But the fact is that Comodo reports a program or windows function wanting to install a hook (dwmapi.DL , not dll!) in systm32.
When I say no, nothing happens.
But when I said yes the first time, it installed it, but effectively it was the dll, signed by microsoft, so I taken to think it is a bug in Comodo, or in Vista (if Comodo takes the name of ther hook from Vista). An error.
I downloaded several programs for spyware, vurus, and malware, and found just one thing. But dwmapi.dl keep appearing...
My computer
Dell Dimension 1100
Microsoft Windows XP Home SP3
512 MB of Ram
Nvidia Geforce FX 5200 256MB
Intel Celeron CPU 2.53GHz
Dell E196FP
HDD WDC WD800BB-75JCO 80GB C:
HDD Samsung SV2042H 20GB F:
TSSTcorp CDRWDVD TS-H492C D:
LITE-ON DVDRW LDW-851S E:
Linksys Wireless-G WUSB54GS With SpeedBooster
Logitech Cordless Desktop EX 90
Logitech Cordless Click Plus Rechargeable Optical Mouse
Mozilla Firefox 3.0
Internet Explorer 8 Beta 1
My Security Software
Avanquest SystemSuite 8 Professional
Windows Defender
I am pretty sure that this same thing came up for me...I remember an alert that had the word 'hook' in it. I'm pretty sure I allowed and nothing sinister has appeared yet. (Knocking on the wooden table). This alert business with Comodo is getting out of hand, in my opinion. It seems to alert on every change or modification, even if the application has been OK'd previously. It happens so frequently that a person is just
likely to OK anything that comes along after awhile...and there goes the the usefullness and value of the alerts. Again just my opinion. It might a good product but I am not sure if I will keep it or not.
And I feel the same about Comodo. You are totally right, as I am ending with saying yes to all! THis is the opposite of what the program should do... It becomes unsecure.
Anyway.
About those links on Comodo forum, ehm... actually I am the Sir Joe (in english is read as Sergio in italian). My name is Sergio...
The first place where I looked was that forum, as it was a Comodo message. I saw that there were two threads, in these same days, so I thought "new virus!" and I was quite worried.
I was in the middle of formatting and reformatting all, and living in a place far from town, with a preistoric radio telephone and internet dial up impressively slow, I was in town and I had two hours to get answers and download programs, so I posted in quite 10 different sites in english, spanish and italian.
No one knows anything about that.
I also was banned from hijackthis.de, in a very unkind and not reasonable way, by my point of view, just because of having posted in other forums! Ridiculous, the first thing they did was to look for solutions in other sites, and they pretend that I should have not done the same???
And closing the thread in that way, accusing me to be a fake!
They must be totally crazy.
I am very angry, sorry, I am descharging...
Well, let's say that I do it for solved, but I do not mark it as solved yet. I want to see if something new appear. I asked to thes guys in Comod to do a scan with certain program that I used, as I have found two riskwares and a possible rootkit (a hidden file, which was not visible not even with all the option to see hidden and system files. Is it possible? Anyway, I searched for it in internet, I found nothing, and so I deleted it...)
Actually, posting on multiple forums can do more harm than good. I saw your post here late last night, however when I searched and discovered that it was the same person who had posted elsewhere, I figured I'd let someone else on another site solve your problem. Other helpers may have thought the same thing. As a result, identical issues posted by the same person on many forums do not get solved at all.
Well, said in this way, it is reasonable, and quite kind. I do not agree, I mean, I would not act as you would act and acted. But I understand what you say and I just take it as a fact which I can't nor want to change.
But as they did, saying I was a fake behind different niks, with the conscious intention to create false scandal over the net, and banning me closing the thread "because of UNCOUNTABLE" crossposting all over the universe... I may have post in 9 web sites, one in spanish, two in italian, so only 6 in english.
DOes not justify such an aggressive and offensive reaction.
Also I said it already, and they could have clearly read it in Comodo, that I live in a place without internet, I had few few time to get answers, as I also was in the process of reformatting all.
I understand rules, also the not written ones, but there is something called common sense, and in this case, they had it not.
Even like that, I understand your point.
Can you understand mine?
Anyway, nobody helped me, I mean, in Pchelp, here, and in Comodo, I got will of help, but I still have not find out really nothing.
Considering that actually only Comodo users manifest the problem, and only by few days (possibly it is the last release), it may be an error of the program, or the fact that it is too invasive, or maybe very good (if it is a new bad issue...).
The fact is that it remain a hook. It does not apparentlyinstall anything. Maybe it is a Keylogger (in thes days I am learning words, but I do not actually know what it is a keylogger, and how to find and eliminate it).. No dwmapi.dl is installed. Only the good dwmapi.dll by Microsoft...
I can't speak for Vista users, but CFP 3.x has worked very well for me for months using XP, with very few alerts after the initial learning period.
Part of the secret is to remember to switch the Proactive Defense into Installation Mode (at the bottom of the Summary page) prior to downloading, updating or installing anything. After doing so, remember to "Switch to Previous Mode", or you will get a prompt to do so after a while. Yes, this is a bit of a nuisance, but it will eliminate a multitude of alerts.
I agree with your opinion that too-frequent alerts might lead to one automatically allowing everything, and thereby defeating the firewall's protection. It is for this reason I don't recommend CFP 3.x to novices. It does demand a lot of the user.
Posting the same question on multiple forums causes problems not because people are being mean or overly aggressive. There are just so many people asking for help that it's almost impossible to keep up. In fact, most of the forums are swamped. Having more than one helper working with the same person on the same problem can often result in dozens of people not getting any help at all. That might sound like an exaggeration, but people such as Bugbatter are often trying to help a dozen people at each forum they work at. Enough about that.:)
All of those alerts from Defense+ let you know that a it is, in fact doing its job. Problem being, it's impossible to know what each and every process, .dll, etc., is and why it's requesting to do whatever its requesting. I most certainly don't and neither does anyone else I know. What I've begun recommending (along with a lot of other helpers), is the just run the firewall and disable Defense+ completely. Defense+ is just too confusing or too much of a pain for just about everyone. Keep all of your protection programs updated and you simply don't need Defense+. :D -- SCB
What you say, Billy, is even more clear. It gives me an even better panorama of the "helping job" of people in forums. And I receive the "enough about that", but I must specify that I was not attacking Bugbatter, at all, he was kind and nothing aggressive. When I said "I would not act as you acted" I meant just that I would have not decided to not help someone just because MAYBE someone else in other places would have helped him. I would have seen not only that he had posted otherwhere, but also that he had not yet received any help, and I would have helped him, and let other people decide if to add something to my help or to go helping someone else... Anyway I was not emiting a value judgement. And now with your new infos I see that he trusted that I would have received quick help from someone else, as he knew (I didn't) that these other places were full of real experts and that (for the nature of my problem) helping me was not a matter of just telling me "yes, it is a known thing, it is safe/unsafe", but that it would have requested time.
Before now I've never asked help or searched infos about viruses or spywares or malwares because I never had (or knew I had) problems, so I actually had no idea of anything. I had an idea that people helping others as volunteers were very busy, and believe me, when I posted in these different sites I thought that it was a matter of telling me "yes, safe" or "no, unsafe", I thought that people would have already known something about this specific message and that would have not employed their time with me, or I would have not involved many people. I sware!:smileyhappy:
Anyway, when I talked of aggression I was not talking of someone here, but of people at hijackthis.de...
Tell me if it does not sound unkind, unfounded, aggressive and a bit paranoid telling me: "Your system does not have malware, and you need to quit making up fake user names and then posting like it is a plague of malware. I am not sure why you are choosing to do this, and it is taking people away from helping others who have real needs." as a Team Member did, and "Due to massive crossposting in uncountable boards and groups all around the internet closed." as a Moderator said closing the thread... (the underlineed is mine). Before these two last posts all was correct and clear, even if a bit cold and rigid. But with these posts they did the step longer than their leg... Too much. Too much...
Ok, now I feel that I explained enough. :smileytongue:
Well, I am experiencing problems with Roxio, I can`t anymore have the MyDVD installed, no matter what I do, and I think it may be something in Defense+, some pending file (I just discover about pending files. I've never put anything there, it did it alone. What are pending files, an alert list, or files that it is blocking by itself and which can't run properly?). I am not sure, maybe it is something I did. Or maybe this Roxio, which seems too invasive (it also instal a separate update manager of installshield which cannot be uninstalled anymore, and there are processes by Microvision FLEXnet Connect which also are a bit invasive).
But I will no more use Defense+ till I will have the ideas clearer.
About the dl, it is still a mistery, which does not mean it is a malware, just it is not clear if it is or not. But I guess not.
And, as I see that you people are trusted and expert, I will possibly (try to) do of Dell Forum the only point of reference, so in one place I have all kind of answers. For example, I lately visited techsupportforum.com and I was impressed by their promises of help and by their precision in sticky posts, so I followed their suggestions (the 5 steps), I downloaded these programs (VundoFix, Look2Me-Destroyer, Deckard System Scanner, and SmithfraudFix), and when I run Look2Me, it says to wait a minute and let me there 10 minutes and I had to restart pc, Deckard asked me things and before I was able to answer it went forward for its own, and Avira found "detection pattern of the dropper DR/Tool.Reboot.F.105" in SmithfraudFix... I do not doubt that they are more than serious and that Avira is exagerating or misunderstanding, but, you surely understand that I feel confused. What do you think? May I run these programs? I mean, they are proposing them, so, if I would use them, I would do it with their supervision. But, for what you know, are these safe and useful programs?
What can you suggest me to use?
I have some programs, the most of them I have found in the sticky post at the top of this forum. Avira free, Comodo, Spybot search and destroy, Malwarebytes, A-Squared free, and Hijackthis which I find complicated to understand and not comfortable as it force me to ask to others and post logs... One, two times ok, but no something I can do every week! In this case I feel like abusing of others time...
Do I miss any program?
Well, bye! And thanks for your patience and kindness.
Yes indeed, the response that you pointed out (thanks for the link) was pretty extreme. And in your case, could have been handled much better. There is a big difference between people who are scared and confused and those who are just trying to be a pest. It's not always easy to tell which is which.
Now let me see if I can explain about the "pending files" in Defense+. Comodo keeps a database of known good and bad files. When you receive an alert from Defense+, this database is used to let you know whether a file is safe or not (this database is updated regularly). The "pending files" list contains files that are not in the Comodo database. When you access the list you are given the opportunity to check all of the files in that list against the master list at Comodo. You are also given the opportunity to upload any unknown files to Comodo for analysis. This is just one of the ways that Comodo updates their database. I think you're starting to get the idea why a lot of us just recommend that Defense+ be disabled. Incidentally, I think that the missing "l" in dwmapi.dl is a typo. Comodo found it to be safe and I expect that the person who typed it in to the database simply missed the final "l".
Now, onto the programs you were asking about. I can't help much with the Roxio program since I have never used it. You can, however, go right over to the "Other Software" board right here at Dell to find answers. Off the top of my head, I would suspect that Defense+ did indeed have something to do with it malfunctioning. Once you have disabled it, try uninstalling, then reinstalling the Roxio product.
As a general rule, commercially available tools/scanners such as Spybot Search & Destroy, Malwarebytes Anti-Malware, etc., are safe to use unsupervised. Tools such as VundoFix, SmitfraudFix and the various assorted Look2Me (L2M) as well as some of the infection specific tools should NEVER be used without direct supervision from an expert. These tools are very powerful and if used incorrectly can damage your computer beyond repair. This is not a scare tactic, it is very, very, real. Oh, and what Avira found in SmitfraudFix is actually part of the program which is considered a "risk tool". Many of the specialized tools that we use contain portions which fall under the "risk tool" category. That's why we give the warning about using them without supervision.
Hopefully this has helped clear up some of your confusion. If not, please don't hesitate to post back. :) SCB
About L2M&Co, I guess, GUESS, that formatting all I should be clean. So, for now, and untill I will be a bit more expert, I sty with these I have already.
About Roxio, I do not remember if I had uninstalled COmodo too, but surely I had put all pending files in Safe Files, and I had disabled Firewall and Defense, and shut it down. And no way. But I finally decided to switch to Power2Go. I do not really need more than that. I liked Nero, but I do not really needed it. We'll see.
About pending files, if I understand well, Comodo does not automatically block the execution of any file in that list without asking me, or it does?
Anyway this time I installed Comodo without Defense+. So it told me "as you are not installing Defense+, we reccomend at least t use Leak Protection for more security". I felt that if I said no it would have been offended, so, to be kind, I said yes. Now, why I see all Defense+ there?
Anyway I have put both firewall and defense+ on training mode.
I had a quick blue screen and crash while scanning with Avira.
Comodo was running (training mode), and Defender too. I do not remember about Spybot, but maybe even if I had shouted down it there anyway was the TeaTimer in process manager... I had shooted down A2Squared, which in VIsta let me shout it down, in XP no. (and I can't find any option to not have a process runing all the time, so finally I disabled the service)
I shouted down all these program completely, and no more crashes.
But, obviously, I can't leave Avira alone.
The thing which can be useful to understand, at this point, is: among all these programs that I have, almost all with a Guard or Real Time protection, which ones can I leave running togheter without problems? I would leave Avira and Defender, and would deactivate all the rest and use it only for manual scanning once a week.
Should it be fine?
I have also a second computer, very preistoric, with pentium2 350mhz, and a bit more than 300mb of ram. It is miracolously running Xp Pro, with SP1.
It can't handle Avira. With AVG it was better. Avast was heavy too.
What can I use? AVG now does not provide updates for AVG older than 8, which I am not sure will be as light as before.
As firewall, I have found Online Armour, which seems ok.
I could try to install SP2, or SP3. They should not make the system heavier. Should them? :robotsurprised:
If I understand correctly, you did a reformat/reinstall on a vista machine? Windows Defender is integrated into the vista operating system, use its real-time protection for your antispyware detector. Online Armor is a good firewall so if you decide to use that one don't use Comodo at all. If you choose Comodo don't use Defense +, use the firewall only.
......I would leave Avira and Defender, and would deactivate all the rest and use it only for manual scanning.....
That would be the way to go -- along with either Online Armor or Comodo for your firewall.
It's pretty amazing that your second computer runs XP with only 300 MB of RAM. There may be some processes and/or services that you can disable to make room for whichever AV software you choose (there aren't any that are real light on resources, at least that I know of). Please visit Black viper's site. You can find all sorts of information on what services and processes you need depending on how you use your computer. You might even be able to bring some extra added life back into your second machine.
By the way, it appears that you are getting a pretty good handle on the security situation. The more you learn the easier it becomes keeping your computer safe. :) -- SCB
yes, I formatted a system with Vista Premium 32bit.
In a XPS M1530 notebook.
DOes this change things?
I installed COmodo without defense+, but it asked me if I wanted at least the "leak protection". I felt intimidated ("at least Leak Protection" made me think that without that I was vulnerable). I said yes. But by right clicking in Comodo tray icon I see Defense+, no Leak Protection... Or this is what it seems. Any Idea about this Leak Protection? And now what am I supposed to do? How do I configure Defense+ or whatever it is really? In CleanPC? Or do I unistall all and reinstall it without this Leak?
If you prefer, I may ask this in Comodo Forums. ;)
Well, I am a bit intimidated after all that story, so I am staying here and only here... :)
My doubt about COmodo as firewall togheter with other firewall was referred to Windows Firewall, nto to Online Armour. When I install COmodo, it says to uninstall any third party firewall. Is Windows "third party"? Possibly because I do not speak english well, but I thought that it was not, so I was wondering if I had to (or I can) deactivate Windows Firewall if I use Comodo. And I have found out that in Administrative Instruments I can also access to an advanced firewall, so I discovered that if I deactivate Widnows Firewall from the Control Panel it deactivates only the pubblic profile. But there is a domain profile and a private profile. DO I need them if I use Defender real time protection and COmodo Firewall?
BugBatter told me about that site, in a post in Vista section, where I was asking about services I could deactivate. It seems interesting, I will check from the city. Here I go crazy with this prehistoric PC and this paleolitic dial up connection.
I had found a copy of a XP Lite, but I needed, in that tiem, to have different identities, and it didn't allowed me. SO I installed another version.
DO you think I can Install the Lite? Or it can be enough to quit some servivce?
OK, let me see if I can answer your questions in order that you gave them. Your words will be in italics.
......formatted a system with Vista Premium 32bit. In a XPS......
Nope, this makes no difference at all.
......How do I configure Defense+ or whatever ......
Right-click the Comodo icon in the system tray.
Click Open.
Click the Defense + icon at the top of the Comodo window.
Click Advanced=>Defense + Settings.
Move the slider to Disabled.
Put a checkmark in the box next to " deactivate the Defense + permanently. (Requires a system restart)".
Click Apply.
Allow system to reboot.
......My doubt about COmodo as firewall togheter with other firewall was referred to Windows Firewall......
The Windows supplied firewall in Vista is a much better and more robust firewall than the one that came with XP. From what I have read, if configured properly, you really don't need a third-party firewall. Unfortunately, I can't help you with that since I don't have Vista on my computer so I'm not at all familiar with that firewall. Additionally, when I installed Comodo on my computer it deactivated the Windows firewall as part of the installation so I would imagine it would do the same thing I Vista machine. You might consider posting over at the Vista or Other Software board about configuring the firewall. Otherwise, start a new topic here and title it something like "How to Configure The Vista Firewall?". Someone who is more familiar with Vista will surely help you out.
......you think I can Install the Lite? Or it can be enough to quit some servivce?......
If you don't need more than one identity I would give the Windows Lite a try. You may need to stop some services/processes even if you are using the Lite version.
Incidentally, your English is just fine. You don't have any trouble getting your point across and that's all that counts. It's just like anything else, the more you use it the better you will get at it.
Sergioo
143 Posts
0
June 28th, 2008 10:00
Ok, but I knew... :smileytongue:
even if I liked the page... thanks.
But the fact is that Comodo reports a program or windows function wanting to install a hook (dwmapi.DL , not dll!) in systm32.
When I say no, nothing happens.
But when I said yes the first time, it installed it, but effectively it was the dll, signed by microsoft, so I taken to think it is a bug in Comodo, or in Vista (if Comodo takes the name of ther hook from Vista). An error.
I downloaded several programs for spyware, vurus, and malware, and found just one thing. But dwmapi.dl keep appearing...
helmecj01
2 Intern
•
2.4K Posts
0
June 28th, 2008 10:00
http://www.processlibrary.com/directory/files/dwmapi/229471
From Chris
My computer
Dell Dimension 1100
Microsoft Windows XP Home SP3
512 MB of Ram
Nvidia Geforce FX 5200 256MB
Intel Celeron CPU 2.53GHz
Dell E196FP
HDD WDC WD800BB-75JCO 80GB C:
HDD Samsung SV2042H 20GB F:
TSSTcorp CDRWDVD TS-H492C D:
LITE-ON DVDRW LDW-851S E:
Linksys Wireless-G WUSB54GS With SpeedBooster
Logitech Cordless Desktop EX 90
Logitech Cordless Click Plus Rechargeable Optical Mouse
Mozilla Firefox 3.0
Internet Explorer 8 Beta 1
My Security Software
Avanquest SystemSuite 8 Professional
Windows Defender
ky331
3 Apprentice
•
15.6K Posts
0
June 28th, 2008 11:00
Other people are reporting the same thing, dwmapi.dl (not .dll) at the comodo forums:
there's a two-page thread here
page1: https://forums.comodo.com/help_for_v3/dwmapidl-t23845.0.html
page2: https://forums.comodo.com/help_for_v3/dwmapidl-t23845.15.html
and a another/referenced thread here:
https://forums.comodo.com/help_for_v3/problems_with_msctfdl-t19884.0.html
I skimmed things quickly... I don't know that the matter was "solved" there yet...
dalem29
2 Intern
•
2.2K Posts
0
June 28th, 2008 12:00
Sergioo
143 Posts
0
June 28th, 2008 12:00
Well, it is what I thought.
And I feel the same about Comodo. You are totally right, as I am ending with saying yes to all! THis is the opposite of what the program should do... It becomes unsecure.
Anyway.
About those links on Comodo forum, ehm... actually I am the Sir Joe (in english is read as Sergio in italian). My name is Sergio...
The first place where I looked was that forum, as it was a Comodo message. I saw that there were two threads, in these same days, so I thought "new virus!" and I was quite worried.
I was in the middle of formatting and reformatting all, and living in a place far from town, with a preistoric radio telephone and internet dial up impressively slow, I was in town and I had two hours to get answers and download programs, so I posted in quite 10 different sites in english, spanish and italian.
No one knows anything about that.
I also was banned from hijackthis.de, in a very unkind and not reasonable way, by my point of view, just because of having posted in other forums! Ridiculous, the first thing they did was to look for solutions in other sites, and they pretend that I should have not done the same???
And closing the thread in that way, accusing me to be a fake!
They must be totally crazy.
I am very angry, sorry, I am descharging...
Well, let's say that I do it for solved, but I do not mark it as solved yet. I want to see if something new appear. I asked to thes guys in Comod to do a scan with certain program that I used, as I have found two riskwares and a possible rootkit (a hidden file, which was not visible not even with all the option to see hidden and system files. Is it possible? Anyway, I searched for it in internet, I found nothing, and so I deleted it...)
Bye!
Bugbatter
3 Apprentice
•
20.5K Posts
0
June 28th, 2008 13:00
Sergioo
143 Posts
0
June 28th, 2008 14:00
Well, said in this way, it is reasonable, and quite kind. I do not agree, I mean, I would not act as you would act and acted. But I understand what you say and I just take it as a fact which I can't nor want to change.
But as they did, saying I was a fake behind different niks, with the conscious intention to create false scandal over the net, and banning me closing the thread "because of UNCOUNTABLE" crossposting all over the universe... I may have post in 9 web sites, one in spanish, two in italian, so only 6 in english.
DOes not justify such an aggressive and offensive reaction.
Also I said it already, and they could have clearly read it in Comodo, that I live in a place without internet, I had few few time to get answers, as I also was in the process of reformatting all.
I understand rules, also the not written ones, but there is something called common sense, and in this case, they had it not.
Even like that, I understand your point.
Can you understand mine?
Anyway, nobody helped me, I mean, in Pchelp, here, and in Comodo, I got will of help, but I still have not find out really nothing.
Considering that actually only Comodo users manifest the problem, and only by few days (possibly it is the last release), it may be an error of the program, or the fact that it is too invasive, or maybe very good (if it is a new bad issue...).
The fact is that it remain a hook. It does not apparentlyinstall anything. Maybe it is a Keylogger (in thes days I am learning words, but I do not actually know what it is a keylogger, and how to find and eliminate it).. No dwmapi.dl is installed. Only the good dwmapi.dll by Microsoft...
Well, bye!
joe53
2 Intern
•
5.8K Posts
0
June 28th, 2008 23:00
@Dalem:
I can't speak for Vista users, but CFP 3.x has worked very well for me for months using XP, with very few alerts after the initial learning period.
Part of the secret is to remember to switch the Proactive Defense into Installation Mode (at the bottom of the Summary page) prior to downloading, updating or installing anything. After doing so, remember to "Switch to Previous Mode", or you will get a prompt to do so after a while. Yes, this is a bit of a nuisance, but it will eliminate a multitude of alerts.
I agree with your opinion that too-frequent alerts might lead to one automatically allowing everything, and thereby defeating the firewall's protection. It is for this reason I don't recommend CFP 3.x to novices. It does demand a lot of the user.
SpotCheckBilly
932 Posts
0
June 29th, 2008 20:00
Posting the same question on multiple forums causes problems not because people are being mean or overly aggressive. There are just so many people asking for help that it's almost impossible to keep up. In fact, most of the forums are swamped. Having more than one helper working with the same person on the same problem can often result in dozens of people not getting any help at all. That might sound like an exaggeration, but people such as Bugbatter are often trying to help a dozen people at each forum they work at. Enough about that.:)
All of those alerts from Defense+ let you know that a it is, in fact doing its job. Problem being, it's impossible to know what each and every process, .dll, etc., is and why it's requesting to do whatever its requesting. I most certainly don't and neither does anyone else I know. What I've begun recommending (along with a lot of other helpers), is the just run the firewall and disable Defense+ completely. Defense+ is just too confusing or too much of a pain for just about everyone. Keep all of your protection programs updated and you simply don't need Defense+. :D -- SCB
Sergioo
143 Posts
0
June 30th, 2008 00:00
What you say, Billy, is even more clear. It gives me an even better panorama of the "helping job" of people in forums. And I receive the "enough about that", but I must specify that I was not attacking Bugbatter, at all, he was kind and nothing aggressive. When I said "I would not act as you acted" I meant just that I would have not decided to not help someone just because MAYBE someone else in other places would have helped him. I would have seen not only that he had posted otherwhere, but also that he had not yet received any help, and I would have helped him, and let other people decide if to add something to my help or to go helping someone else... Anyway I was not emiting a value judgement. And now with your new infos I see that he trusted that I would have received quick help from someone else, as he knew (I didn't) that these other places were full of real experts and that (for the nature of my problem) helping me was not a matter of just telling me "yes, it is a known thing, it is safe/unsafe", but that it would have requested time.
Before now I've never asked help or searched infos about viruses or spywares or malwares because I never had (or knew I had) problems, so I actually had no idea of anything. I had an idea that people helping others as volunteers were very busy, and believe me, when I posted in these different sites I thought that it was a matter of telling me "yes, safe" or "no, unsafe", I thought that people would have already known something about this specific message and that would have not employed their time with me, or I would have not involved many people. I sware!:smileyhappy:
Anyway, when I talked of aggression I was not talking of someone here, but of people at hijackthis.de...
Tell me if it does not sound unkind, unfounded, aggressive and a bit paranoid telling me: "Your system does not have malware, and you need to quit making up fake user names and then posting like it is a plague of malware. I am not sure why you are choosing to do this, and it is taking people away from helping others who have real needs." as a Team Member did, and "Due to massive crossposting in uncountable boards and groups all around the internet closed." as a Moderator said closing the thread... (the underlineed is mine). Before these two last posts all was correct and clear, even if a bit cold and rigid. But with these posts they did the step longer than their leg... Too much. Too much...
http://www.hijackthis-forum.de/showthread.php?t=31679
Ok, now I feel that I explained enough. :smileytongue:
Well, I am experiencing problems with Roxio, I can`t anymore have the MyDVD installed, no matter what I do, and I think it may be something in Defense+, some pending file (I just discover about pending files. I've never put anything there, it did it alone. What are pending files, an alert list, or files that it is blocking by itself and which can't run properly?). I am not sure, maybe it is something I did. Or maybe this Roxio, which seems too invasive (it also instal a separate update manager of installshield which cannot be uninstalled anymore, and there are processes by Microvision FLEXnet Connect which also are a bit invasive).
But I will no more use Defense+ till I will have the ideas clearer.
About the dl, it is still a mistery, which does not mean it is a malware, just it is not clear if it is or not. But I guess not.
And, as I see that you people are trusted and expert, I will possibly (try to) do of Dell Forum the only point of reference, so in one place I have all kind of answers. For example, I lately visited techsupportforum.com and I was impressed by their promises of help and by their precision in sticky posts, so I followed their suggestions (the 5 steps), I downloaded these programs (VundoFix, Look2Me-Destroyer, Deckard System Scanner, and SmithfraudFix), and when I run Look2Me, it says to wait a minute and let me there 10 minutes and I had to restart pc, Deckard asked me things and before I was able to answer it went forward for its own, and Avira found "detection pattern of the dropper DR/Tool.Reboot.F.105" in SmithfraudFix... I do not doubt that they are more than serious and that Avira is exagerating or misunderstanding, but, you surely understand that I feel confused. What do you think? May I run these programs? I mean, they are proposing them, so, if I would use them, I would do it with their supervision. But, for what you know, are these safe and useful programs?
What can you suggest me to use?
I have some programs, the most of them I have found in the sticky post at the top of this forum. Avira free, Comodo, Spybot search and destroy, Malwarebytes, A-Squared free, and Hijackthis which I find complicated to understand and not comfortable as it force me to ask to others and post logs... One, two times ok, but no something I can do every week! In this case I feel like abusing of others time...
Do I miss any program?
Well, bye! And thanks for your patience and kindness.
SpotCheckBilly
932 Posts
0
June 30th, 2008 18:00
Yes indeed, the response that you pointed out (thanks for the link) was pretty extreme. And in your case, could have been handled much better. There is a big difference between people who are scared and confused and those who are just trying to be a pest. It's not always easy to tell which is which.
Now let me see if I can explain about the "pending files" in Defense+. Comodo keeps a database of known good and bad files. When you receive an alert from Defense+, this database is used to let you know whether a file is safe or not (this database is updated regularly). The "pending files" list contains files that are not in the Comodo database. When you access the list you are given the opportunity to check all of the files in that list against the master list at Comodo. You are also given the opportunity to upload any unknown files to Comodo for analysis. This is just one of the ways that Comodo updates their database. I think you're starting to get the idea why a lot of us just recommend that Defense+ be disabled. Incidentally, I think that the missing "l" in dwmapi.dl is a typo. Comodo found it to be safe and I expect that the person who typed it in to the database simply missed the final "l".
Now, onto the programs you were asking about. I can't help much with the Roxio program since I have never used it. You can, however, go right over to the "Other Software" board right here at Dell to find answers. Off the top of my head, I would suspect that Defense+ did indeed have something to do with it malfunctioning. Once you have disabled it, try uninstalling, then reinstalling the Roxio product.
As a general rule, commercially available tools/scanners such as Spybot Search & Destroy, Malwarebytes Anti-Malware, etc., are safe to use unsupervised. Tools such as VundoFix, SmitfraudFix and the various assorted Look2Me (L2M) as well as some of the infection specific tools should NEVER be used without direct supervision from an expert. These tools are very powerful and if used incorrectly can damage your computer beyond repair. This is not a scare tactic, it is very, very, real. Oh, and what Avira found in SmitfraudFix is actually part of the program which is considered a "risk tool". Many of the specialized tools that we use contain portions which fall under the "risk tool" category. That's why we give the warning about using them without supervision.
Hopefully this has helped clear up some of your confusion. If not, please don't hesitate to post back. :) SCB
Sergioo
143 Posts
0
June 30th, 2008 20:00
Thanks Billy.
About L2M&Co, I guess, GUESS, that formatting all I should be clean. So, for now, and untill I will be a bit more expert, I sty with these I have already.
About Roxio, I do not remember if I had uninstalled COmodo too, but surely I had put all pending files in Safe Files, and I had disabled Firewall and Defense, and shut it down. And no way. But I finally decided to switch to Power2Go. I do not really need more than that. I liked Nero, but I do not really needed it. We'll see.
About pending files, if I understand well, Comodo does not automatically block the execution of any file in that list without asking me, or it does?
Anyway this time I installed Comodo without Defense+. So it told me "as you are not installing Defense+, we reccomend at least t use Leak Protection for more security". I felt that if I said no it would have been offended, so, to be kind, I said yes. Now, why I see all Defense+ there?
Anyway I have put both firewall and defense+ on training mode.
I had a quick blue screen and crash while scanning with Avira.
Comodo was running (training mode), and Defender too. I do not remember about Spybot, but maybe even if I had shouted down it there anyway was the TeaTimer in process manager... I had shooted down A2Squared, which in VIsta let me shout it down, in XP no. (and I can't find any option to not have a process runing all the time, so finally I disabled the service)
I shouted down all these program completely, and no more crashes.
But, obviously, I can't leave Avira alone.
The thing which can be useful to understand, at this point, is: among all these programs that I have, almost all with a Guard or Real Time protection, which ones can I leave running togheter without problems? I would leave Avira and Defender, and would deactivate all the rest and use it only for manual scanning once a week.
Should it be fine?
I have also a second computer, very preistoric, with pentium2 350mhz, and a bit more than 300mb of ram. It is miracolously running Xp Pro, with SP1.
It can't handle Avira. With AVG it was better. Avast was heavy too.
What can I use? AVG now does not provide updates for AVG older than 8, which I am not sure will be as light as before.
As firewall, I have found Online Armour, which seems ok.
I could try to install SP2, or SP3. They should not make the system heavier. Should them? :robotsurprised:
SpotCheckBilly
932 Posts
0
July 1st, 2008 18:00
If I understand correctly, you did a reformat/reinstall on a vista machine? Windows Defender is integrated into the vista operating system, use its real-time protection for your antispyware detector. Online Armor is a good firewall so if you decide to use that one don't use Comodo at all. If you choose Comodo don't use Defense +, use the firewall only.
......I would leave Avira and Defender, and would deactivate all the rest and use it only for manual scanning.....
That would be the way to go -- along with either Online Armor or Comodo for your firewall.
It's pretty amazing that your second computer runs XP with only 300 MB of RAM. There may be some processes and/or services that you can disable to make room for whichever AV software you choose (there aren't any that are real light on resources, at least that I know of). Please visit Black viper's site. You can find all sorts of information on what services and processes you need depending on how you use your computer. You might even be able to bring some extra added life back into your second machine.
By the way, it appears that you are getting a pretty good handle on the security situation. The more you learn the easier it becomes keeping your computer safe. :) -- SCB
Sergioo
143 Posts
0
July 1st, 2008 19:00
Hi Billy,
yes, I formatted a system with Vista Premium 32bit.
In a XPS M1530 notebook.
DOes this change things?
I installed COmodo without defense+, but it asked me if I wanted at least the "leak protection". I felt intimidated ("at least Leak Protection" made me think that without that I was vulnerable). I said yes. But by right clicking in Comodo tray icon I see Defense+, no Leak Protection... Or this is what it seems. Any Idea about this Leak Protection? And now what am I supposed to do? How do I configure Defense+ or whatever it is really? In CleanPC? Or do I unistall all and reinstall it without this Leak?
If you prefer, I may ask this in Comodo Forums. ;)
Well, I am a bit intimidated after all that story, so I am staying here and only here... :)
My doubt about COmodo as firewall togheter with other firewall was referred to Windows Firewall, nto to Online Armour. When I install COmodo, it says to uninstall any third party firewall. Is Windows "third party"? Possibly because I do not speak english well, but I thought that it was not, so I was wondering if I had to (or I can) deactivate Windows Firewall if I use Comodo. And I have found out that in Administrative Instruments I can also access to an advanced firewall, so I discovered that if I deactivate Widnows Firewall from the Control Panel it deactivates only the pubblic profile. But there is a domain profile and a private profile. DO I need them if I use Defender real time protection and COmodo Firewall?
BugBatter told me about that site, in a post in Vista section, where I was asking about services I could deactivate. It seems interesting, I will check from the city. Here I go crazy with this prehistoric PC and this paleolitic dial up connection.
I had found a copy of a XP Lite, but I needed, in that tiem, to have different identities, and it didn't allowed me. SO I installed another version.
DO you think I can Install the Lite? Or it can be enough to quit some servivce?
Well, bye!
And thanks...
SpotCheckBilly
932 Posts
0
July 2nd, 2008 18:00
OK, let me see if I can answer your questions in order that you gave them. Your words will be in italics.
......formatted a system with Vista Premium 32bit. In a XPS......
Nope, this makes no difference at all.
......How do I configure Defense+ or whatever ......
Right-click the Comodo icon in the system tray.
......My doubt about COmodo as firewall togheter with other firewall was referred to Windows Firewall......
The Windows supplied firewall in Vista is a much better and more robust firewall than the one that came with XP. From what I have read, if configured properly, you really don't need a third-party firewall. Unfortunately, I can't help you with that since I don't have Vista on my computer so I'm not at all familiar with that firewall. Additionally, when I installed Comodo on my computer it deactivated the Windows firewall as part of the installation so I would imagine it would do the same thing I Vista machine. You might consider posting over at the Vista or Other Software board about configuring the firewall. Otherwise, start a new topic here and title it something like "How to Configure The Vista Firewall?". Someone who is more familiar with Vista will surely help you out.
......you think I can Install the Lite? Or it can be enough to quit some servivce?......
If you don't need more than one identity I would give the Windows Lite a try. You may need to stop some services/processes even if you are using the Lite version.
Incidentally, your English is just fine. You don't have any trouble getting your point across and that's all that counts. It's just like anything else, the more you use it the better you will get at it.
Good luck. :) -- SCB