Author Topic: cmdagent.exe virus found  (Read 13552 times)

0 Members and 1 Guest are viewing this topic.

DonZ63

  • Guest
cmdagent.exe virus found
« on: May 14, 2011, 08:45:30 PM »
I ran a full Avast 6.0 yesterday. It runs one a week. It found Win32:FakeVimes-B in running process cmdagent.exe. Of course, I am running Comodo; firewall and Defense+ in safe mode. Problem appears identical to what was posted in this thread last year: http://forum.avast.com/index.php?topic=65056.0.

Now I have run full scans prior to the one yesterday and it never complained about cmdagent.exe. Has something changed in the recent virus definition updates?

MAG

  • Guest
Re: cmdagent.exe virus found
« Reply #1 on: May 14, 2011, 08:51:36 PM »
comodo fw updated this week on my machine.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: cmdagent.exe virus found
« Reply #2 on: May 14, 2011, 08:57:24 PM »
- Detections in Memory - My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can't be scanned. Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

So are you also running Comodo AV alongside avast or it appears comodo still downloads the virus signatures (if you haven't installed the AV module) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DonZ63

  • Guest
Re: cmdagent.exe virus found
« Reply #3 on: May 14, 2011, 09:13:54 PM »
No Comodo AV. Just firewall and Defense+.

I am running Avast 6 virus scan at highest detection levels.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: cmdagent.exe virus found
« Reply #4 on: May 14, 2011, 09:23:53 PM »
No Comodo AV. Just firewall and Defense+.

I am running Avast 6 virus scan at highest detection levels.

Uncheck memory scanning...!
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Nesivos

  • Guest
Re: cmdagent.exe virus found
« Reply #5 on: May 14, 2011, 09:28:33 PM »
No Comodo AV. Just firewall and Defense+.

I am running Avast 6 virus scan at highest detection levels.

Uncheck memory scanning...!


Also, I would suggest creating a Custom Memory Scan that scans only Memory and schedule it to run once a day either during or just after your normal peak internet hours.  It will run quickly and keep you appraised of what Avast finds in memory, some of which may not be legitimate.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: cmdagent.exe virus found
« Reply #6 on: May 14, 2011, 09:31:55 PM »
Also, I would suggest creating a Custom Memory Scan that scans only Memory and schedule it to run once a day either during or just after your normal peak internet hours.  It will run quickly and keep you appraised of what Avast finds in memory, some of which may not be legitimate.

Disagree.
Not needed at all.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Nesivos

  • Guest
Re: cmdagent.exe virus found
« Reply #7 on: May 14, 2011, 09:36:45 PM »
Also, I would suggest creating a Custom Memory Scan that scans only Memory and schedule it to run once a day either during or just after your normal peak internet hours.  It will run quickly and keep you appraised of what Avast finds in memory, some of which may not be legitimate.

Disagree.
Not needed at all.


If not needed why is it offered as a possible Custom scan?

To say it is not needed means that you have covered the entire universe of Malware technologies present and into the future.  I doubt that you have done that.

It doesn't hurt to run it and one never knows.   Better to be safe :) rather than sorry. :(


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: cmdagent.exe virus found
« Reply #8 on: May 14, 2011, 09:41:12 PM »
It doesn't hurt to run it and one never knows.   Better to be safe :) rather than sorry. :(

If you see/find it in memory, it's already too late. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: cmdagent.exe virus found
« Reply #9 on: May 14, 2011, 10:23:40 PM »
As has been mentioned by Vlk I believe the memory scan is a throwback to the dark old days of AVs and as has been said the option is to prevent it getting into memory as essentially it is to late.

The main problem here is seeing something that cause the end user concern as they think their system is infected. When in this case it isn't.

If you do set it then it does require a reasonable knowledge of avast and the users system if something is detected in memory. Of all of the occasions when these detections in memory have been reported in the forums it has been as a result of other security software loading signatures into memory and doing an in depth memory scan.

For the majority it scares the pants of them as they can't select any actions and or the Apply button is inactive. So I wouldn't say it doesn't hurt as we have no idea how the user might react to the alert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: cmdagent.exe virus found
« Reply #10 on: May 14, 2011, 11:42:51 PM »
No Comodo AV. Just firewall and Defense+.

I am running Avast 6 virus scan at highest detection levels.

So can you confirm that you ran a custom scan (bumping up the sensitivity in the pre-defined scans shouldn't have this effect)?
Did you also include scanning memory in that custom scan (if you did don't be surprised when you find any) ?
« Last Edit: May 14, 2011, 11:44:34 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

DonZ63

  • Guest
Re: cmdagent.exe virus found
« Reply #11 on: May 15, 2011, 02:00:11 AM »
OK. This is starting to make some sense.

Avast's 6 quick scan doesn't include the memory scan. Neither does the default full system scan. Both of these I have run previously with no Comodo issues.

I didn't like the default system scan since it was scanning all three of my HDDs. One contains XP and the other just backup image files. I am running Avast 6 on my WIN 7 x64 OS. So I created my own custom system scan. It scans for rootkits, system drive, and memory. I think this was the first time it ran.

So is the solution here just to exclude cmdagent.exe from being scanned in my custom scan that does memory scanning? So far this appears to be the only conflict I have encountered with Comodo files or processes.

What is interesting though is cmdagent.exe did not block avast from scanning it like it does everything else. That tells me Avast has some very heavy methods to scan for memory threats. Impressive!
« Last Edit: May 15, 2011, 02:04:25 AM by DonZ63 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: cmdagent.exe virus found
« Reply #12 on: May 15, 2011, 02:07:18 AM »
No excluding cmdagent.exe won't make a blind bit of difference as it isn't cmdagent.exe that is being detected as infected. It is the unencrypted signatures cmdagent.exe loads into memory and you are asking avast to scan that memory.

So you aren't excluding its actions, just stopping avast scan that file.

By all means create a custom scan but don't scan the memory or choose one of the lessor levels of memory scan, in the Memory section of the options, see image.
« Last Edit: May 15, 2011, 02:14:02 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: cmdagent.exe virus found
« Reply #13 on: May 15, 2011, 02:55:43 AM »
There are open threads in Comodo forums about avast detections.
I've got some in memory today also and it comes from KillSwitch and the signatures also.

Other, the file detection, is an avast false positive reported elsewhere.
The best things in life are free.

MAG

  • Guest
Re: cmdagent.exe virus found
« Reply #14 on: May 15, 2011, 11:12:48 AM »
I'm a bit confused.

My normal full system scan includes modules loaded in memory. (see snip)

Can't recall ever having modified it (in fact I wouldn't know how to modify a predefined scan)