I seem to have an odd glitch with Comodo Internet Security version 8.2.0.4591.
I recently purchased a new laptop and transfered information and data from my older unit to the new one. Of course before starting any of that I set up a combination of Comodo’s firewall and Malwarebytes antivirus so that my new system was protected, and once that was in place I started transfering stuff.
Everything went well till I reached the point where I began reinstalling applications and games, and which point Comodo would warn me with every install that the temporary files for the install were infected with “Cloudscanner.Trojan.gen@2@1”.
Of course the first time it happened I was quite alarmed and I actually stopped the install so that I could check the files before I went further.
A little while later when I tried with something else, I got the same warning again.
This time I stopped the install, then immediately triggered it again, but now inside Sandboxie, so that I could look and what was happening during the install. Once it was finished I check the files inside the virtual sandbox and found nothing of any concern.
I retried the first application again, and again installed it through Sandboxie, and checked again, with nothing unusual in the results.
I’ve since reinstalled the core of my apps and games, and ever single install produces the same warning, and every time the files are clean.
I have no idea why Comodo repeatedly reports the same infection with every install. I’ve run a Malware scan with Avast and Malwarebytes (which remains installed and working alongside Comodo’s firewall component), and neither of them gave any indication of a virus / malware issue in either my installed software or the install files.
I should have explained myself a bit better Silwncer. I am fairly certain that the problem isn’t because I have a Malware infection, but some kind of fault with Comodo.
The reason why I think this is because I do this kind of thing professionally. I run my own small IT business. One of the tasks that I commonly have to resolve for my clients is to remove Malware of all types from their systems, so I am both familiar with the hazards and I know how to secure my system from them.
Granted, no system is invulnerable, but the manner in which this issue is presenting itself does not make any sense unless the cause is Comodo.
Why would every install file have the same malware? And why only the temporary file created by the install process. If all the files I am using came from another laptop, which was also secured with Comodo firewall and Avast Antivirus why did neither of those ever trigger for the same Malware?
Also, why have neither Malwarebytes nor Avast on the new laptop warned about a trojan? Why is it when I do an install inside Sandboxie and examine the files trapped in the virtual sandbox there is nothing wrong or even unusual about them?
Yes, I ran a full Malware scan with Malwarebytes, and a Rootkit scan. Neither came up with any issues.
Although Sandboxie is a virtual environment it doesn’t stop Malware from being installed, it just contains it in the virtual sandbox, so once the install has been completed I can look in the virtual container and examine all the files created and modified by the install process there, which should include any infected files.
None of the files are damaged, or scan as being infected when I check them. All of them behave exactly as I expect given their expected purpose and use.
Run tool as Administrator, tool will extract itself, and then launch.
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
Program will ask you to restart, allow it to do so.
Note: If you’re experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.
This is not a bug in CIS but rather a problem with the AV signatures. You may be experiencing a FP that detects many different files. You can report the files here to get fixed: