way it works.
I don’t know if CAVS is to blame or not. To-date, I don’t think there has been any evidence to support this one way or another. After all, if CAVS did quarantined them (for whatever reason)… shouldn’t all those files be in CAVS Quarantine?
Edit: To be sure. I currently only allow CAVS On Access Scanner to Deny access to infected objects. And I don’t allow a repair attempts. I’m not too keen on system components suddenly disappearing… W2k just doesn’t like it. ;D
The circumstantial evidence points to CAV being to blame I think, certainly for me.
Its been years since I’ve had any problem and since CAV arrived on my scene I’ve had to install all kinds of recovery software. Probably stuff I should have anyway in case of a major HDD problem but this is the wrong reason for having to get it.
As far as the files being in quarantine that depends on what CAV means by ‘disinfecting’. It only stores files in quarantine if it can not disinfect the file, if the disinfectation of files corrupts them these files wouldn’t show in quarantine- I’m guessing here of course.
The settings in CAV allow some control and I’ll try the ‘deny access to infected objects’ settings for a while and seee how that goes. I noticed a lot of problems with uninstalling CAV but also a note saying an uninstaller was in QA for assessment and should be available soon. That will be my next port of call until CAV is beyond the beta stage. I’ve had to restore my PC to an earlier image just now and I can here the HDD clicking away madly again so suspect CAV (or whatever it is) is at it again, yep Windows file protection appears again as I type.
Ho hum. I think I’ll go and have a cup of tea! :-\
That’s new, now Windows wants to configure CPF1.1 Ugh! I’ll make that two cups of strong tea!
Better post this before meltdown!
edited so it makes a bit more sense, must have been in need of the tea!
I feel sorry for you. but I have been using CAVS for about a month now. other than a slight memory spike, nothing is wrong with it. You may want to check if you installed any programs other than CAVS.
just fyi, you could also use linux to recover your data if windows fails completely, for some unknown reason. One good one would be Ubuntu. I am saying that because I experienced a time where windows refused to access the disk, no matter what happened. I tried using an apple computer also to no avail. Linux simply blasted through my problem, and saved my 30 GB worth of data.
Thanks for the tip. I’ve no knowledge of Linux or Ubuntu. Did you replace windows with Ubuntu or install it in another partiton or…?
I’ve now recovered to earlier today- about 14 hours ago!- using DriveImageXML and BartPE on a boot DVD. They’ve certainly saved me some time. I used BartPE to get into my recovered drive and delete every file and folder in the Comodo directory with CAV.anything - leaving the CPF folder intact. When I restarted the system I had a msg saying CAV was disabled and not running. I then used the Windows program and asked it to uninstall CAV. This brought up the CAV repair, remove wizardy thing. When I tried to remove CAV it hung and my PC seemed to freeze. Using ctl+alt+del to access the task manager I could see the CAV on demand installer process- at least I think that was its name- it was running like a good’un so I terminated it. Suddenly the Uninstaller wizard lept back into life and said CAV was removed-
hoo-bloomin-ray!
Since then dear readers things have been nice and quite and running smoothly. Whether this happy turn of events continues we, well certainly I, will see. If I’ve wrongly sentenced CAV to death on my PC and the problems return I’ll comment further otherwise I’m outta here! No more Beta software for me.
I’m sorry that you are leaving Comodo. I hope that CAVS isn’t the problem. I’ll just answer this even if you are not here any longer. I use the Ubuntu live cd for getting my files back to live.
I’m not leaving Comodo, I use CPF and think it’s good, my ‘…outta here…’ comment was more to do with this thread. CPF has been running fine, I’ve had no real problems with it since it was installed. Though I’m still learning about it. I haven’t had as much time as I would like to get used to it due the problems I’ve had with CAV.
I’m more sure now that it was CAV that deleted or corrupted files on my pc, it’s too much of a coincidence for problems to occur when it was installed and to vanish when it’s removed. At least that’s my view on it. I can see there are plenty of people running CAV with no problems, and plenty who have, so there are obviously different system setups around. Unfortunately I had problems.
I didn’t appreciate it was a Beta version and I may have tried it if anyway if I had, to be honest. I’m older and wiser now and wouldn’t entertain any similar installation without making a backup of my current drive. I’d had a problem free pc for quite a few years up until recently and had forgotten how much brain pain can be inflicted when it all goes wonky.
I’ve got a fully working system at the moment running Avast AV alongside CPF which seem to be OK together. I’ll be keeping an eye on CAV to see how it progresses and would certainly consider using it once I read a lot less about problems it may be responsible for.
As far as Ubuntu Live, I’ll investigate it out of interest when I get time but I don’t think I need to do any more experimentation just now, but thanks for the info.
of files corrupts them these files wouldn’t show in quarantine- I’m guessing here of course.