Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN!
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: Comodo Group |
And, this specific program: Comodo Memory Firewall 2.x |
| GoneToPlaid | IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN! |
|---|---|
 |
23rd Sep, 2009 06:30 |
|
Ranking: 5 Posts: 71 User Since: 1st Apr, 2009 System Score: 100% Location: Atlanta, US Last edited on 23rd Sep, 2009 14:37 |
To Secunia, Over the past week I downloaded a few recommended video programs, plus a HTTP monitoring program for my web browsers. Today I decided to install them, but only after creating a system restore point before installing these video programs and the HTTP monitoring program. Here is the list of programs which I installed. One of them is the cause of the issue.: dvdflick_setup_1.3.0.7.exe FreeVideoToDVDConverter.exe OrbitDownloaderSetup.exe SetupImgBurn_2.5.0.0.exe httpwatch.exe I don't know which one caused the problem, but after installing them, Comodo Memory Firewall on reboot repeatedly throws an error message about not finding the entry point in USER32.DLL for some sort of function call. I uninstalled all of the above listed programs, rebooted, and uninstalled Comodo Memory Firewall. I rebooted again. Then I tried reinstalling Comodo Memory Firewall and still got the same message (straight from the installer) about not being able to find the entry point in USER32.DLL for whatever the function call was. I mounted my read-only backup of my computer's hard disk and compared the checksums for USER32.DLL in the SYSTEM32 directories of both my computer's hard drive and the backup hard disk. The checksums were identical. Thus USER32.DLL was not modified in any way. My tentative conclusion is that one of the above mentioned programs permanently installs a dll and/or messes with the registry to take out any form of web browser buffer underrun/overrun protection? Whatever it is, its sneaky. MBAM, Spyware Doctor and NAV don't find anything wrong after full scans. Yet the only way to fix my computer was to do a System Restore to just before I installed the above mentioned programs. |
| Slamgeden | RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN! | ||||||||
|
|
23rd Sep, 2009 08:56 | ||||||||
| Score: 0 Posts: 181 User Since: 17th Jul 2009 System Score: N/A Location: N/A |
Not to be rude, but what does this have to do with Secunia, or the PSI? If you're having general computer issues, why not ask on general computing forums? First: http://catb.org/~esr/faqs/smart-qu Read this. It's a great primer for getting good help. Second: Find a related forum. Might I suggest http://www.techsupportforum.com/ or something similar? -- Assorted Fnords. |
||||||||
|
|||||||||
| GoneToPlaid | RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN! | ||||||||
|
|
23rd Sep, 2009 14:37 | ||||||||
| Score: 5 Posts: 71 User Since: 1st Apr 2009 System Score: 100% Location: Atlanta, US |
You are right. Obviously the issue must be a malware issue even though PSI reports these programs as patched, suggesting that they are safe. | ||||||||
|
|||||||||
| Anthony Wells | RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN! | ||||||||
|
23rd Sep, 2009 18:02 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 23rd Sep, 2009 18:07 |
Bear in mind that PSI is only telling you if the version of your programme is patched (or not) from a security vulnerability point of view (ie: open or not to "potential" attack by the bad guys) by reading the installation file it has selected for this purpose . It does not tell you if the download itself is contaminated with malware , your security system does this . The procedures are quite distinct . Comodo has a pretty good support system which would be my first port of call , plus running every malware detector I could get my hands on , ASAP. -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| puget1 | RE: IMPORTANT! SOMEONE TRACK THIS ISSUE DOWN! | ||||||||
|
|
24th Sep, 2009 12:08 | ||||||||
| Score: 0 Posts: 541 User Since: 21st Dec 2007 System Score: N/A Location: US |
Here is a possible link to check your questionable programs against as possible hijack malware. http://www.bleepingcomputer.com/ -- |
||||||||
|
|||||||||
