So i was online, and my wifi disconnected. I reconnected the wifi, and then clicked to open firefox, but it wouldnt open, then i clicked to open comodo, and it wouldnt open. task manager wouldnt open either, and the mouse froze. I then restarted the computer, and it said ‘‘updating your system’’.
I just now looked at comodo, and a bunch of things were blocked all at the time before i restarted the computer. here is a screenshot.
I’m curious if your Avast, Synaptics, and Malwarebytes programs are set to auto scan or auto update? Also, are those specific exe’s shown in the d± alert trusted applications in the file ratings section?
i thought synaptics was just the mouse, how would it update? I dont understand your second question? I dont have malwarebytes set to auto update, but avast autoupdates i think…it often updates virus definitions by itself. i actually uninstalled avast last night and installed CIS…but does it look like i was attacked? it was weird, my internet went off, then i signed back on, and my computer froze, task manager didnt work, and then i restarted my computer, and it said updating windows, and then everything worked fine, but that screenshot showed blocked intrusions.
See if there is any executable in the list of Unrecognized Files, see how here
Try run Rating scan
What is the security level that you defined in HIPS (Paranoid Mode, Safe Mode, Clean PC Mode)?
Are you sure explorer.exe didn’t get sandboxed somehow?
The Hps was set to safe mode.
In the unrecognized file tab, i only had one item but it was from a month back, so isn’t the cause of this. It’s weird synaptics is always blocked too. it will randomly get blocked either one time or multiple times. IDk what happened though, I was on the internet for an hour or so, and then it got disconnected, i connected again, and then everything froze, and task manager didn’t work, and these intrusions showed up i then had to restart the computer, and it said ‘‘updating windows’’ although i dont see any history of an update. Do you think a hacker installed a virus outside of windows? is reformating my only option here?
See if any of these suggestions can help you:
You can run the diagnostic tool:
Click the help
icon > Support > Diagnostics (Helps to identify any problems with your installation)
Can also be a problem related to an update, you can try to check:
Troubleshoot problems with installing updates - Microsoft
How To Fix Problems Caused by Windows Updates
You can try using a tool such as Advanced SystemCare or CCleaner to identify registry errors and / or also optimize performance.
PS: pay attention at installation time and look customize the installation to not install any bar or have some change in your browser.
and see also:
How to Know If Your Computer Is Infected
are you suggesting what i described sounds like an infection? i did a scan with malwarebytes that found nothing. Regarding the update links, I wasnt worried there was a problem with an upload, i was more so concerned that maybe since the computer froze, and i restarted the computer AND THEN when i rebooted it said updating windows, that it was actually a hacker updating malware onto my operating system?
Based on what you mentioned I suggest you to try these options.
Sometimes for some reason an update was not properly completed and is corrupted.
And the suggestion to use the diagnostic option in CIS is to identify any noticeable problem in your installation.
to make sure that your machine is not infected, try checking with some of the tools mentioned in article.
Using multiple tools help identify potential zero-day threats.
alright thanks. killswitch shows zero untrusted processes. When i ran comodo cleaning essentials, it didnt ask me to update the database. i remember it used to do that. how do i know if it’s working properly. one other weird thing is i turned it on, and left my computer, and i came back in 20 minutes and it was not running lol. i did a full scan, but it wasn’t running.
i follow your advice in normal mode not safe right?
comodo found a threat. here is a screen shot.
When you use the option through the CIS, the CCE uses the current database.
See the Help> About.
For example on a machine that I do not have the CIS and downloaded the version of site:
Once started it checks for updates.
If I want to check manually I use the “Check for updates” option in the Tools menu.
I believe that you can use in normal mode, you also have the option of running a rescue disk to detect threats without using the current system.
For specific difficulties in CCE open a new topic here.
since we replied at the same time, im bumping this
cce just found this on my computer =(
Have you downloaded some utility from Kaspersky?
Seems to have the same name, recently had a false positive.
If in doubt you can remove or even put the file in quarantine in CIS and send for analysis.
Or also send to VirusTotal.
i downloaded the rootkit utility a month or two ago. I noticed it had the same name too. When cce finishes it should remove it right?
I hope it’s not a root kit.
it says in my downloads that i downloaded tdss killer in april. if i submitted a file to comodo how would i know if im submitting the one that cce detected and not the safe anti root file?
can you explain more when you say false positive? do you mean that a lot of people are seeing false positives with the kaspersky tdss killer? If so that gives me hope.
btw, i had geekbuddy help me remotely, a few days ago, i dont know if that could cause it anyway.
‘‘Kaspersky TDSSKiller will scan your computer for some of the most common types of rootkits. I’ve found it to have relatively few false positives and a very high detection rate. By the way, some scanners, including Comodo Cleaning Essentials, may detect this file as a dangerous file. It is not. This is a safe download link. If it is flagged as dangerous you can safely ignore the detection. As with every program in this article, I recommend that you do not quarantine any files using this program. A false positive on the wrong file could destroy your computer, even if you’re not infected.’’
well this gives me hope chiron.
Some false positives have already been fixed, but at times it be inside a zip file and makes it suspect.
TDSSKiller is digitally signed. Check its signature. If the signature is valid it is the original file from Kaspersky. You can then safely assume CCE is giving a false positive.
It sometimes happens that av scanners see other scanners as potentially malicious. The fact that it is packed sometimes also adds suspicion by a scanner to the equation. It gets flagged with UPX in the malware name. UPX is an open source compression technology that also gets used by malware.
i just got this message after cce finished. does this mean it removed it?
btw, i dont know how to check signatures?