malware attack? comodo corrupted? unable to install spybot.

Ie8

yes, i have been thinking i might remove ie8.

looking at my gmer log, you are certain there is no possible malware?

is there anything i should do to check for possible hardware issues?
 
We will look deeper if those don't help.

I don't see any obvious signs of malware in logs you have posted.
 
comodo installation attempt unsuccessful

i downloaded the current comodo.com download file CIS_setup_3.8.65951.477_xp_vista_x32 & attempted to run the file. the installer/extractor claims that there is an older version installed that should be removed & asks if i would like to uninstall. when i choose <yes>, the msg and the installer/extracter interfaces both disappear. when i look at the add/remove programs interface, comodo is not there. i also searched my machine for comodo or cis and no files are found (except the download on my desktop). could there be something remaining in the registry that prompts the comodo installer to think comodo is already installed?
 
comodo uninstaller doesn't work?

hmmm - i think we had a similar issue when you helped me last time and we were trying to uninstall the symantec norton antivirus - you helped me phnysically remove the registry entries that remained...interestingly enought - there is something left on my computer that causes secunia to believe there is still symantec sw on my machine.

i would think that the firewall installer/uninstaller provided by comodo should work and should take care of the registry - unless something is corrupted or some malware hosed something or other...

i will read through the majorgeek forum posts you suggest to see if i might effect different results.
 
spybot installation attempt

downloaded spybotsd162.exe to desktop & went thru the wizard selecting the following settings & then selected <install>; a screen called file download appears stating that 'setup is downloading additional files to your computer'. after a few minutes, i get a msg 'error sending request.', 'the server name or address could not be resolved'

Destination location:
C:\Program Files\Spybot - Search & Destroy

Setup type:
Full installation

Selected components:
Main files
Additional languages
Skins to change appearance
Download updates immediately
Separate Secure Shredder application

Start Menu folder:
Spybot - Search & Destroy

Additional tasks:
Additional icons:
Create desktop icons
Create a Quick Launch icon
Permanent protection:
Use Internet Explorer protection (SDHelper)
Use system settings protection (TeaTimer)
 
Unfortunately uninstallers don't always work that well. Comodo has had problems with that at least in the past.

Have you allowed spybot installer from your firewall?
 
Have you allowed spybot installer from your firewall?

well...
i think the answer to your question is no. i installed spybot prior to installing the comodo firewall, so i never actually told comodo that spybot was ok - at this point, since comodo is 'somewhat uninstalled', i don't know how i would allow spybot to install via comodo.
 
I see.

We could attempt to resolve situation but I think that repair installation of windows is the easiest and most reasonable way here.
 
Well I am afraid that it is not only comodo which is causing this.

If you like, we can attempt to remove comodo remnants.
 
yes, i agree - something is causing problems with comodo, spybot and windows. if you think it would facilitate windows repair by dealing with the comodo issues first, then lets start there - otherwise lets repair windows first.
 
OK, let's start with comodo then.

Download RegSearch by Bobbi Flekman.
  • Create a folder in your C: drive C:\Regsearch, and extract all the files from the zip archive into that folder.
  • Double click regsearch.exe to launch the programme.
  • Copy/Paste the following into the Search Box Comodo
  • Click OK.
Regsearch will now search your Registry for the required strings, when it is finished it will open a Notepad file RegSearch.txt, saved to the Regsearch folder.

Copy/Paste that file into your next post.
 
resgsearch comodo results

done! the files is over half a meg (532K) - sending as a zip attachment

"The text that you have entered is too long (532164 characters). Please shorten it to 64000 characters long."
 
This should take care of most, we will handle rest in the next round.

  • Please use the following link to download ERUNT
  • Use the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERDNT.exe

Open Notepad and copy the contents of the following box to a new file.

Code: 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"COMODO Firewall Pro"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdGuard]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdHlp]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Inspect]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdAgent]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdGuard]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdHlp]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Inspect]

[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdAgent]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdGuard]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdHlp]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inspect]

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\Detected\ActiveTasks]
"C:\\PROGRAM FILES\\COMODO\\Firewall\\cmdagent.exe"=-
"C:\\PROGRAM FILES\\COMODO\\Firewall\\cfp.exe"=-
"C:\\PROGRAM FILES\\COMODO\\Firewall\\cfpupdat.exe"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\Detected\Services]
"C:\\Program Files\\COMODO\\Firewall\\cmdagent.exe"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\Detected\Startup]
"C:\\Program Files\\COMODO\\Firewall\\cfp.exe -h"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\WinPatrol\Run]
"C:\\Program Files\\COMODO\\Firewall\\cfp.exe -h"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\BillP Studios\WinPatrol\Services]
"COMODO Firewall Pro Helper Service"=-

[-HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\CFP\cfp\COMODO Firewall Pro]

[-HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\ComodoGroup]

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=-

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-

[-HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\COMODO]

[HKEY_USERS\S-1-5-21-1163117370-1042333568-1001750587-3129\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\soseberg\\LOCALS~1\\Temp\\WZSE1.TMP\\CIS_Setup_3.8.65951.477_XP_Vista_x32.exe"=-

Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this ->
reg.gif


Go to Desktop, double-click fix.reg and merge the infomation with the registry.

Reboot.

Do another search for comodo and post back results, please.
 
for some reason i didn't get an email letting me know that you had responded oi m just looking at this today (when i decided to check the forum). i am not at my computer right now, so i will look at this tomorrow.
 
comodo cleanup results

finally got to this today =) friday ended up a very very long day...

the new regsearch on comodo is much better - at least manageable this time=)

still too large to copy - 107743 characters - zip file attached
 
You must log in or register to reply here.
Back
Top