Hi
First of all I scanned the computer with Malwarebyte, Avira, Kaspersky, and uninstalled them all as they were themselves “infected”
As you can see in the printscreen, several executables, including geekbuddy and so on, are accessing junk sites like Show-uri Live cu Cam Sex, Chat GRATUIT cu Fete | LiveJasmin and many more others.
I scanned and scanned, no malware infected file was reported. I have no idea what to do
Hi,
What do you mean by “all as they were themselves infected” ? What happened ?
If you think that your computer may be infected, the topic should go there Comodo Forum as this place is for False Positive submission.
I moved the topic.
I would flag the process with Process ID 6016 as suspicious as it have no name and it is listening to livejasmin.
Check the path with KS and write it down. Then let KS terminate and block it. Now look up the autorun entry with Comodo or Sysinternals Autoruns and disable it.
(First of all: I installed comodo after a long time, I love what you did with the interface, really neat. Best of all I’ve tried.)
What I meant is this : I first noticed net slowdowns and disconnecting from an online game I play.
Using windows 8 own Resource monitor, I saw the game launcher accessing livejasmin and several other addresses.
I used Malwarebytes and windows defender: no positives.
Then I installed Spybot search and destroy and I noticed the spybot’s own resident protection executables accesing those sites too.
I did the same with avira and then with Kaspersky Cure 3.0, all trial versions, the antivirus itself ( e.g. avp.exe) was accesing livejasmin too-which was a bad sign.
I uninstalled them, and I wanted a better monitoring solution, so I installed Comodo.
I have no addons in the browser, no weird search engine, nothing in the startup (checked with ccleaner), no file reported as suspect.
Basically anything that access the net :livecomm.exe, explorer.exe, the antivirus executables, any game launcher etc, is accessing these dubious addresses…
May be there is a modification to the hosts file alongside the executable. Open Quick Repair and see if there are changes there. Notice this will also flag if you made changes to the hosts file done by Spybot, other programs or by the user.
Is that process still running? If so let Killswitch kill and block it.
Host file was cleared- no entry. Applied Quick Scan. Then cleaning essentials Clean Endpoint Smart Scan and custom scan c: and the game folder
While scanning:
Let us know the results of the CCE scan.
Does that process with PID 6016 still show up? Do you know what process that is?
Could you let Killswitch “Show only untrusted images in memory”? It can be accessed under view. I am interested in unknown drivers (*.sys files). Disregard *.db, *.clb, *.8.nlx, *.dat, *.ttf and others.
The scan was “clean” no suspicious files.
I’m very sorry I don’t see the PID 6016 in my printscreens.
There is no .sys in the “only untrusted processes”, only .exe files, the ones listed below
The processes who access those addresses are svchost.exe, I/explorer.exe, LiveComm.exe, cce.exe, geekbuddy.exe and of course, my game launcher , which lights up the network activity like a Christmas tree, at least 20 weird addresses (scanned the game 10 times, even downloaded a fresh file via repair so it’s a brand new file).
Whatever it is is making all the executables that can access the net (no matter which ones, even antivirus-all of them) connect to those 1 meter long addresses. For some reason Show-uri Live cu Cam Sex, Chat GRATUIT cu Fete | LiveJasmin does not show up today, they must’ve read the thread 
I really don’t have any idea, as I already told you, none of the antivirus products gave me a suspicious file in the scan results(they are all uninstalled now, only comodo is left as security)
What do TDSS Killer or Hitman Pro bring to the table? Did you also try Malwarebytes Antimalware and Super Antispyware?
TDSS Killer -no threat
Malwarebytes -no threat
Super Antispyware -No threat
Kaspersky Pure -No threat
Avira internet suite (or whatever) -no threat
Hitman Pro early warning (while itself accessing a ton of addresses, including some that may appear to be in my isp neighborhood)):
With regard to the Hitman Pro results. Do you have a SCSI drive in your computer that could account for the kernel mode hook on the atapi.sys driver?
Could you also scan with Gmer and show a screenshot after it scanned?
It’s probably stubborn adware,
Run these 2 programs, (nothing gets installed. its portable and then delete the file when done). This is what I use to get rid of other peoples adware, toolbars, and some startpage redirects
ADWCLEANER <—just to let you know comodo currently flags it, click on “ignore false alert”. I’m already reporting it to get it unflagged
hxxp://download.bleepingcomputer.com/dl/20d3999e81426025a675c423794377b1/52b32131/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe <—that link expired. The link “Nemesis31” posted works perfect
and
JUNK CLEANER <—this will take a while
http://thisisudax.org/downloads/JRT.exe
After these, you may have to manually change the homepage by Internet explorer ----> tools —> internet options —> change the homepage to yahoo, google or whatever. Its pretty much the same thing with firefox
Hello,
link of AdwCleaner doesn’t work.
This link works : http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Thanks Nemesis31,
I edited my own post to make things right :■■■■
P.S. Good Eye