No inclination, uet to follow up..Heads up.

Author	All Replies
Kiwi Premium join:2003-05-26 USA ·Comcast ·Aristotle Internet	No inclination, uet to follow up..Heads up. I had Friday and today off, up very late last night, well past 0200. Normally I have the reg files locked down and most IE options switched off [Don't get loose with the IE, thing, I don't care to read it]. But I was doing some testing on something unrelated to security and "Forgot" to re implement software security...I know, I know, but everyone does something like this at one time or another. Anyway, cruising the planet on Countries and cities, CIA World facts, Wikepedia, a couple of 'Tourist' sites related to Aruba, Palau et al and the West cost of Nicaragua (Don't ask...Lol.) Normally everything is locked down, including the reg files and this may be a false positive, or it could be a drive by. Anyway heads up courtesy of BoClean version 4.22.002. \|}HR MALWARE STOPPED! C:\WINDOWS\SYSTEM32\IEUDINIT.EXE contained the trojan C:\WINDOWS\INF\UNREGMP2.EXE contained the trojan C:\WINDOWS\SYSTEM32\IE4UINIT.EXE contained the trojan C:\WINDOWS\SYSTEM32\SHMGRATE.EXE contained the trojan C:\WINDOWS\SYSTEM32\REGSVR32.EXE contained the trojan C:\WINDOWS\SYSTEM32\RUNDLL32.EXE contained the trojan.
	to forum · permalink · · 2007-08-06 14:14:58 ·
redwolfe_98 join:2001-06-11 ·RoadRunner Cable 2 edits	it looks like a bunch of "false-positives", to me.. i have most of the files, but i don't have a "ieudinit.exe" or a "ie4uinit.exe" file.. i do have a "ieuinit.inf" file.. i don't know why those files were flagged..maybe something hooked into them, somehow.. i just ran "rundll32.exe" on my computer and BOC didn't flag it..
	to forum · permalink · · 2007-08-06 15:04:22 ·
Kiwi Premium join:2003-05-26 USA ·Comcast ·Aristotle Internet	They may be false positives, though experience usually indicates a single false positive is innocuous, but several false positives will normally impact the OS (Didn't). But...You could well be right. It was heads up that this had happened, it might be I'm the only one that noted this and in that case a false positive would be more remote If anyone else updated today, please post if this occurred to you, thanks.
	to forum · permalink · · 2007-08-06 15:18:14 ·
Kiwi Premium join:2003-05-26 USA	reply to Kiwi I deleted too much, but it seems this was not a false positive. some things work, on occassion, in spite of the user.
	to forum · permalink · · 2007-08-06 21:24:56 ·
redwolfe_98 join:2001-06-11 ·RoadRunner Cable 2 edits	reply to Kiwi kiwi, if you allowed BOC to remove all of those files, (assuming you are using win xp) i would run "system file checker" to maybe restore any missing files.. to run "system file checker", go to "start"/"run" and, in the dialog box, there, type "sfc /scannow" and then press "OK" which will run the "system file checker" process.. usually, you will need for the win xp cd to be in the cd-rom drive when running "system file checker", but not always..
	to forum · permalink · · 2007-08-06 22:41:53 ·
redwolfe_98 join:2001-06-11	reply to Kiwi kiwi, maybe it would be good to zip copies of the files that were flagged and submit them to comodo as possible false-positives..
	to forum · permalink · · 2007-08-07 16:55:28 ·
Kiwi Premium join:2003-05-26 USA ·Comcast ·Aristotle Internet	I did a real job of cleaning, because I needed to access other accounts ASAP yesterday, that's what happens when in a hurry. I did do all the cleaner-uppers; including checksums, file compare, date checks, NTF et al. But, nobody came back with 'Hey, that happened to me too" So, I assumed it was real. So, while I'm here I'm still using the old GUI with version 4.22.002 and I thought perhaps Kevin had the repository pointed to the Comodo updates, yes or no? 08/06/2007 12:32:01: \|}HR MALWARE STOPPED! Trojan horse was found in a stub. C:\WINDOWS\SYSTEM32\IEUDINIT.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxx ------------------------------ 08/06/2007 12:32:04: \|}HR MALWARE STOPPED! Trojan horse was found in a stub. C:\WINDOWS\INF\UNREGMP2.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxxx ------------------------------ 08/06/2007 12:32:06: \|}HR MALWARE STOPPED! Trojan horse was found in a stub. C:\WINDOWS\SYSTEM32\IE4UINIT.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxxx ------------------------------ 08/06/2007 12:32:07: \|}HR MALWARE STOPPED! Trojan horse was found in a stub. C:\WINDOWS\SYSTEM32\SHMGRATE.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxxx ------------------------------ 08/06/2007 12:32:08: \|}HR MALWARE STOPPED! Trojan horse was found in a stub. C:\WINDOWS\SYSTEM32\REGSVR32.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxxx ------------------------------ 08/06/2007 12:32:09: \|}HR MALWARE STOPPED! Trojan horse was found in a stub. C:\WINDOWS\SYSTEM32\RUNDLL32.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxxx Interestingly there was no name association and that's the reason I posted "Possible".
	to forum · permalink · · 2007-08-07 18:21:51 ·
norwegian Premium join:2005-02-15 Outback ·WestNet Broadband	reply to Kiwi Had the same results just then too. Told it to ignore these files. Updated yesterday, and nothing found, these were on reboot this morning. Same version of BOClean too I might add. This is not the Comodo version, even though the updaters now must be the same. -- The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
	to forum · permalink · · 2007-08-07 19:05:57 ·
SanJoseNerd Premium join:2002-07-24 San Jose, CA	reply to Kiwi I just received the following: ------------------------------ 08/07/2007 17:02:43: Trojan horse was found in a stub. C:\WINDOWS\SYSTEM32\IEUDINIT.EXE contained the trojan. Active trojan horse WAS shut down. System safe. Logged in user: xxxxxxx Feels like a false positive to me, but just to be safe I let BOClean remove the file (after I copied the file so I can restore it if needed). Running BOClean 4.22.002 (pre-Comodo version).
	to forum · permalink · · 2007-08-07 20:15:41 ·
falcon04 join:2005-03-03	reply to Kiwi I received EXACTLY the same sequence of FP's - my WAP lost it's settings, so I reset - on next boot, 2 boxes ( lap and desktop master box) spouted the same - both have XP SP2. Curiously, my 98se slave box on same LAN did not - perhaps I turned it on AFTER a CBOCLEAN update which corrected the errors ??? I Jotti'd all the files and they came up clean, and have not had a recurrance - but scary nonetheless. BTW, I N E V E R delete files until I check them - the last 3 are pretty important system files. Looks like a trip over to the CBOCLEAN forum is in order
	to forum · permalink · · 2007-08-07 21:10:25 ·
falcon04 join:2005-03-03	reply to Kiwi go here: »forums.comodo.com/index.php?PHPS···ard=83.0
	to forum · permalink · · 2007-08-07 21:14:01 ·
Kiwi Premium join:2003-05-26 USA ·Comcast ·Aristotle Internet	reply to Kiwi Shucks, now you all appear I'm not alone, it's a false +. Anyway, didn't do any OS damage, this is the 2nd false +. I wondered, as no name was attributed to the supposed nasty. I wish file size had been added to the text log. Thanks guys.
	to forum · permalink · · 2007-08-07 22:23:12 ·


Saturday, 05-Dec 07:41:26	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF