Advice Request Strange Threat found by Comodo

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
 
  • Like
Reactions: oldschool, vtqhtr413 and yitworths
yitworths

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
Nestor said:
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
Click to expand...

On the surface, it seems a benign reg key. btw I'm using cfw in a virtual machine & there the reg is HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres not HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.

It would be better if you specify which comodo product you were/are using besides Comodo Cleaning Essential?
 
  • Like
Reactions: vtqhtr413
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
yitworths said:
On the surface, it seems a benign reg key. btw I'm using cfw in a virtual machine & there the reg is HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres not HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.

It would be better if you specify which comodo product you were/are using besides Comodo Cleaning Essential?
Click to expand...
I am using Comodo Internet Security and it's the first time i found this threat (marked as red in danger), after scanning many times before with Comodo Cleaning Essentials without find anything.
 
Last edited:
  • Like
Reactions: vtqhtr413
yitworths

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
Nestor said:
I am using Comodo Internet Security and it's the first time i found this threat after scanning many times before with Comodo Cleaning Essentials.
Click to expand...

tbh it seems a fp but even if it's a fp, it's quite awkward fp. Provide me some time I'm gonna set up CIS in a VM then I'll run a Comodo Cleaning Essential to check whether same happens to me or not.
 
  • Like
Reactions: oldschool, vtqhtr413 and Nestor
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
yitworths said:
tbh it seems a fp but even if it's a fp, it's quite awkward fp. Provide me some time I'm gonna set up CIS in a VM then I'll run a Comodo Cleaning Essential to check whether same happens to me or not.
Click to expand...
Thanks,i used custom scan and checked everything.
I also scanned with Zemana and NPE and found nothing.
 
Last edited:
  • Like
Reactions: oldschool, vtqhtr413 and yitworths
yitworths

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
CIS created HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres reg key not HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs. There is something annoying about this. I'm assuming that you were using fully updated latest version of CIS. The mismatch is uncanny. Can ya run a hitman pro or any other 2nd opinion av?
 
  • Like
Reactions: oldschool, Nestor and vtqhtr413
yitworths

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
ok then. You may uninstall CIS & if you've already done it then delete the reg key. & if possible then make a clean install of CIS just to check what reg key it makes. obviously if you have time & interest to do so.
 
  • Like
Reactions: oldschool, Nestor and vtqhtr413
Nestor

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
yitworths said:
ok then. You may uninstall CIS & if you've already done it then delete the reg key. & if possible then make a clean install of CIS just to check what reg key it makes. obviously if you have time & interest to do so.
Click to expand...
I also checked with Zemana and NPE and found nothing.Now, i made a full scan with CIS (fully updated), also found nothing.I will delete the key us suggested, hope not to damage CIS and again i wll rescan with Cleaning Essentials.
 
  • Like
Reactions: oldschool
5

509322

Nestor said:
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
Click to expand...

CCE is detecting CIS' own language (langs; localizations) key as something.
 
  • Like
Reactions: Nestor and oldschool
5

509322

yitworths said:
CIS created HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres reg key not HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs. There is something annoying about this. I'm assuming that you were using fully updated latest version of CIS. The mismatch is uncanny. Can ya run a hitman pro or any other 2nd opinion av?
Click to expand...

He could have just copied it from the CCE GUI or report that cuts off the .cmdres and reports it only as "Langs". There is nothing fishy about this. The reporting could be limited by buffer size and therefore not report all characters in the string. Welcome to the world of IT and security softs.
 
  • Like
Reactions: JoseyWales, oldschool and Nestor
yitworths

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
Lockdown said:
He could have just copied it from the CCE GUI or report that cuts off the .cmdres and reports it only as "Langs". There is nothing fishy about this. The reporting could be limited by buffer size and therefore not report all characters in the string. Welcome to the world of IT and security softs.
Click to expand...

cce detected the reg as threat so I considered that it should display the name of it as it is. About your limitting buffer size is somehow related to compound files as far as I understand. reporting of regkey detection is not same as files detection.
 
  • Like
Reactions: Nestor
5

509322

yitworths said:
cce detected the reg as threat so I considered that it should display the name of it as it is. About your limitting buffer size is somehow related to compound files as far as I understand. reporting of regkey detection is not same as files detection.
Click to expand...

Buffer size as it pertains to the GUI has nothing to do with either file or registry key. It has everything to do with COMODO development limiting the number of characters that will display in the GUI.
 
  • Like
Reactions: Nestor
yitworths

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
Lockdown said:
Buffer size as it pertains to the GUI has nothing to do with either file or registry key. It has everything to do with COMODO development limiting the number of characters that will display in the GUI.
Click to expand...

ok it seems I've to elaborate it a bit. In case of compound files, there can be multiple strings of data which are intertwined in various fashion & if somehow one data string got detected as threat then the display of that may be limited to specific name. for example if data01 gets detected as threat which is part of file x then the detection can be displayed as with data01 or /resxxx/ddee/gjy/data01 after the actual file on the basis of buffer limit.

in case of langs.cmdres, it is reg key name & under which there are several other reg key subsist.
 
  • Like
Reactions: Nestor
Status
Not open for further replies.

Similar threads

ErzCrz
    • Like
New Update Comodo Internet Security 2024 v12.3.2.8124 BETA (Feb 2024)
Replies
16
Views
2,685
Comodo
Nikola Milanovic
Nikola Milanovic
Fel Grossi
    • Like
    • +Reputation
  • Sticky
New Update Comodo Internet Security 2024 v12.3.1.8104 beta (Oct 2023)
Replies
16
Views
1,307
Comodo
ErzCrz
ErzCrz
Shadowra
    • Like
    • +Reputation
    • Applause
  • Locked
App Review COMODO Internet Security 2025 Premium
Replies
117
Views
12,447
Video Reviews - Security and Privacy
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top