- Jan 7, 2011
- 1,362
Sorry, I had to copy/paste this thread from the old server.
endejan asked:
Hi, I'm having a problem here.
I installed some software that asked me to reboot my computer, after it was booted, I got a lot of pop-ups from Comodo (Defense+, thought I run Comodo Firewall, without the antivirus module) and I allowed all of the requests with the option to submit the files for analysis enabled. After the results came back, one file was detected as malware. I didn't recognize it so I cleaned it, only to find that it was related to the software I installed, and needed for it to uninstall. I considered a system restore, but I wanted to consider other options, so if anyone has an idea on how I can recover the file, I'd appreciate the help.
Thanks :glasses:
It was a COMODO cloud scanner alert?
In the center of your screen?
And what software did you install? You think it was a false positive (the file was not actually malicious)?
Yeah, it was the cloud scanner that told me that, and I'm pretty sure it is a false positive. I installed the Snow Leopard Transformation pack from here
WOT says the site is safe, as you can see. Also, I think the reason Comodo detects it is the fact it changes so many of the settings and tries to modify System32.
Well, I don't have a Win7 virtual Machine to see if there is something malicious inside that archive. I generally do not like transformation packs myself. They change allot of system files and often cause stability issues.
If you are sure it is not malicious you could try re-installing it but this time go to Defense+ -> Defense+ Settings -> Execution Control Settings and disable "Perform cloud based behavior analysis" and "Automatically scan unrecognized files in the cloud" before you install it. You will still get Defense+ Pop-ups...make sure you answer them correctly but you won't get virus warnings.
to be honest I don't know if FP that is "cleaned" can be recovered. I am made some research and it seems to be okey but I will download it and report it as FP and see what I get for answer.
Regards
'Clean' as Comodo calls it, is actually delete. You could try Avira UnErase and see if that gets the file back, but it might not be able to, I have not studied the methods in which Comodo deletes files.
I have sent it to comodo labs and I will let you know if it's malware
Thanks guys, I'll try Avira's software, hopefully it works, because I can't uninstall the transformation pack with ease without it.
endejan asked:
Hi, I'm having a problem here.
I installed some software that asked me to reboot my computer, after it was booted, I got a lot of pop-ups from Comodo (Defense+, thought I run Comodo Firewall, without the antivirus module) and I allowed all of the requests with the option to submit the files for analysis enabled. After the results came back, one file was detected as malware. I didn't recognize it so I cleaned it, only to find that it was related to the software I installed, and needed for it to uninstall. I considered a system restore, but I wanted to consider other options, so if anyone has an idea on how I can recover the file, I'd appreciate the help.
Thanks :glasses:
It was a COMODO cloud scanner alert?
In the center of your screen?
And what software did you install? You think it was a false positive (the file was not actually malicious)?
Yeah, it was the cloud scanner that told me that, and I'm pretty sure it is a false positive. I installed the Snow Leopard Transformation pack from here
WOT says the site is safe, as you can see. Also, I think the reason Comodo detects it is the fact it changes so many of the settings and tries to modify System32.
Well, I don't have a Win7 virtual Machine to see if there is something malicious inside that archive. I generally do not like transformation packs myself. They change allot of system files and often cause stability issues.
If you are sure it is not malicious you could try re-installing it but this time go to Defense+ -> Defense+ Settings -> Execution Control Settings and disable "Perform cloud based behavior analysis" and "Automatically scan unrecognized files in the cloud" before you install it. You will still get Defense+ Pop-ups...make sure you answer them correctly but you won't get virus warnings.
to be honest I don't know if FP that is "cleaned" can be recovered. I am made some research and it seems to be okey but I will download it and report it as FP and see what I get for answer.
Regards
'Clean' as Comodo calls it, is actually delete. You could try Avira UnErase and see if that gets the file back, but it might not be able to, I have not studied the methods in which Comodo deletes files.
I have sent it to comodo labs and I will let you know if it's malware
Thanks guys, I'll try Avira's software, hopefully it works, because I can't uninstall the transformation pack with ease without it.
I will ask in the comodo forums.
