So the question is: should Comodo protect again such spywares, or not? Just google for geebc.dll, and you will find a lot about it. This spyware injected this (and other) dll into explorer, winlogon, firefox, internet explorer and tried to do a lot of strange things. It created exe files also (it was cought by avast).
From comodo side it should at least inform me about the new dlls, but it simply enabled them to do anything (in learn mode)
That’s why you’re supposed to turn “Learn” mode off and change it to “On” after 3 weeks. It’s only there to get used to your files, not for a permanent solution.