Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here

                  

 

How to Know If Your Computer Is Infected

 

These days malicious software is becoming an epidemic. It seems like it’s everywhere. Also, sadly, there's been a change in the way malware acts. It used to be that it would slow down your computer, or display annoying popups, but now malware is becoming increasingly discreet. You could be infected right now and not even know it. Also, sadly, it often seems as if the only way to make sure you’re not infected is to scan your computer with numerous anti-malware programs. Doing this can be time consuming and, while scanning, may even slow your computer to a crawl. Even after that you still can’t be sure you're clean. This is because scanners cannot recognize all new malware.

 

Because of these difficulties I have come up with a better method. This uses multiple programs, not to remove files, but just to analyze the computer. Each of these programs is very effective and easy to use. They are all portable applications and will not cause any conflicts on your computer because they are only running when you're using them. However, they do require an active internet connection to function properly. Don't worry, this guide will also help you to fix your internet connection in the event that it is not working. After you have already gone through the below process once, and had all files whitelisted, this approach is much faster, much more certain, and much easier than any other approach I've seen. No active malware can escape this process. However, inactive pieces of malware may not be flagged by this approach but may be found by other scanners. Rest assured that these are not direct threats to the safety of your computer and thus do not constitute a failure of this article.

 

This article is meant for those who believe it's possible, but are not sure, that malware is running on their computer. If you strongly believe that malware is running on your computer I would advise that you immediately reboot the computer into Safe Mode and follow the advice in this section of my article about How to Clean An Infected Computer. The reason I say that is that some malware will immediately start doing things such as encrypting files. Thus, the longer your computer is running in normal mode the greater the damage will be. However, if you only have fleeting suspicious that something may be amiss on your computer I recommend that you follow the below advice to find out for sure.

 

I also want to stress that in order to make sure that your computer is not infected you must follow each step. None is meant to be used independently. Each depends on the others to account for different infection scenarios. Also, if any step shows definite evidence of an infection you should move directly to the section which explains How To Clean Infections From Computer. There is no reason to continue your investigation if your computer is already found to be infected.

Recent Changelog:

5/23/2014-Fixed some links and added link to Best Free Antivirus Software article.

6/9/2014-Replaced http links with https links wherever possible.

 

Index

1. What To Do If Computer Is Unbootable

2. Check for Rootkits

3. Use KillSwitch

    A) Use KillSwitch To Investigate Running Processes

    B) Analyze KillSwitch Results

    C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting

4. Use Comodo Autoruns

    A) Use Comodo Autoruns To Investigate Registry Entries

    B) Analyze Comodo Autoruns Results

    C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting

5. How To Clean Infections From Computer

 

1. What To Do If Computer Is Unbootable

 

Note that if your computer is able to boot into Windows you should skip directly to the next section. However, if your computer is not able to boot into Windows I would first advise that you follow the advice I give in this section of an article I wrote about How to Fix a Malware Infected Computer. It may be able to help make your computer bootable again. Then, once it's fixed, you can begin following the advice in the next section to see if your computer is infected.

 

Note that if the advice in that section of the other article is not able to fix your problems you should not follow part D in that article, but instead follow the advice given in this section of an article I wrote about How to Clean An Infected Computer. It's possible that the reason that your computer cannot boot is because of malware. Thus cleaning it may be the only way to get the computer running again.

 

2. Check for Rootkits

 

It's important to ensure that there are no active rootkits on your computer. To do this first scan your computer with Kaspersky TDSSKiller. It can be downloaded from this page. Note that if the executable version is not working correctly you should instead download the zip file containing the same scanner. At this same time download the zip file for Comodo Cleaning Essentials from this page.  Make sure to select the correct version for your operating system. If you're not sure if your computer is running a 32 or 64 bit operating system then please see this FAQ. Note that if neither will not download correctly, or your internet connection is not working, you should download them on another computer and transfer them to the infected one via a flash drive. Make sure there were no other files on the flash drive. Be careful with the flash drive as the malware may actually infect it when you plug it into the computer. Thus, don't plug it into any other computers after transferring these programs.

 

Kaspersky TDSSKiller will scan your computer for some of the most common types of rootkits. I've found it to have relatively few false positives and a very high detection rate. By the way, some scanners, including Comodo Cleaning Essentials, may detect this file as a dangerous file. It is not. This is a safe download link. If it is flagged as dangerous you can safely ignore the detection. As with every program in this article, I recommend that you do not quarantine any files using this program. A false positive on the wrong file could destroy your computer, even if you’re not infected.

 

To use this it open the file called TDSSKiller. Then select the option to “Start Scan”. This scan should take less than a minute. If it does find anything then it's likely that your computer is infected. However, if you believe the detected files are not dangerous you can investigate them to see if they are false positives. However, if it does appear that the files are dangerous I would suggest that you skip to the last section of this article in order to deal with this infection. However, if it does not find any rootkit activity then you should next check your computer with Comodo Cleaning Essentials.

 
Unzip the folder for CCE. Then double click on the file called CCE. This will open the main program for Comodo Cleaning Essentials. If it refuses to open then hold down the shift key and, while still holding it down, double click on the file called CCE. After CCE has successfully opened you can let go of the shift key. However, do not let go of it until the program has fully loaded. If you let go of it even during the UAC popup it may not be able to forcefully open correctly. Holding down shift should allow it to open, even on heavily infected computers. It does this by killing most of the unnecessary processes that could be interfering with its launch. If it still will not launch then download and run a program called RKill. This can be downloaded from this page. This program will terminate known malicious processes. Thus, after running it CCE should be able to open fine. Do not remove or disable anything with CCE as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.
 

Now select the option to do a smart scan with CCE. It will immediately begin downloading the most recent virus database, which may take a long time to complete. Once it has completed downloading, the scan will begin immediately. This will scan your computer for all types of malware.  The scan should not take too long to complete. As before, I recommend that you do not quarantine any files using this program. One problem with this program is that I do find it to have a few false positives. Thus the best option, in order to be sure of the results from its scan, is to report any files detected as dangerous, which you believe may be safe, to Comodo for analysis.

 

Sadly there is no easy way to navigate to the files detected by the scan. You will have to manually navigate to the path indicated in the scan results in order to get to them. Note that if you do not want to investigate them right now you can select the option to ignore each detection. Then allow finish and restart your computer. Next time you open CCE you can go to "Tools" and choose "Browse logs". The detections you chose to ignore, along with their file paths, should be stored in the most recent log. To report the detected files as false positives you should go to this page. Then select false positive, upload the files in question, fill out the required information, and select submit. Comodo analysts will send you an email with the results of their analysis.

 

This program also scans for system changes which may have been caused by malware. These will also be shown with the results. If you did not make these changes yourself then this could possibly be evidence that there is malware on your computer. I would recommend letting CCE fix these items, but not anything else, and continuing with the rest of the article to see if there is any more evidence of infection. I would not consider unwanted system modifications to be definitive evidence of an infection.

 

After the scan is complete it will ask you to restart your computer. Allow it to restart. Do not open any unnecessary programs as this will make the next step simpler. Once again I will remind you to not quarantine any files with this program. Once it restarts it will pop up with the final results. If it did not find anything, and neither did any of the above methods, then you can continue on to the next step. However, if it did find infections, and Comodo analysts also found them to be malicious, then I would advise that you skip to the last section in order to clean the infections.

 

Also, if your internet connection was not working please check again to see if it is now working. If not then you should go to this section of my guide about How to Fix a Malware Infected Computer and follow the advice given to fix your internet connection. A working internet connection is required for the remaining steps of this guide.

 

3. Use KillSwitch

 

A) Use KillSwitch To Investigate Running Processes

If the above steps did not find any malware activity then you should again open Comodo Cleaning Essentials (CCE). However, this time you should go to "Tools" and select the option to "Open KillSwitch". KillSwitch which will immediately begin analyzing all of your running processes. This analysis should only take a minute or so. Without waiting for the analysis to complete you can go to “View” and select “Hide Safe Processes”. This will hide all processes that are verified to be safe by Comodo. The reason I asked you not to open any other programs in the above step is because malware will nearly always run on system startup, while many legitimate programs will not. Thus there will be fewer processes to examine.

 

Once the analysis is complete all that are left are those programs which are either believed to be dangerous or are not in Comodo's whitelist. The latter type is denoted as FLS.Unknown. Be aware that unknown does not mean dangerous. It only means that the file has not yet been whitelisted by Comodo.

 

B) Analyze KillSwitch Results

If KillSwitch now shows that “There are no items to show”, then your computer passed this part of the tests. You can move on to part 4. However, if there are files remaining in the list then you should investigate them. In order to do this you first need to navigate to the files. To do this right click on the process in question and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well.

 

For files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not.

 

However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.

 
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting

For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you do need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the KillSwitch results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.

 

These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. If you feel that you cannot wait for their analysis then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.

 

That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with KillSwitch there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Processes”. This allows me to ensure that my system has passed this test in less than one minute. Please note that depending on your computer, and your internet connection speed, this time may vary. Once you're done with this part you can close KillSwitch.

 

4. Use Comodo Autoruns

 

A) Use Comodo Autoruns To Investigate Registry Entries

Now, through CCE, which should still be open, again go to the "Tools" menu. This time select the option to "Open Autorun Analyzer". This program will analyze the registry and show you the files associated with each item. Almost all malware will write to the registry. Thus, by scanning for all files associated with registry entries, this program can identify malware and unknown files, even if they aren't running. It may even be useful in identifying rootkits, although that is not its primary purpose. The downside to using this program is that it will potentially give you more files to check than the above methods. However, if you really want to be sure that your computer is clean then this step is also necessary. As before, do not delete/disable anything with this program as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.

 

After Comodo Autoruns opens it will immediately begin compiling the list. This process could take a couple of minutes to complete. Without waiting for the list to finish being compiled you can go to “View” and select “Hide Safe Entries". Note that this option will now be pre-checked every subsequent time you run the program. Once the list is compiled Comodo Autoruns will automatically begin analyzing each entry. Wait until all entries have been analyzed. If this is the first time you have run this program, you should now close it and then open it again. I find that this often allows Comodo time to analyze some of the unknown files so that this time there will be less to check.

 

If Autoruns now shows that “There are no items to show” your computer passed this part of the tests. If it also passed all of the above steps then there is definitely no active malware on your computer.

 

If your computer passed all of the above steps, but you are experiencing problems with your computer, it's possible that the problem that you're experiencing is due to hardware or software issues. I would recommend that you first try searching online for symptoms similar to what your computer is suffering from to see if they match something other than malware. Also, an article I have written about How to Fix a Malware Infected Computer may be of use to you. It was written mainly to fix probelms due to malware, but the advice given should be able to fix many other types of software problems as well.

 

B) Analyze Comodo Autoruns Results

However, if there are still entries left over you should begin analyzing them. However, note that there is currently a minor bug with Comodo Autoruns. This sometimes causes the program to flag files which are actually known safe as FLS.Unknown. Thus, I would advise that if you see many files flagged as unknown, which you believe should be flagged as safe, that you close Comodo Autoruns and then open it again to see if the files are still unknown.

 

Also, note that you can make sure the virus database is fully up to date by always running a Smart Scan with CCE just before checking with Comodo Autoruns. This makes this problem much more rare. However, if you have previuosly run a Smart Scan and let the computer restart, and nothing was found, you do not need to have it restart just to make sure the virus database is fully updated. Just let the scan finish, and then, instead of letting it restart the computer, first close the results window without selecting any actions. Then right click on the CCE icon in the taskbar and choose exit. This will close the process and not allow it to restart your computer. You can then safely re-open CCE and use it to open Comodo Autoruns.

 

To get to the files which these entries are associated with, right click on an entry and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well. Also, with this program you will find that often a single file has numerous entries, which means that often there’s not nearly as much analysis to be done as there would seem to be.

 

Just as was done for KillSwitch, for files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not. Also, if you cannot locate the folder indicated in the results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.

 

However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can also check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.

 

C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting

For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the Autoruns results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.

 

These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. In addition, if you feel that you cannot wait for the analysis of Comodo staff then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.

 

That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with Comodo Autoruns there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Entries”. This allows me to ensure that my system has passed this test in just a few minutes. Please note that depending on your computer, and your internet connection speed, this time may vary.

 

5. How To Clean Infections From Computer

 

If any of these methods does show that your computer is infected you should check out my article about How to Clean An Infected Computer. The advice in this article will allow you to remove almost any infection and get your computer back to working order.

 

 

 

 

If you have any problems, or are confused by my directions, please leave a comment below and I will try to help. Trust me, if you are having a problem then so are many others. I need to know this so that I can improve the article and make it usable for everyone. Also, and this is especially important, if you find a situation in which none of these methods shows evidence of an infection, but the system is definitely infected, please let me know. I have seen no evidence of this happening, but if I do receive proof of a bypass then I will need to rethink my strategy.

In addition, please help by rating this article. If you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

Best Free Antivirus Software

How to Avoid Spam

How to Clean An Infected Computer

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Malware or False Positives to Multiple Antivirus Vendors

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

How to Tell If A Website Is Dangerous

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.58222
Average: 4.6 (225 votes)
Your rating: None

Comments

by czhk on 14. May 2014 - 2:54  (116222)

Hello Chiron,

Thank you for such an easy to follow article on how to get rid of this vicious randsomeware virus we sadly have been infected with. I am NOT computer savvy, and had to download quite a few of your suggested software files and did so with ease.

I do believe after following your steps, that I have cleaned the computer. However, I say believe because our documents are all encrypted. This includes the word and excel as well as most of our pictures.

Does this mean we have lost all our documents and pictures? I'm very angry at myself, but the latest backup I have is from Dec 28, 2013. Is there an option I should be taking in Step #4, What To Do After All Malware Is Confirmed To Be Removed?

The computer is working fine and no threats have been detected. We just cannot open any files and I am hoping they are not all lost due to the attackers.

I would greatly appreciate your thoughts. Thank you.

by Chiron on 14. May 2014 - 3:00  (116223)

Sadly those files are likely lost. The only way I can think that they could be saved would be if a company, such as Kaspersky, happened to have run across that particular variant of malware and created a decryption tool. This would be worth looking into, although I'm not sure how likely it is.

It's probably worth creating a new topic for this in a forum, such as this one:
http://malwaretips.com/Forum-Malware-Removal-Assistance
and asking if they know of one which may work.

Sorry I couldn't be more helpful.

by nakulsaxena on 23. January 2014 - 8:48  (113918)

Hey Chiron,

The articles are very well written and provided me with a lot of help, i am trying to get rid of malware. Thanks for you help.

One question though - while running the CCE or Kill switch you have said to "Without waiting for the analysis to complete you can go to “View” and select “Hide Safe Processes”. This will hide all processes that are verified to be safe by Comodo." but while running both programs the hide safe processes is unclicakble, therefore not being to understand what to do next.

Would help if you could let me know the next steps.

Thanks

by Chiron on 23. January 2014 - 13:38  (113928)

Under KillSwitch there should be the option to "Hide Safe Processes". When you say this is unclickable do you mean that you can see the option, but that it is grayed out? If so, does Comodo Autoruns work correctly for you?

Thank you.

by nakulsaxena on 23. January 2014 - 16:36  (113936)

yes you are correct it is grayed out.Comodo Autoruns works correctly.

do let me know what else needs to be done.

thanks

by Chiron on 23. January 2014 - 18:01  (113941)

This is strange. I haven't heard of this sort of problem before. You could just try re-downloading the CCE zip file and seeing if it works with that one.

If it's still having the same problem please start a new topic in the forum and send me a link to it through my contact link. This is a problem which is much better solved in the forum than in the comments.

Thanks.

by hvmbc_90 on 22. January 2014 - 2:38  (113856)

In "How to Know if Your Computer is Infected", section 4B, paragraph 1, you say that in order to reduce the occurrence of the bug in Autoruns where safe files are marked unknown, it is important to update the virus database by running a smart scan. Does this mean that every time I open CCE, I need to run a smart scan? Also, how would I skip past the screen where it asks me to fix system changes, which would then require a restart, and thus make the whole process useless? Do you see my point? How frequently does the virus database need to be updated?

by Chiron on 22. January 2014 - 5:17  (113862)

I'm actually not sure how often the virus database needs to be updated in order to avoid that marking of some trusted files as unknown. I just noticed that if I did not do that I often got more unknown files than if I first made sure the database was updated.

Also, in terms of the restart, if you wish you don't have to restart. After the scan you can choose to not immediately restart. Instead, right-click on the CCE icon and close it. This will also stop it from prompting you to restart the computer. It's just a little trick.

Let me know if you have any other questions.

Thank you.

by hvmbc_90 on 22. January 2014 - 2:34  (113855)

It says that after running the CCE scan, to accept the restart prompt, and then after the restart that CCE should pop up again with the final results. I have been running all of these scans in safe mode w/ networking because I feared causing further damage (before I found your article, TrendMicro HouseCall found a Trojan, and I wasn't sure if it was gone or not). I'm assuming that going into safe mode is the reason that CCE does not pop back up after the restart. I assume this means that it does not finish the scan either. Can you explain what to do in this situation?
----Also, I read in the comments that most of these are best run when the computer is in Normal mode. Yet, earlier on in one of your articles you mentioned that if you suspect that your computer has malware, you should immediately boot into safe mode. Again, can you clarify what should be priority in this situation?

by Chiron on 22. January 2014 - 5:15  (113861)

Running it in Safe Mode may very well be the reason it does not pop back up after the restart. The purpose of restarting is to scan for rootkit behavior. Therefore, as it scanned in Safe Mode perhaps this is no longer necessary.

As for my conflicting comments about advising you to always check in Normal mode, and then saying that if you strongly suspect the computer is infected you immediately boot into Safe Mode, is because some malware can cause more damage the longer it is allowed to run on your computer. For example, I didn't want people infected with a crypter to slowly follow through my steps even though they strongly believed their files were being encrypted. In those cases it is best to boot into Safe Mode and run whatever scans can be run from there.

I apologize for the confusion. Please let me know if you have any further questions.

Thank you.

by thundersnake on 26. September 2013 - 4:42  (111019)

Hello there,
I downloaded Comodo like it was asked in the steps, unzipped it & then opened the file called "CCE".
As soon as it starts to download the updates, the windows suddenly freezes and the computer crashes then restarts, already checked it twice.

I don't know what to do in this case, please help.

by Chiron on 26. September 2013 - 10:10  (111026)

That is very strange. Do you have any other security software installed on your computer? If so which is installed?

Also, did TDSSKiller find any issues? If not then please download and perform a scan with HitmanPro and let me know if it finds anything.

Thanks.

by kep on 4. September 2013 - 21:24  (110525)

TDSSKiller found a threat called sptd. I googled it and found out it is a driver of daemon tools which i have installed. So if TDSSKiller finds something it doesn't mean my computer is automatically infected?

by Chiron on 5. September 2013 - 0:29  (110528)

If the driver itself is not dangerous, then this is a false positive of TDSSKiller. This will happen for all detection based programs every now and again.

I have updated the article to mention the possibility of false positives like this. Thank you for your feedback.

by kep on 4. September 2013 - 20:49  (110523)

Should I boot into safe mode before following your directions?

by Chiron on 4. September 2013 - 20:51  (110524)

These instructions are best followed after the computer boots up normally.

Thanks.

by carolbell4 on 25. April 2013 - 19:15  (107338)

Thanks for your reply. I was getting ready to post again because I figured something out. You can select "ignore" from the scan results by clicking on "clean." If you do that the results will still show up in the log (linked under tools). I'm about to send those results to Comodo.

BTW most of my initial results were false positives, so you're right about that. I'd already run the quick scan and it came out clean. I was still concerned because I'd run a "complimentary scan" of another product that showed registry errors. That's why I ran the custom scan in both normal mode and safe mode. (I realize now it took so long because I didn't unselect the hard drives.)

by Chiron on 25. April 2013 - 21:20  (107341)

Thank you very much for letting me know about that. I was not aware that they would be stored in the logs. I've once again updated the article. If you find that there's anything else which you believe could be improved please feel free to let me know.

Thank you very much.

by carolbell4 on 24. April 2013 - 7:09  (107304)

I think these instructions need to be updated. When I didn't push "apply" after the Comodo scan was done, the results disappeared. They didn't appear again at the restart and they don't appear in the logs. I'm frustrated because it took hours to finish the custom scan I did and now I'll have to do it all over again. I remember where some of the files are, but not all of them. If I'd known they were just disappear, I could have written them down before closing the program.

I'm also wondering if it's as dangerous to quarantine files as to delete them. I had run an earlier scan before reading this article and did push "apply." That quarantined the files but didn't delete them. Is this a new feature of the program, or were you referring to quarantining files in your article?

by Chiron on 25. April 2013 - 16:27  (107333)

Thanks for pointing this out. If you've run into trouble I'm sure many others have as well. I've updated the article to make it more apparent that the scan results are not stored in a log and should thus be investigated while the results are still shown in the CCE window.

Also, I'm sorry about the trouble you had making the custom scan. However, my article recommends running a smart scan, which with everything else recommended should be sufficient.

In terms of quarantining files as compared to deleting them, you are correct. This was a mistake on my part as CCE does try to quarantine the files. This is better than deleting them as if you find out later that it was a mistake and the files are actually not dangerous you can restore them from quarantine. That way no harm has been done.

Thank you very much for your questions. They were very helpful. Please let me know if you have any other questions or comments about the article.

Thanks.

by dora021 on 25. December 2012 - 8:29  (103963)

I will agree with chiron

by rr on 23. December 2012 - 6:13  (103881)

Thanks for this article, it clearly explains what to do. I am concerned by the results however. I had no glaring issues on my computer, I just wanted to make sure that it was clean. I followed all the steps and everything can out clean until I got to the Autorun analyzer.Even though I ran it twice after I did the cleaner I got 1347 hits(without the safe entries). Only(!)31 are listed and of those only two are red. Am I supposed to check all of those on the Comodo site? could I have so much malware without noticing problems on my PC?
Thanks!

by rr on 23. December 2012 - 6:17  (103882)

Okay so I tried to upload my files to Comodo, there were only about 15. Most were normal and I will report them as false positives. A few were unknown and I sent the to be analyzed. A few files however don't seem to exist! I can't find them on my searches or according to their path - what does that mean?

by Chiron on 23. December 2012 - 16:54  (103895)

Can you please make a new topic in the forum and send me a link to it through the contact form?

It is very difficult to assist you with this through the comments. It is really better suited to the forum.

Thanks.

by freestuffrocks on 2. December 2012 - 10:11  (103200)

Great article as usual Chiron. Is it worthwhile doing a full scan with CCE, or is it unnecessary if all your other steps are followed?

by Chiron on 2. December 2012 - 18:10  (103218)

Thank you.

If you wish you can do a full scan with CCE. That would certainly be even more powerful in terms of rootkit detection.

That said, the reason I do not include that in this article is that so far nobody has informed me that their computer was infected, but that my article did not detect it. Thus, I believe that a full scan with CCE would be unnecessary. However, if you are seeing signs you believe could be indicative of infection it's not a bad idea to do a full scan.

Please let me know if I have fully answered your question.

Thanks.

by freestuffrocks on 2. December 2012 - 19:02  (103221)

Thanks for the reply. As far as I know I'm not infected, apart from CCE flagging my mvps hosts file as a threat, which I'm sure it isn't, so I won't bother with the full scan.

by Chiron on 2. December 2012 - 19:08  (103223)

That's good to hear.

Please feel free to let me know if you have any other questions.

Thanks.

by Jacoe (not verified) on 27. November 2012 - 2:02  (102958)

It might be helpful if At the end of your article "How to Know If Your Computer Is Infected"you had a short outline of the steps to take. A person could study the information, print out the outline then do the steps while checking them off.
I like your approach to the problem very much and perhaps I am asking too much but it seemed like a good idea.
Jack

by Chiron on 27. November 2012 - 12:47  (102970)

I'm not sure that is a good idea.

It may certainly be helpful for many people, but my concern is that if I were to add something like that some people may instead just try to use that shorter checklist (likely because they would prefer to not read through the entire article). Of course, the danger to that is that if my instructions are not followed correctly people could misinterpret the results or perhaps even harm their computers.

Thus, I believe it is best to leave the article the way it is. For your purposes perhaps the best thing to do would be to print out the entire article and then check off the section titles after you finish following all advice in the section.

Hopefully my reply has been helpful. However, if you still have any questions please feel free to ask.

Thanks.