Comodo Firewall Installer Malware ????

Kuttz

Kuttz

Level 13
Thread author
Verified
Top Poster
Well-known
May 9, 2015
625
I just downloaded Comodo Firewall from Comodo site. But strangely both windows 8.1 Pro smartscreen filter and Avast Free 2015 blocked the execution of the Comodo Firewall installer. I ignored windows smartscreen block which said "Unknown Publisher" after that Avast flagged the file as Suspicious and quarantined chromiumsecuresetup.exe inside the Comodo firewall installer. Comodo was known to include PUPs inside there installers. Just like when Comodo installer bundled privdog toolbar which was latter proved as PUP.

Any views regarding this is highly appreciated:)

The detection

UKFIfPL.png

 
Paul Lee

Paul Lee

Level 10
Verified
Well-known
Oct 14, 2014
496
kuttan said:
I just downloaded Comodo Firewall from Comodo site. But strangely both windows 8.1 Pro smartscreen filter and Avast Free 2015 blocked the execution of the Comodo Firewall installer. I ignored windows smartscreen block which said "Unknown Publisher" after that Avast flagged the file as Suspicious and quarantined chromiumsecuresetup.exe inside the Comodo firewall installer. Comodo was known to include PUPs inside there installers. Just like when Comodo installer bundled privdog toolbar which was latter proved as PUP.

Any views regarding this is highly appreciated:)

The detection

UKFIfPL.png
Click to expand...
"Chromiuminstaller" is an installer for Google Chrome. Do you have hardened mode enabled? If so, then it might just be a false positive.
 
  • Like
Reactions: Cats-4_Owners-2 and nissimezra
Kuttz

Kuttz

Level 13
Thread author
Verified
Top Poster
Well-known
May 9, 2015
625
Paul Lee said:
"Chromiuminstaller" is an installer for Google Chrome. Do you have hardened mode enabled? If so, then it might just be a false positive.
Click to expand...

No I not enabled "hardened mode". Only enabled the PUP detections. The file detected here is not Chromiuminstaller but chromiumsecuresetup.exe no idea about that file.
 
  • Like
Reactions: nissimezra
M

Moose

Level 22
Jun 14, 2011
2,271
Salutations,

Shadow Defender does the samething when you first install. But after you clean it is good to go! More than likely a corrupt installer also!
 
  • Like
Reactions: Ink
Y

yigido

It is a corrupted installer, I am sure.
Please check its hash values at Comodo Forum, re-download the installer.
Comodo Internet Security

http://download.comodo.com/cis/download/installs/4015/standalone/cispremium_installer.exe

Size: 217M ( 226607624 )
MD5: 8f1677b8e4b4c4951a9ddc53cf44ad7c
SHA1: 7e3074a885fb5c58e68f49d67d2244535b0baf4a

Comodo Antivirus

http://download.comodo.com/cis/download/installs/4015/standalone/cav_installer.exe

Size: 217M ( 226607624 )
MD5: 9d4a05093731b3a3e180add6acef6c3d
SHA1: 62b65b47991d50773c0766ba003f154b0226096f

Comodo Firewall

http://download.comodo.com/cis/download/installs/4015/standalone/cfw_installer.exe

Size: 217M ( 226607624 )
MD5: 8e186beb97ee37102ceb176559d7afd5
SHA1: 9001d2e2fd9225d3f93816b1f70ce82684fba73e
Becuase the installer is "not 7z archive", so %99 corrupted installer :)
 
owll

owll

New Member
Jul 10, 2015
5
Hello. I actually found this thread and joined this forum so I could post this message. You very well may know a lot more about Comodo than I do, but I was lead here because I was looking for help DELETING IT!!!

It came bundled (along w/Chromium) with a very simple and (I thought) safe file converter. Avast has been pretty reliable for me in the past and I am careful about what I dl...but last night after this install, GeekBuddy and Chromium have appeared on my desktop. I cannot delete It either of them! It is Geekbuddy (a Comodo product) that I am very worried about.

So, I guess I am warning you AND asking if you know something I don't. Avast won't shred and I cannot delete the Comodo folder and contents that snuck up and installed itself on my computer.

I am VERY scared, so I have been searching everywhere to try to get rid of it.

Are you familiar with Comodo (since you are using it)? I do not trust it; have you by any chance heard of Geekbuddy?

Thank you very much...
 
Y

yigido

owll said:
Hello. I actually found this thread and joined this forum so I could post this message. You very well may know a lot more about Comodo than I do, but I was lead here because I was looking for help DELETING IT!!!

It came bundled (along w/Chromium) with a very simple and (I thought) safe file converter. Avast has been pretty reliable for me in the past and I am careful about what I dl...but last night after this install, GeekBuddy and Chromium have appeared on my desktop. I cannot delete It either of them! It is Geekbuddy (a Comodo product) that I am very worried about.

So, I guess I am warning you AND asking if you know something I don't. Avast won't shred and I cannot delete the Comodo folder and contents that snuck up and installed itself on my computer.

I am VERY scared, so I have been searching everywhere to try to get rid of it.

Are you familiar with Comodo (since you are using it)? I do not trust it; have you by any chance heard of Geekbuddy?

Thank you very much...
Click to expand...
If you want to remove Comodo from your PC. Please follow the instructions below.

1- Open your PC in safe mode.
2- Uninstall Comodo Internet Security, Chromodo, GeekBuddy Service and other Comodo products from Control Panel.
3- Then run this tool : http://www80.zippyshare.com/v/PI7uNNgJ/file.html
This tool will delete all registries, folders and files which dropped by Comodo installer.

After restart you will be refined from Comodo. I hope it will help. Remember! Please do these stuffs at "Safe Mode"
 
  • Like
Reactions: Cats-4_Owners-2, Kuttz, frogboy and 1 other person
owll

owll

New Member
Jul 10, 2015
5
Just one question...I am a bit nervous about shutting down; I have read A LOT of things about this particular problem that screws things up after trying to get back from a shutdown (even safe mode). Any thoughts??
 
Y

yigido

owll said:
Just one question...I am a bit nervous about shutting down; I have read A LOT of things about this particular problem that screws things up after trying to get back from a shutdown (even safe mode). Any thoughts??
Click to expand...
I cannot tell about these problems. You just asked "Comodo Removal" and I explained it how to do with safety.

Edit: If you want to use Comodo products in the future. Please follow this instruction to avoid other bundled offers into the installer.
http://malwaretips.com/threads/illu...do-firewall-8-without-bundled-software.41954/

Thanks
 
Kuttz

Kuttz

Level 13
Thread author
Verified
Top Poster
Well-known
May 9, 2015
625
yigido said:
It is a corrupted installer, I am sure.
Please check its hash values at Comodo Forum, re-download the installer.

Becuase the installer is "not 7z archive", so %99 corrupted installer :)
Click to expand...


It happened so after Avast quarantined chromiumsecuresetup.exe file inside the comodo installer. I really download it from Comodo.com so how can be the file be flagged as "Unknown publisher" by the Windows 8.1 Smartscreen filter ?? Ater I ignored that warning avast blocked the file as suscpicious. Two security threats in a row is what that concerned me a bit.
 
kiric96

kiric96

Level 19
Verified
Well-known
Jul 10, 2014
917
kuttan said:
It happened so after Avast quarantined chromiumsecuresetup.exe file inside the comodo installer. I really download it from Comodo.com so how can be the file be flagged as "Unknown publisher" by the Windows 8.1 Smartscreen filter ?? Ater I ignored that warning avast blocked the file as suscpicious. Two security threats in a row is what that concerned me a bit.
Click to expand...

avast may cut a file while downloading this may alter the certificate and therefore alter the signature which is why it may seem unknown to windows... comodo dragon.. is based on chromium as is not adware itself, check the package with malwarebytes, eset or emsisoft, as avast for me is not a reliable AV vendor
 
H

hjlbx

kuttan said:
It happened so after Avast quarantined chromiumsecuresetup.exe file inside the comodo installer. I really download it from Comodo.com so how can be the file be flagged as "Unknown publisher" by the Windows 8.1 Smartscreen filter ?? Ater I ignored that warning avast blocked the file as suscpicious. Two security threats in a row is what that concerned me a bit.
Click to expand...

Upload the installer to Virus Total. If any AVs are detecting it as malicious\PUP then it will be indicated...

Upload the installer download link to Virus Total as well...
 
  • Like
Reactions: Cats-4_Owners-2
Kuttz

Kuttz

Level 13
Thread author
Verified
Top Poster
Well-known
May 9, 2015
625
hjlbx said:
Upload the installer to Virus Total. If any AVs are detecting it as malicious\PUP then it will be indicated...

Upload the installer download link to Virus Total as well...
Click to expand...

To my stupidity I deleted the comodo installer when It was detected as suspicious. Even then I recovered the detected file chromiumsecuresetup.exe from Avast quarantine and uploaded it to VT and none detected there. Seems like a false positive from avast. But even on demand scan done by avast doesn't detect the file as suspicious only detects the file as suspicious during on-execution. I then tried running the file in my VM that has an upto date Panda AV. The file failed to run there saying its corrupted, not detected by Panda though.
 
You must log in or register to reply here.

Similar threads

SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
10,270
Other security for Windows, Mac, Linux
Warencom
W
J
  • Locked
Immunet alerts me of ransomware recognizerCryptolocker.dll as Clam.Win.Ransomware
Replies
2
Views
2,816
Windows Malware Removal Help & Support
nasdaq
nasdaq
abdou17
    • Like
  • Locked
Advice Request comodo Firewall 10 installer
Replies
3
Views
2,661
Comodo
In2an3_PpG
In2an3_PpG

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top