I recommended CIS to a friend, and when he acquired some installed junk (believed to be malware) that now will not Un-install normally (using the Programs & Features of Windows) he asked me what to do and I had to admit I don’t even know what Step 1 is, and this website is appalling obtuse re: this simple question.
So is the first thing to do to run a Quick or Full Scan? Assuming that does not expose the problems, to Create a Rescue Disk and boot the PC from it?
I have tried to follow some of Chiron’s guides but they are astonishingly complex with links & branches everywhere, so need to know first: when a computer that has CIS installed acquires anyway some programs to be installed to it that now won’t un-install, where to start???
If you are trying to clean an infected computer, you are better off going to a site like the MajorGeeks malware removal support forum.
Be sure to follow the instructions here before posting on the forum,
At the bottom of this page there are links for your specific windows version. There is no one tool that will detect and remove all malware issues, so you need several tools and some expert advice to interpret the results and give removal advice. The MajorGeeks site has an excellent group of volunteers and someone there will read through your scan logs and walk you through the repair and removal process.
No matter what security software you use, I always advise the following.
Have your OS and applications in their own partition or on their own drive.
Keep your data files in a different partition or on a different drive.
Do a fresh install of your OS, including the OS, hardware drivers, windows update, and security software.
Take a system image using software like clonezilla.
Keep the image up to date by periodically taking a new image.
Make a daily backup of your data partition.
This will let you have a clean image of your OS and applications that you can restore by overwriting your OS partition from the image. This process takes about 5 minutes and gets you back to a clean system. This is far easier then running all of the scanning and removal tools and still never being sure that you got everything and that your OS wasn’t damaged. It’s much nicer to be able to do this than to have to do a full re-install.
I appreciate the replies, but they still don’t address my VERY BASIC question, which was what to do first if you suspect foul play on your PC despite that CIS has been installed.
All I’ve heard so far is “find something else to bail-out CIS”!?
It seems the answer is “do a Full Scan and let CIS do its thing” but no one here has said that. At least, that is what my questioner did and it seems Comodo did work for him. No doubt his daughter, whose computer it was/is, had overlooked some Alerts (at least that would be my guess).
The main point here is that applications like CIS are at their best in preventing infections. As you noted, there are instances where problems between the keyboard and the chair surpass the ability of security software to protect the system. Once a system is infected, there is no existing single software platform that can identify and remove all possible types of infection. Once you have an infection, you need to move to a more complete process to make sure you can get rid of it. This would be true no matter what security software you are using. Running the CIS scanner and letting it do its thing is perfectly reasonable and may work in many situations, but to be complete, you need to go the additional steps to completely scan and clean your system. Otherwise, you have to way of being sure that you found everything and fixed all of the damage.
In my opinion, you never can be sure you found everything and certainly can never be sure that you fixed damage to the OS, especially if you have repeat infections. This is the reason I advocate the use of system images which are the equivalent of a fresh install.
A reasonable conversation with the user about prevention is also a good idea if you haven’t got to that already.
I think that Comodo CIS is pretty good at preventing infections, especially the Defense+ feature. That is why I have it on my system. That said, there is no such thing as 100% protection unless you are not connected to the internet, which is the case with my most important systems.