Advice Request Strange Threat found by Comodo

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!
 

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!

On the surface, it seems a benign reg key. btw I'm using cfw in a virtual machine & there the reg is HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres not HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.

It would be better if you specify which comodo product you were/are using besides Comodo Cleaning Essential?
 
  • Like
Reactions: vtqhtr413

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
On the surface, it seems a benign reg key. btw I'm using cfw in a virtual machine & there the reg is HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres not HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.

It would be better if you specify which comodo product you were/are using besides Comodo Cleaning Essential?
I am using Comodo Internet Security and it's the first time i found this threat (marked as red in danger), after scanning many times before with Comodo Cleaning Essentials without find anything.
 
Last edited:
  • Like
Reactions: vtqhtr413

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
I am using Comodo Internet Security and it's the first time i found this threat after scanning many times before with Comodo Cleaning Essentials.

tbh it seems a fp but even if it's a fp, it's quite awkward fp. Provide me some time I'm gonna set up CIS in a VM then I'll run a Comodo Cleaning Essential to check whether same happens to me or not.
 

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
tbh it seems a fp but even if it's a fp, it's quite awkward fp. Provide me some time I'm gonna set up CIS in a VM then I'll run a Comodo Cleaning Essential to check whether same happens to me or not.
Thanks,i used custom scan and checked everything.
I also scanned with Zemana and NPE and found nothing.
 
Last edited:

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
CIS created HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres reg key not HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs. There is something annoying about this. I'm assuming that you were using fully updated latest version of CIS. The mismatch is uncanny. Can ya run a hitman pro or any other 2nd opinion av?
 

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
ok then. You may uninstall CIS & if you've already done it then delete the reg key. & if possible then make a clean install of CIS just to check what reg key it makes. obviously if you have time & interest to do so.
 

Nestor

Level 9
Thread author
Verified
Well-known
Apr 21, 2018
397
ok then. You may uninstall CIS & if you've already done it then delete the reg key. & if possible then make a clean install of CIS just to check what reg key it makes. obviously if you have time & interest to do so.
I also checked with Zemana and NPE and found nothing.Now, i made a full scan with CIS (fully updated), also found nothing.I will delete the key us suggested, hope not to damage CIS and again i wll rescan with Cleaning Essentials.
 
  • Like
Reactions: oldschool
5

509322

I did a manual scan with Comodo Cleaning Essential and found a threat in a hidden key which is:
HKEY_LOCAL _MACHINE\SOFTWARE\COMODO\CIS\Options\Langs
Is that mean that CIS is infected?Should i delete this key?
Thanks!

CCE is detecting CIS' own language (langs; localizations) key as something.
 
5

509322

CIS created HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs.cmdres reg key not HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Options\Langs. There is something annoying about this. I'm assuming that you were using fully updated latest version of CIS. The mismatch is uncanny. Can ya run a hitman pro or any other 2nd opinion av?

He could have just copied it from the CCE GUI or report that cuts off the .cmdres and reports it only as "Langs". There is nothing fishy about this. The reporting could be limited by buffer size and therefore not report all characters in the string. Welcome to the world of IT and security softs.
 

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
He could have just copied it from the CCE GUI or report that cuts off the .cmdres and reports it only as "Langs". There is nothing fishy about this. The reporting could be limited by buffer size and therefore not report all characters in the string. Welcome to the world of IT and security softs.

cce detected the reg as threat so I considered that it should display the name of it as it is. About your limitting buffer size is somehow related to compound files as far as I understand. reporting of regkey detection is not same as files detection.
 
  • Like
Reactions: Nestor
5

509322

cce detected the reg as threat so I considered that it should display the name of it as it is. About your limitting buffer size is somehow related to compound files as far as I understand. reporting of regkey detection is not same as files detection.

Buffer size as it pertains to the GUI has nothing to do with either file or registry key. It has everything to do with COMODO development limiting the number of characters that will display in the GUI.
 
  • Like
Reactions: Nestor

yitworths

Level 10
Verified
Well-known
May 31, 2015
472
Buffer size as it pertains to the GUI has nothing to do with either file or registry key. It has everything to do with COMODO development limiting the number of characters that will display in the GUI.

ok it seems I've to elaborate it a bit. In case of compound files, there can be multiple strings of data which are intertwined in various fashion & if somehow one data string got detected as threat then the display of that may be limited to specific name. for example if data01 gets detected as threat which is part of file x then the detection can be displayed as with data01 or /resxxx/ddee/gjy/data01 after the actual file on the basis of buffer limit.

in case of langs.cmdres, it is reg key name & under which there are several other reg key subsist.
 
  • Like
Reactions: Nestor
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top