Something killed my CFP and removed it from my system

I don’t know exactly how or when it happened, but suddenly the CFP logo wasn’t there anymore. I went to the start menu and Comodo\Firewall folder was empty. I went to Program Files\Comodo and only 2 files were there! a chm file and a dat file. dll and exe files, everything all gone. When I tried to reinstall it, it said do I want to uninstall it? I said yes and the window disappeared, nothing else happened. Tried to install it again, got the same message again. The entry in add/remove programs was gone. I could not get CFP to reinstall because it kept saying it’s already installed when it wasn’t. Eventually I opened up regedit and did F3 for entries containing Comodo (CFP is the only Comodo software I use so I considered this safe) and deleted them all. Had to add permissions for myself to delete a couple of keys before CFP finally would reinstall.


Using CFP_Setup_English_2.4.18.184.exe.

Something similar happened to my friend.Comodo simply was crushed,I don’t know how,maybe there is a bug. Although after reinstall,everything went smooth and never happened again,but the question is why did it happen?
I’ll leave that question to experts,since I can’t really know what happened.

Something strange is happening… When I logged on this morning Comodo was still there but all components were switched off (and could not be restarted) and there was a message saying I had to re-install.
I did and it seems to be fine, but what is going on?

This has happened exactly to my friend,and I forgot to say that it happened to me one week ago,I could post the problem,but I didn’t care too much,since I reinstalled it quite fast and everything was ok.
After I saw there are others who share the same problem,I decided to post it.
I don’t know if there is a bug in it or not,but like I said I’ll leave that to experts.

after posting this I did a thorough check and scan of my system and found a virus sitting in Firefox’s temp internet files. I think I’ll stick with Opera more from now on…

AVG describes the virus as JS/downloader.agent. I can send it to the Comodo guys to check it out if you like.

It wouldn’t surprise me that malware writers out there would be keen on targeting award-winning free security software. You’d want to make it easier to make easy money from hacking users PCs.

First of all,Comodo has self-protection,which means it can’t be shutdown by malware.The only possible thing that could happen to you is that your Comodo firewall was already infected when you installed.
When your firewall is infected,there is absolutely nothing what could prevent malware modifing and deleting Comodo’s files.
It’s most likely that malware has been installed at the exact time when comodo was installed,or you’ve been already infected while you were installing comodo(first time).
So,basically there is no way hackers or malware itself has been able to bypass Comodo’s self-protection.
If you don’t believe me.
Try the termination tests on

This is not a firefox “security hole”. The exact same thing can happen to opera. The temp file directory is needed and just about anything any browser encounters on the internet can/will be placed there. This is more along the lines of a problem with your AV’s real time protection. It should have caught this as it was being imprinted to your hard drive.

If your using AVG as your AV, as it seems. Than either, your settings are incorrect. In that, you don’t have “Write” protection enabled. Or its resident guard is not functioning correctly(Not surprised as that is AVG…). As obviously, AVG has the signature for it. Therefore, it should have caught it in real time if it was set up correct and functioning correctly.

So, don’t replace firefox for a placing a virus in your temp directory when all browsers do it, including opera.

If my CFP was infected at the time it was installed, why would it work perfectly for nearly a year and then suddenly destroy it?

I doubt the installer was infected. I downloaded it directly from the Comodo site and installed it straight away.

Point taken about browsers and AVG. I don’t know why AVG didn’t catch it when it tried to write to ff’s temp files dir. It did catch it when I cleared ff’s temp files dir though - 4 instances of it. I didn’t have to scan with AVG to catch it. A further scan with AVG turned up nothing else.

So does anyone at Comodo want to check out this virus I got?

Umm, strange…

Sounds like a system restore point made before Comodo was installed was activated.

It would create the same type of “situation” you have listed.

Well I don’t know about Firefox but when I go to a shady site with javascript enabled All that happens is I get prompted for the download and then download the file and send it in (AV lab) for analysis because I know that it must be the latest Zlob or something like that. Threat level is low for these, just dont execute it obviously. Anything just in the Browser cache can be deleted (preferably with something like crapcleaner). JS/downloader.agent just has the potential to download additional (worse) threats. Potential that I havent seen materialize with Opera, lol. Of course you need layered protection anyway.

In my country we found some virus spread now. It can delete file of anti virus (At least nod32 and Avast) and block reinstalling. We scan the file we know that it make our computer infect at Jotti web and found that most of anti virus report that it is"Trojan downloader FT" but its behavior is not. When we scan the infected pc with Kaspersky(online) we found nothing.

May be you face the same virus that we found. It was detected with the old virus name before it was install to your pc but when it infect to your pc you cannot detect it.

I think the virus sit in you Firefox cache is not the problem. If you use the anti virus that have no http scan. If you use Bitdefender, Nod32, Kaspersky all of them have http scan and can block the virus before it write your cache file.

If you use anti virus with no http scan it is safe to empty your browser cache when you return from the dangerous zone. Please use only Opera or Firefox that your browser still safe.

I don’t know if IceSword constitutes as taking on the properties of malware, since you have to allow IceSword to have kernal access (CFP will alert you when you try to run IceSword), but IceSword can in fact kill the processes cmdagent.exe and cfp.exe. And, nothing that I know of can kill IceSword process.

IceSword can kill every process out there, but like I said, you have to allow it to have kernal access, which in the case of malware means everything – don’t allow it to run and you don’t have a problem.

In fact, I ran IceSword on my laptop and managed to kill Systems.exe process, which of course meant imminent system restart dialog popping up alerting me that the system would be shutting down in 60 seconds.

I decided to speed that up and killed System (NT OS Kernal) which immediately crashed my entire system. Very, very powerful.