malware attack? comodo corrupted? unable to install spybot.

[Shaba]

Looks like there might be permission issue.

Did you include this to fix.reg?

[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

 

[soseberg]

just checking fix.reg in notepad and [-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo] is included...see attached.

 

[Shaba]

Yes so it is then permission issue.

• Go here and download subinacl.msi
• Double click on subinacl.msi to start the installation of Subinacl
• Click Next>
• Select I accept and click Next>
• Click browse
• From the drop down menu select C:\
• Double click on WINDOWS and then system32
• Click OK
• Click Install now
• Click Finish

Save text below in Notepad as remkeys.bat:

@echo off
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDAGENT"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDGUARD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDHLP"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDAGENT"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDGUARD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDHLP"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INSPECT"
"HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDAGENT"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDGUARD"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDHLP"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT"
"HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\CFP"
"HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\ComodoGroup"
"HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\COMODO"
) Do (
subinacl.exe /subkeyreg %%R /setowner=%username% /grant=%username%=F
reg delete %%R /f
)

Doubleclick remkeys.bat, black dos window will flash; it is normal.

Do another search for comodo and post back results, please.

 

[soseberg]

permission issue?

does permission issue mean that i am not allowed to uninstall comodo? have i managed to change my permissions? or is this related to the fact i have forgotten my administrator password?

will start on the next steps right away & pst back the results =)

 

[Shaba]

Well at least you don't seem to have rights to delete those keys by default.

Does your user account have admin rights?

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.

 

[tashi]

Thank you Shaba. reo: