cmdagent.exe virus found

I ran a full Avast 6.0 yesterday. It runs one a week. It found Win32:FakeVimes-B in running process cmdagent.exe. Of course, I am running Comodo; firewall and Defense+ in safe mode. Problem appears identical to what was posted in this thread last year: http://forum.avast.com/index.php?topic=65056.0.

Now I have run full scans prior to the one yesterday and it never complained about cmdagent.exe. Has something changed in the recent virus definition updates?

comodo fw updated this week on my machine.

  • Detections in Memory - My guess is that you are doing a Custom scan in which you have elected to scan Memory and that all these detections are in memory or are listings of files that can’t be scanned. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don’t be too surprised if it finds some in memory.

So are you also running Comodo AV alongside avast or it appears comodo still downloads the virus signatures (if you haven’t installed the AV module) ?

No Comodo AV. Just firewall and Defense+.

I am running Avast 6 virus scan at highest detection levels.

Uncheck memory scanning…!

Also, I would suggest creating a Custom Memory Scan that scans only Memory and schedule it to run once a day either during or just after your normal peak internet hours. It will run quickly and keep you appraised of what Avast finds in memory, some of which may not be legitimate.

Disagree.
Not needed at all.

If not needed why is it offered as a possible Custom scan?

To say it is not needed means that you have covered the entire universe of Malware technologies present and into the future. I doubt that you have done that.

It doesn’t hurt to run it and one never knows. Better to be safe :slight_smile: rather than sorry. :frowning:

If you see/find it in memory, it’s already too late. :wink:

As has been mentioned by Vlk I believe the memory scan is a throwback to the dark old days of AVs and as has been said the option is to prevent it getting into memory as essentially it is to late.

The main problem here is seeing something that cause the end user concern as they think their system is infected. When in this case it isn’t.

If you do set it then it does require a reasonable knowledge of avast and the users system if something is detected in memory. Of all of the occasions when these detections in memory have been reported in the forums it has been as a result of other security software loading signatures into memory and doing an in depth memory scan.

For the majority it scares the pants of them as they can’t select any actions and or the Apply button is inactive. So I wouldn’t say it doesn’t hurt as we have no idea how the user might react to the alert.

So can you confirm that you ran a custom scan (bumping up the sensitivity in the pre-defined scans shouldn’t have this effect)?
Did you also include scanning memory in that custom scan (if you did don’t be surprised when you find any) ?

OK. This is starting to make some sense.

Avast’s 6 quick scan doesn’t include the memory scan. Neither does the default full system scan. Both of these I have run previously with no Comodo issues.

I didn’t like the default system scan since it was scanning all three of my HDDs. One contains XP and the other just backup image files. I am running Avast 6 on my WIN 7 x64 OS. So I created my own custom system scan. It scans for rootkits, system drive, and memory. I think this was the first time it ran.

So is the solution here just to exclude cmdagent.exe from being scanned in my custom scan that does memory scanning? So far this appears to be the only conflict I have encountered with Comodo files or processes.

What is interesting though is cmdagent.exe did not block avast from scanning it like it does everything else. That tells me Avast has some very heavy methods to scan for memory threats. Impressive!

No excluding cmdagent.exe won’t make a blind bit of difference as it isn’t cmdagent.exe that is being detected as infected. It is the unencrypted signatures cmdagent.exe loads into memory and you are asking avast to scan that memory.

So you aren’t excluding its actions, just stopping avast scan that file.

By all means create a custom scan but don’t scan the memory or choose one of the lessor levels of memory scan, in the Memory section of the options, see image.

There are open threads in Comodo forums about avast detections.
I’ve got some in memory today also and it comes from KillSwitch and the signatures also.

Other, the file detection, is an avast false positive reported elsewhere.

I’m a bit confused.

My normal full system scan includes modules loaded in memory. (see snip)

Can’t recall ever having modified it (in fact I wouldn’t know how to modify a predefined scan)

Yes, both the pre-defined scan have a less thorough/sensitive scan of memory, but they clearly don’t go to the same degree of sensitivity/thoroughness as when a custom scan is created and the Memory option is chosen. Otherwise both of these scans would be reporting them also,

Thanks for the clarification.

You’re welcome.

Thanks guys! I will change my full scan to one of the auto-startup options.

BTW - great product Avast has here. Keep up the good work!