The Product we all need and you now should want . . .

Melih,

I have been a faithful user and depending on Comodo for several years, even have used the AntiVirus software you so graciously have provided. I have TRUSTED Comodo more so than any other software out there and still do, except with the latest version 3.10.102363.531 that seems to have become infected with “Win32.Small.MLD” [Trjn] and blocked my installation of Avast 4.8 after being told to remove same (Avast) for testing purposes. When I attempted to reinstall I received a BLOCKED installation by User Account Control that would not allow any means of installation.

NTxLS edit: To clarify the above paragraph; That infection could have been on my system and just waiting for the right moment to strike. The downloaded file evidently was not infected.

After learning how to use the Command Prompt As Administrator was able to get Avast!4 reinstalled and ran a system scan prior to Windows starting. Only one problem was discovered by Avast!4 on that pre-system start:
“CIS_Setup_3.10.102363.531_XP_Vista_x32.xeX is infected by Win32:Small-MLD [Trj], Repair: Error 42060 {The file was not repaired.}”

NTxLS edit:The above entry in quotation marks (“”) is a copy/paste from the .txt file created by Avast pre-Windows scan and is how it was displayed to me. The extension was changed by me to “.xex” to protect that file from being used by any unauthorized authority.

I trusted Comodo so much I ignored this and thought it was just a FALSE Positive, WRONG, a friend I was speaking with on a Teley told me I should remove that file and COMODO Internet Security because one of the features entered into by one of the versions of “Win32.Small.xxxx” is to download files from the web without my knowledge. Note: that was in the latest version of CIS install program. All scans by AVAST!4 has produced no more problems with that little trojan, both prior to Windows install and after it is fully up and running.

All of this up to now has been to give you a little background. Now, Comodo, create a program that will keep your programs you provide FREE of any ANY infections from this point forward. And maybe connecting with Alwill AVAST! to see if they can provide you as well as your FATHFUL members and Customers a little protection and Peace of mind.

NTxLS edit:The above was colored that way to bring it to the attention of Comodo while still thinking there had been a Trojan in their setup file which was later proven to me by their Excellent and very GOOD staff that have worked with me to prove that was all WRONG.

This has been plaguing me for some time and excuse me for this brain dump and not too encouraging message, I felt it should be STRONG.

I WANT CIS back and more secure, I do like the FIREWALL and DEFENSE+ because it provides EXCELLENT WARNINGS about activity as well as means to prevent unwanted intrusions. It has given me protection that NO OTHER has ever come close to providing. Now I am very nervous about doing anything on the web because of MY FIREWALL is not there. Windows FireWall, I am told by my friend, is very strong and he trusts it completely, I asked him if it provided any means of blocking any UNWANTED intrusions, he said NO!! I also ask him if MS Windows Firewall gives any WARNINGS about intrusion attempts and if they are blocked, his reply is NO!!!

What is the best thingy I could do to be better assured of CIS being FREE of any ANY contamination in the future?

NTxLS edit:The above question is answered by KEEPING MY FAITH in COMODO and working more intelligently in the future. Do NOT Delete suspect files until there is BETTER proof.

Thank you for reading my RANT and I await your return with better protection, also NOTE my sig is MINUS CIS,

NTxLS edit:Different color to show you that my sig has been updated and now contains CIS v3.10.102363.531 as before.
Thank YOU, Thank YOU, Thank YOU, Thank YOU, Thank YOU, Comodo for this effort,

hi NTxLS

Lets find out what exactly happened.
You had a CIS setup file that was infected?

I asked Umesh to investigate this.
thanks
Melih

Hi NTxLS,

From your post it seems your system got infected when CIS was installed. Following are questions:

1. Was Defense+ turned on?
2. Did you get any alert from any component of CIS?
3. When you say your system got infected

   “When I attempted to reinstall I received a BLOCKED installation by User Account Control that would not allow any means of installation.”

   
   Was this only behavior you observed which made you feel that system was infected? Any other symptomps you came across?
4. Do you still have that CIS setup which Avast says is infected? If yes, can you please right click on set up and see Digital Signature from Properties dialog. If you do see digital signature and certificate is valid, it means you have got an FP from Avast and your system is all OK.

Thanks
-umesh

-umesh,
Hope to give some answers for you as numbered:

1. No, Defense+ was not turned on because Comodo, er CIS, was not installed and was being done as a fresh install.
2. Also a NO, there never was any alert from any component.
3. That “Quote” was NOT for CIS install, but; was for the install of Avast!4 using their SetupEng.exe that was a fresh download from their website, if you would like the link, just ask. Yes, that was the only behavior observed. It is still there because I cannot double click on the SysTray Icon for Avast to be able to run a scan. I do have a method to get around that, do a Cmd Prompt window as Admin and run the Scan file from there and it works just fine.
4. Sorry to tell you that I do not still have that CIS setup file, without thinking that it would be critical to determining what actually was the problem. I do not feel it was a FP from Avast as any time I click on any executable from Avast this UAC pops up and that is the only program that has this problem.

May I ask you a question, how might I remove that UAC warning when it is not doing any thing except keeping me from using Avast as it should?

Thank you for the questions, I also apologize for the non-answer answers given,

4. Sorry to tell you that I do not still have that CIS setup file, without thinking that it would be critical to determining what actually was the problem. I do not feel it was a FP from Avast as any time I click on any executable from Avast this UAC pops up and that is the only program that has this problem.

If you have just deleted the file as opposed to erasing it with some third party utility, you may be able to recover it. Download something like Recuva - Undelete, Unerase, File Recovery - Home and deep scan…

Hi NTxLS,
To summarize, you had an issue with UAC and then somehow you were able to install Avast and during scan you found CIS setup infected.
Now if file was really infected, it may be due to some virus in your system but i am not able to understand context of this post if that’s the case!

If you have virus in system, every executable can be infected.
If you had CIS installed and still malware was active, there was something for us to look at.

Please help me if i am missing something here.

Thanks
-umesh

I have to say, this is a bit confusing. Avast was detecting the CIS install file as a virus? Could you try downloading a new CIS setup file?

Anyway, to make it easier to understand, could you make a “timeline”?

Like:

[u]Currently Installed Security Programs[/u]: Avast!

1. Downloads CIS Setup File.
2. Setup File detected by Avast as “Blah…”.
3. Installed CIS anyway.
   etc…

That may make it easier for some of us to help you with your problem.

Quill and All,

Please excuse me for this delayed reply. Have been doing further searches for more information for you and have not been able to find any thing of significance. I have just downloaded Recuva and will install it and see if I can recover that setup file I had on CIS. Plus plan on entering into a discussion with Avast ASAP to see if they will be of any assistance in this problem I am having. Seeing as their software started this entire problem for me in the first place. I will answer all posts as soon as I possibly can with any info that I can find. Just please be a little patient with me as I am not an Xpert in anything just a user that is very curious and want to assist as much as possible and learn all that I can.

Thank you for all of these suggestions and your HELP in this matter,

Hi NTxLS,
We are equally curious to resolve this case

Please let us know if we can help.

Thanks
-umesh

-umesh,

NO, I have had other problems I was attempting to track down and one of the options was to remove CIS and use only the Windows firewall to do some troubleshooting to see if this was part of my problem. That problem is still there and is on the ‘back burner’ or on HOLD until this issue has been resolved. I had already removed Avast v4.8 and then CIS was removed.

The UAC popup came after the removal of CIS v3.10.xxxx.531 that was installed about three weeks ago or a little longer. The UAC problem started just after reinstall of CIS v3.10.102363.531 and I downloaded a fresh copy of Avast setup program and attempted to execute that install. That is when the POPUP of UAC came into the picture and prevented that install. After about five days of trying to get around that I did a Google on one of the Blocked TCP/IPs that were in Comodo’s Blocked list from the internet. Will get back to this as soon as I am able to find more data.

You could temporarily turn off UAC and then install Avast…would that work? (Anyway, I think UAC is useless. 88))

Quill,

I downloaded the Recuva from Piriform without any luck in finding that deleted file. Now I plan on redownloading the CIS latest version and go OFFLine and install Comodo again, to see what happens now.

LaserWraith,

I have Avast installed and have run several scans with it today, it was reinstalled yesterday evening. I learned that other users have had similar problems with Avast and the solution was to reboot to SafeMode CmdLine and install from there and it worked. Only problem now is if I click on the SysTray Icon to open it and run a scan that troublesome UAC telling me my Admin had set policy to block this program. I am my own Admin . . not very good at that job from what has occurred. Microsoft and many other forums that I hold membership tell me NOT to turn off the UAC. Under the present situation I would rather not turn it off.

Excuse me again, LW, I had missed your “. . this is a bit confusing. Avast was detecting the CIS install file as a virus?” Avast did not detect CIS installer as a virus, it detected the “Win32.Small-MLD [Trjn]” within that file. If you like I still have that report on my system where the ‘aswboot.exe’ found that.

I am still looking for more data for you and will get back as soon as possible, I too want this to be resoved as I do not like working on here without CIS to assist in my protection. My confidence in Comodo is not gone, just a little disturbed for now.

Thank you to one and all that have read and posted to this. You have not idea how much I appreciate the time and effort you have shown. Just frustrated that I DUMMIED and deleted that file instead of saving it in a safe place.

L8R,

Ok.

BTW, I like this article on UAC.

Actually when I get my CIS setup again and working the way I want, that just may happen, also after this problem on my system is solved as well. I trust CIS more so than MicroBarf.

I have run the Avast preWindows start on the setup file for CIS twice and that takes about 3.5-4 hours each time. Also have run it after the CIS install and all seem to be clean and not finding any other problems, except for that troublesome UAC popup each time I attempt to run any of AVAST from within Windows. Even the Icon in SysTray gives that same popup. Need to do my Cmd/Prompt as Admin to get around it.

My original problem I was and still having is CIS Icon for the SysTray never shows until I run CIS as Admin from any Icon I can setup. Without that Icon in the SysTray there are NO warnings about any activity. When I close down for the evening an Icon will appear in the SysTray, I have finally learned is ‘Windows Defender’/Tools/Software Explorer’ that is responsible for it appearing. But I cannot get it to allow CIS to place the Icon where it should be. It shows Comodo Internet Security as “Not yet classified” and Comodo is not listed as a currently running program even after I click on an Icon to get it in the SysTray.

What do I need to do to get around or force MicroBarf to allow CIS to run?

Thank you for reading this RANT,

Let’s see if this works:

Start > type “run” in search box > type “msconfig” then click Ok > Startup tab.

http://neqa1w.bay.livefilestore.com/y1pNN-lpZaE7Rg285Lm6kTF98eZDCfTDNsAvpVTXvKz7ornxDWKjAbKRGJgWKHPT7SlrF1yzgiyyGmVMOxD6B1eBv5xmOaPOlBC/startup.png

Sort by “Date Disabled” like in my screenshot so that the enabled startup items are first. Then take a screenshot of it and post it here.

LaserWraith,

Nothing shown in the ‘Date Disabled’ column.

[attachment deleted by admin]

On what grounds your friend put forward such claims whereas you thought it was a false positive?

Indeed Win32.Small.xxxx detection was previously reported and confirmed as an Avast False positive.

Disregarding his security advices I guess he might still be a reliable friend though I got the definite impression he also caused unwarranted concerns to you.

Endymion,

He is my computer ‘Geed-a-Zoid’ and very reliable even over the Teley. We all make some errors on occasion and that one will not be held against him. He was remembering all of the other problems I have been having and went with what I did, from his suggestion. He was also doing some searches on his connection to the web and found several different variants to that one, “Win98:Small-MLD” as it was originally recorded by Avast. Some were not too bad thru not very good, or maybe a little dangerous. As for my ‘GaZ’ friend, that will never be in question, any unwarranted concerns I have had are MY OWN. No-one is to blame for me except Me!! I take full responsibility.

I did a search on Comodo’s Forum for that ‘Win32:Small-MLD’ and it came back with No Results. So I posted to see if anyone had any ideas and to alert Comodo that this had occurred, not to stir up any flames or RANTS over this. Excuse me if that is what has occurred and for being so stupid to delete that install file from Comodo. I am not an Xpert, Geek-a-Zoid, Programmer; I am just a very simple user and very curious and security conscious. Working with Vista is daunting to me because of the extra secutiry that is active and as Admin on my own system not allowed into areas that I am accustomed to monitoring. I look forward to WinSeven whenever it will be released and I hope Microsoft will give some of us a PRICE break so we can move on to a better and stronger O/S. The reports I am hearing on “7” is very favorable and look forward to ‘moving on’ and maybe I will be a bit smarter after this issue is resolved.

I will not go into what prompted my jumping off and starting this dead end road, I have posted else where to this problem and this one should be ended here as far as I am concerned. I have CIS v3.10.102363.531 installed and is working as it should, when the SysTray Icon is showing, and I feel more comfortable with it protecting my system. My use of CIS has never been in question nor ever will be. Several people have recommended I use the Windows Firewall, my response is NO!! definitely NOT Windows Firewall, only CIS.

That is my opinion and all that I can provide as NON-HELP to you, I do apologize for the ERRORs I have made, what else may I do?

Thank you to ALL that have jumped in with information and suggestions, they have all been done, except for one and UAC seems to be the only one that helped pull me through this with my system pretty much still intact except for the one Window from UAC that still pops up when executing any .exe file from Avast.

Sorry NTxLS I was lead to believe by the above quote that you initially regarded that detection as a false positive and you were induced to think otherwise after speaking with your friend.

Guess if the search you carried provided a link to that Avast Win32.Small.xxxx False positive topic you could have been reassured that there was no contamination.

Hopefully now you will consider to update your first post to prevent any other member to possibly misunderstand what happened and that the suspect of contamination turned out to be a False positive.

I made entries in COLOR to bring attention to my Nick in YELLOW and the edits in RED and in closing using GREEN. I hope that HELPS.