I’m just posting here because this seems to be the closest forum for my topic.
Emsisoft, the anti-malware I use, detected trojans among CIS files.
Log:
Emsisoft Anti-Malware - Version 5.1
Last update: 4/8/2011 4:07:27 PM
Scan settings:
Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:, D:
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 4/8/2011 4:08:25 PM
C:\Documents and Settings\All Users\Application Data\Comodo\Installer\CFP_Setup.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\Program Files\COMODO\COMODO Internet Security\repair\rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP3\A0000157.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000158.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000159.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000160.msi/rkdenum.dll detected: Trojan.Win32.Stuh!IK
Scanned
Files: 65879
Traces: 703788
Cookies: 3
Processes: 51
Found
Files: 6
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 4/8/2011 5:58:49 PM
Scan time: 1:50:24
C:\Documents and Settings\All Users\Application Data\Comodo\Installer\CFP_Setup.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\Program Files\COMODO\COMODO Internet Security\repair\rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP3\A0000157.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000158.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000159.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
C:\System Volume Information_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP4\A0000160.msi/rkdenum.dll Deleted Trojan.Win32.Stuh!IK
Deleted
Files: 6
Traces: 0
Cookies: 0
I’m a computer newbie/dunce, so…
I downloaded the latest firewall from the site, and scanned my PC after I completed downloading the installer (clean). I didn’t find the first suspect file in the folder it was supposedly in, but I had the trojans deleted anyway and had to restart the PC because the ones hiding under the Comodo files couldn’t be deleted then and there.
Since I only found out about false positives and a forum like this (haven’t been around much), is this a false positive and did I just do something nasty to my firewall in deleting these files? In case the trojans were legitimate, just thought you should know.