OK, so I went to author’s page and downloaded his DarkComet RAT Remover (which is supposed to work with newest version) and it says to disable all our virus/malware/firewall programs before running. I terminated everything else okay, but Avast has the built-in protection to prevent termination via Task Manager. So I tried to disable the Shields Control, but that locked the screen and I couldn’t open the folder to run the remover. Then I went to the user interface and disabled the auto-protection and had same experience. Everything I tried just froze until I rebooted.
Not sure what to do . . . only want to disable the program while I run the remover and then reactivate everything. Otherwise, the experience of Avast’s self-protection is quite impressive!
I would have to ask what this darkcomet rat remover is doing as the only reason that the avast self-defence module would be having a whinge is because it must be trying to modify or remove avast protected files.
The fact that the avast service (avastSvc.exe) is running shouldn’t be a problem as there are no resident scanners running.
I would also question why it needs to disable your AV, e.g. what is it doing that is so suspect that the resident AV might consider it malicious.
Hi minnetonka and DavidR,
Did you also explore this thread where was warned against the use of both this backdoored, firewall circumventing DarkComet Rat and also the uninstaller thereof.
The use of certain encrypted, obfuscated trojaned versions of this software should be avoided, as it may put certain users at risk under certain circumstances. See: http://forum.avast.com/index.php?topic=98038.0
polonus
Polonus, thanks for the link to the other thread. I wasn’t having a great feeling about all this either, and the negative comments about removal and return on reboot–and disabling of Win Security Center Service–but sometimes I can easily work myself into a paranoid frenzy and you just brought me back to Earth!
I ran Process Explorer and looking at explorer.exe, it looks just fine. As an aside, I do use NoScript and now I’ve taken the time to get to know the add-on better and explore each script, I’m totally hooked and much better educated. Thanks for the warning and your expert analysis on the earlier post. Much appreciated.
If you look at that other topic again (reply #3 and #5), it isn’t explorer.exe but IExplorer.exe that you should be looking at in process explorer.