Virus Information from latest scan

I done a full scan as my computer is running real slow and 100% CPU, it is still slow and sluggish.

In Quarantine there is now 2 items of the same name.

Item is : application.win32.kranet.k@334424924

When I search in Google I cannot find exactly what this is, my main concern is the,
@334424924

Does this mean something was being sent to a location via some form of email ?

And where can I find information of exactly what this virus/trojan is and where it might have come from ?

Thanks

Can you see what process(es) are using CPU cycles? If you think you’re infected you can start Killswitch and let it Kill all untrusted processes (it can be found under the Killswitch menu item) and see if that calms down the CPU usage.

The scanners opinions are diverse. It could be just an adware or a downloader (think a web installer). Various scanners flag it under Potentially Unwanted Application or generic suspicious or even under generic trojan signature.

In case of doubt scan your computer with the following scanners:
TDSS Killer
Hitman Pro
Malwarebytes Antimalware
Super Antispyware

Can you see what process(es) are using CPU cycles? If you think you're infected you can start Killswitch and let it Kill all untrusted processes (it can be found under the Killswitch menu item) and see if that calms down the CPU usage.

I don’t know, why should I know ? Isn’t this what AV and FW is supposed to do, or does one have to have a degree in computer science to understand the “depth” of what a process means.
I have no idea how to trace from task manager to the source of a running process and what or how it affects my PC.
I am not a expert and can’t afford one.

Super Antispyware

I tried the list, kapersky made no sense and the one thing that really really pisses me off is “free”, “detect” and “pay to have removed” AFTER the download and Install

Can you IT heads please be upfront or don’t recommend me anything at all unless it is specific to my question, I can learn how to fix it, provided the directions are understandable.

or else, have global masses of of infected computers that slow down everyone’s progress including your own.

To open Task Manager by pushing ctrl+shift+esc buttons at the same time. In the Processes tab click on the column header CPU to make it sort by CPU usage. When needed click twice to have highest cpu usage on top. What process is continuously eating a lot of CPU cycles? Can you post a screenshot?

To start KillSwitch click on Tasks in the upper right corner of the CIS main screen. Then open Advanced Tasks. When in Advanced Tasks click on Watch Activity. If you have not yet installed KS CIS will ask for permission to download it. When Killswitch is open go to the menu bar and click on Killswitch. Now choose Kill all untrusted processes.

Super Antispyware

I tried the list, kapersky made no sense and the one thing that really really pisses me off is “free”, “detect” and “pay to have removed” AFTER the download and Install

Are you sure downloaded TDSS Killer? It sounds like you may have download a trial version of their AV or Internet Security suite. Get TDSS Killer from Bleeping computer.

Can you IT heads please be upfront or don't recommend me anything at all unless it is specific to my question, I can learn how to fix it, provided the directions are understandable.

or else, have global masses of of infected computers that slow down everyone’s progress including your own.

High CPU usage can have various causes. :-\ We start with the usual suspects to see if that brings a solution or not. I have further specified the steps I described in the above to aid you.

Can you post a screenshot?
Thanks Yes

The screen shot shows comodo dragon twice, yet at the time it was only opened to this forum page.

Excel is open, but I’m not running any macros, which is the main “work” of this PC, it’s primarily for Excel VBA Dynamic Web Query at VBA level, ( it’s basically a Record Macro then tweaked accordingly). can Run non stop in Do Until Loops.

The other CPU / memory usage seems to be Explorer, Dragon and CIS.
There are others but according to Google searches they seem “safe”.

Last AV update and scan was 10/02/
Last SUPERAntiSpyware Professional ( trail version ) 10/02
No “problems” were found.

Yet, it can still go to 100% cpu usage, then drop to 8% and seems to pulsate around 8 - 17%

Other than that I don’t use the PC for much more due to costs and it’s a pre-pay internet USB Stick

Hope this info helps,
Let me know if more is required

Thanks Again.

Hope the Screenshot is visible, had to convert to thumbnail, it wouldn’t upload first try

[attachment deleted by admin]

Thank you for the screenshot. Unfortunately it is too small. Could you post a bigger image?

adjusted thumbnail to 600 600,

was 200 200, hope this works.

[attachment deleted by admin]

It is Comodo Agent, cmdagent.exe that is causing the problems.

Please make sure that there are no left overs of previously uninstalled security programs around. Not all uninstallers do a proper job. Left over applications, drivers or services can cause all sort of “interesting effects”.

Try using removal tools for those programs to remove them. Here is a list of removal tools for common av programs: ESET Knowledgebase .

Does that make a difference? What version of CIS are you using? Do you have other security programs that run in the background alongside CIS?

There are no other security or AV, it is all COMODO Dragon and COMODO AV

Tried to find where the version is for AV but on the GUI it doesn’t say.

CCleaner is installed, but that’s used manually.

So this, Comodo Agent, cmdagent.exe, is not part of the current AV ?

Can you look at the D+ logs and see if cmdagent.exe gets a lot of memory access from another program? Can you post a screenshot of the D+ logs? it has happened in the past that continuous memory access attempts from another program would upset cmdagent.exe.

Is cmdagent.exe always using this much cpu cycles?

What are and where are the D + logs ?

The logs can be found here.

Ok,
Could not find a txt file, but found a window, to print-screen be too large again, so I’ll type it all out

SECURITY EVENTS ( COLUMN GRAPH on left)
ANTI-VIRUS, 2.8%
DEFENSE + EVENTS, 97.2%
VIRUSCOPE EVENTS, 0.0%

PROTECTION
INFECTIONS PREVENTED, 5
UNKNOWN PROGRAMS DETECTED, 32
SUSPICIOUS ACTIVITIES BLOCKED 63


CLOUD LOOKUP OF UNKNOWN FILES

GOOD FILES DETECTED, 2
BAD FILES DETECTED, 0
SUBMITTED FILES,6

LAST UPDATE, 2/12/2015 11:04:35 AM

PROGRAM VERSION: 8.1.0.4426


Thanks

In the top left corner of the log viewer you’ll see a drop down menu with ‘Home’ in it, switch it to ‘Antivirus Events’. Once there, click the bottom tab to expand it, click entire period. At the top you’ll see some icons, click the one that looks like this

to export the current log as an html file.

COMODO Antivirus Logs

Table

:

Antivirus Events

Date Created

:

2015-02-14 18:04:32

Records count

:

10

Date Location Malware Name Action Status
2014-06-02 18:49:51 C:\Documents and Settings\IAG\Local Settings\Application Data\COMODO\Dragon\User Data\Default\File System\000\t\00\00000000 Application.Win32.InstalleRex.KG@309134933 Detect Success
2014-06-02 18:49:53 C:\Documents and Settings\IAG\Local Settings\Application Data\COMODO\Dragon\User Data\Default\File System\000\t\00\00000000 Application.Win32.InstalleRex.KG@309134933 Quarantine Success
2014-06-13 05:16:22 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP346\A0048500.dll ApplicUnwnt@#vn5dprc9jxhf Detect Success
2014-06-13 05:16:22 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP346\A0048501.exe ApplicUnwnt@#1bq7t9o16810l Detect Success
2014-06-13 06:25:35 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP346\A0048500.dll ApplicUnwnt@#vn5dprc9jxhf Quarantine Success
2014-06-13 06:25:35 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP346\A0048501.exe ApplicUnwnt@#1bq7t9o16810l Quarantine Success
2015-02-04 01:42:16 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP347\A0061939.exe Application.Win32.Kranet.K@334424924 Detect Success
2015-02-04 01:42:16 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP347\A0061934.exe Application.Win32.Kranet.K@334424924 Detect Success
2015-02-04 08:43:21 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP347\A0061934.exe Application.Win32.Kranet.K@334424924 Quarantine Success
2015-02-04 08:43:22 C:\System Volume Information_restore{DB4A690F-4C9C-45F6-B50E-2A5E28B3E91A}\RP347\A0061939.exe Application.Win32.Kranet.K@334424924 Quarantine Success
End of The Report