Hi,
I have Vista Home Premium machine with SP1 and latest updates installed, Comodo 3 latest version, AVG Antivirus, Lavasoft Ad-Aware. After the recent update some strange things started to happen with Defense+.
Now all kind of applications (including Windows one’s such as notepad.exe) try to access DLL’s randomly and direct disk access, here is a log example (it didn’t happen before). This is really annoying, after thinking that it may be a virus, I ran a full scan and tried to track down any file modification. The MD5 signature of those executables wasn’t altered and corresponds to the one of original files provided by Microsoft. It’s set to “Paranoid Mode”.
04/11/2008 22:29:59 C:\Windows\System32\notepad.exe Modify File C:\Windows\System32\shdocvw.dll
04/11/2008 22:30:16 C:\Windows\System32\notepad.exe Modify File C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
04/11/2008 22:31:07 C:\Windows\System32\notepad.exe Direct Disk Access C:
04/11/2008 22:31:09 C:\Windows\System32\notepad.exe Direct Disk Access C:
04/11/2008 22:31:12 C:\Windows\System32\notepad.exe Direct Disk Access C:
04/11/2008 22:31:15 C:\Windows\System32\notepad.exe Modify File C:\Windows\system32\PhotoMetadataHandler.dll
04/11/2008 22:31:18 C:\Windows\System32\notepad.exe Modify File C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
04/11/2008 22:56:28 C:\Windows\System32\FirewallControlPanel.exe Direct Disk Access C:
04/11/2008 22:56:33 C:\Windows\System32\FirewallSettings.exe Modify File C:\Windows\system32\ieframe.dll
When I allow it to “modify file” for testing purposes the file remains same (MD5 signature not changed). What could cause this?