Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Comodo Group
And, this specific program:
Comodo Memory Firewall 2.x

This thread has been marked as locked.
GoneToPlaid IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!
Member 23rd Sep, 2009 06:30
Ranking: 5
Posts: 71
User Since: 1st Apr, 2009
System Score: 100%
Location: Atlanta, US
Last edited on 23rd Sep, 2009 14:37

To Secunia,

Over the past week I downloaded a few recommended video programs, plus a HTTP monitoring program for my web browsers. Today I decided to install them, but only after creating a system restore point before installing these video programs and the HTTP monitoring program.

Here is the list of programs which I installed. One of them is the cause of the issue.:

dvdflick_setup_1.3.0.7.exe
FreeVideoToDVDConverter.exe
OrbitDownloaderSetup.exe
SetupImgBurn_2.5.0.0.exe
httpwatch.exe

I don't know which one caused the problem, but after installing them, Comodo Memory Firewall on reboot repeatedly throws an error message about not finding the entry point in USER32.DLL for some sort of function call. I uninstalled all of the above listed programs, rebooted, and uninstalled Comodo Memory Firewall. I rebooted again. Then I tried reinstalling Comodo Memory Firewall and still got the same message (straight from the installer) about not being able to find the entry point in USER32.DLL for whatever the function call was.

I mounted my read-only backup of my computer's hard disk and compared the checksums for USER32.DLL in the SYSTEM32 directories of both my computer's hard drive and the backup hard disk. The checksums were identical. Thus USER32.DLL was not modified in any way.

My tentative conclusion is that one of the above mentioned programs permanently installs a dll and/or messes with the registry to take out any form of web browser buffer underrun/overrun protection?

Whatever it is, its sneaky. MBAM, Spyware Doctor and NAV don't find anything wrong after full scans. Yet the only way to fix my computer was to do a System Restore to just before I installed the above mentioned programs.

Slamgeden RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!
Member 23rd Sep, 2009 08:56
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
Not to be rude, but what does this have to do with Secunia, or the PSI? If you're having general computer issues, why not ask on general computing forums?

First:
http://catb.org/~esr/faqs/smart-qu estions.html
Read this. It's a great primer for getting good help.

Second:
Find a related forum. Might I suggest http://www.techsupportforum.com/ or something similar?

--
Assorted Fnords.
Was this reply relevant?
+0
-0
GoneToPlaid RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!
Member 23rd Sep, 2009 14:37
Score: 5
Posts: 71
User Since: 1st Apr 2009
System Score: 100%
Location: Atlanta, US
You are right. Obviously the issue must be a malware issue even though PSI reports these programs as patched, suggesting that they are safe.
Was this reply relevant?
+0
-0
Anthony Wells RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!
Expert Contributor 23rd Sep, 2009 18:02
Score: 2369
Posts: 3,279
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 23rd Sep, 2009 18:07
Bear in mind that PSI is only telling you if the version of your programme is patched (or not) from a security vulnerability point of view (ie: open or not to "potential" attack by the bad guys) by reading the installation file it has selected for this purpose .

It does not tell you if the download itself is contaminated with malware , your security system does this .

The procedures are quite distinct .

Comodo has a pretty good support system which would be my first port of call , plus running every malware detector I could get my hands on , ASAP.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
puget1 RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!
Member 24th Sep, 2009 12:08
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Here is a possible link to check your questionable programs against as possible hijack malware.

http://www.bleepingcomputer.com/

--
Windows Home Basic-Service Pack 2
Dell AMD Athlon 64x2 Processor 4000+ 2.10Ghz 2Memory 32 Bit

Firefox 27+ - MS Security Essentials+Spybot-Spyware Blaster-Malwarebytes-Emsisoft Malware- Sandboxie

IE 9-seldom












Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability