Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove Comodo; made comp go crazy! PLEASE help!


  • Please log in to reply
8 replies to this topic

#1 floridaze

floridaze

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 AM

Posted 20 May 2010 - 06:56 PM

Please, if anybody can help me, I'm desperate.

Today I replaced my previous firewall and real-time malware protection with Comodo Security. It has made nearly everything about my machine go wild, and I CANNOT uninstall it. I did not install the Comodo antivirus, as I'm happy with avast! 5, nor did I install the optional homepage and search engine defaults. I chose the Maximum Security option when I installed it.

Here are just a FEW of the problems that I'm now having:

- avast is disabled and I can't enable it
- I can't reinstall Comodo
- I can't enable Windows XP firewall
- I can't copy and paste anything
- I can't move any desktop icons at all
- I can't access system restore
- I can't minimize browser windows to the taskbar. They minimize to the very very bottom of the desktop in the form of very small boxes.
- I have no sound
- I can't do a Windows search
- and on and on ...

What could possibly be wrong? Did installing Comodo activate some hidden worm? I'm VERY careful and well-protected, and I don't know how I could have had anything on my machine. I keep all of my security programs updated and I scan very frequently.

I've tried every suggestion that I've seen in this forum for uninstalling Comodo, and none have remotely worked. I've tried Revo Uninstaller, in addition to the typical add/remove programs and DOS commands. Even the ideas on the Comodo website don't work.

Please help. I bought this computer used, and I don't have the XP CD. I run XP Home, SP3. Thank you so much!

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,570 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:36 AM

Posted 20 May 2010 - 07:25 PM

Tried uninstalling in safe mode?

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 floridaze

floridaze
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 AM

Posted 20 May 2010 - 09:32 PM

Yes indeed, sorry that I forgot to mention that. Being that my start button disappeared, I couldn't even do an alt + S in safe mode. My goose was completely cooked. Safe mode afforded me less than nothing.

BUT ... the problem has now been resolved, for all appearances! I couldn't scan with either avast nor Malwarebytes, but I was able to run HijackThis. It showed what I thought was a baddie - guard32.dll in the system32 folder - and I had HT kill it. It WAS a baddie, and it was responsible for the whole enchilada! I remember Scotty dog (WinPatrol) asking if I wanted that to run on startup, and I said yes, thinking guard, security package installing, yeah that sounds legit. But it was NOT.

So beware, people who are contemplating Comodo Internet Security! Do NOT let that guard32 file run! The scariest part of all is I downloaded from Cnet, which of course is known to be very safe. Back to PC Tools firewall and IOBits 360 for real-time malware protection.

Thanks, Animal, for your kind attention. All the best to you.

#4 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 PM

Posted 21 May 2010 - 05:58 AM

Your problem was more likely a conflict with Comodo and Avast 5 which I have myself experienced. The file guard32.dll is a legit part of Comodo as you can see from the following link. http://www.what-is-exe.com/filenames/guard32-dll.html and not the source of your proble which I suspect was due to Comodo and Avast both having HIPS technology.
I think what has happened is that there has been a conflict with Avast 5 which has locked up your PC. Did you disable Avast 5 when you installed Comodo?. I have used Comodo with Avira 9 & 10, AVG, Avast 4 & 5, MSE, A-Squared, Bit Defender as well as Comodo's own AV and the only problem I have ever had is with Avast 5 which I could not even instal properly and for me anyway seems to be incompatible with Comodo on my PC running Win XP Home SP3. Personally I prefer the combination of Comodo Firewall plus Avira 10 over all the others. Never had so much as a missed update and my PC is very quick as they are both light on resources.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#5 floridaze

floridaze
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 AM

Posted 21 May 2010 - 06:18 AM

Thanks much for that, bluesjunior.

Yes, I did indeed disable avast5 while installing Comodo Internet Security. I disabled or shut down all security programs except WinPatrol.

Thanks for the link, however; when I was later trying to find the problem, I looked at the info provided by WinPatrol Plus, and it said IF guard32.dll is installed in the System32 folder, that the WinPatrol folks consider it to be malware. WP did indeed ask me if I wanted to let guard32.dll run upon startup, and I said yes, thinking "guard" sounded like something legit to be attached to a security program.

Malwarebytes and other malware scanning programs would not load and/or scan while Comodo was on my machine. I was finally able to get HijackThis to run. When I saw that guard32.dll was indeed in my System32 folder, going on what WP had told me and figuring I had nothing to lose with my machine barely breathing as it was, I told HijackThis to fix guard32. It told me to reboot to complete the process, which I did, and everything was immediately back to normal. It seems that guard32.dll is not supposed to be in the System32 folder? I know that the link which you gave me said it would be installed there, but WinPatrol's developers have a different opinion on it being malware IF it's located in that folder. And removing it solved my problem, even with the remainder of CIS still installed (which I have since uninstalled for good measure).

I'd love to get some feedback as to why/how this particular guard32.dll seems to have caused the whole catastrophe. I downloaded the CIS install program from Cnet and scanned it after doing so, so it certainly seemed to be clean. And I have a geek friend who does indeed run both CIS and avast 5 on an XP machine with not a single problem. However, I'm very interested in Avira and may well replace avast with it very soon. I'd love to try CIS again, but for now, avast and PC Tools firewall.

Thanks much!

Edited by floridaze, 21 May 2010 - 06:24 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:36 AM

Posted 21 May 2010 - 06:33 AM

Yes guard32.dll is a legititmate file related to Comodo.

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Comodo products require services and running processes that can be as difficult to remove as Symantec. That's why its best to remove while in safe mode where these processes are not loaded and running as they can interfere with complete removal when attempting to uninstall.

Edited by quietman7, 21 May 2010 - 06:33 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 floridaze

floridaze
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 AM

Posted 21 May 2010 - 02:08 PM

Thanks, quietman7, but the thing of it is, after HijackThis removed guard32.dll from the system32 folder, everything was back to normal, even though CIS was still installed. I uninstalled it immediately upon being able to do so, of course, but still ... it was only guard32.dll which seems to have caused the whole problem. It disabled avast, Malwarebytes, system restore, etc., even from safe mode. The only thing that saved me was being able to run HijackThis.

Absolutely not meaning to argue, but several sites and programs, including WinPatrol Plus, are identifying guard32.dll as malware *when in the system32 folder,* as opposed to when in the Comodo folder. Going by how truly wacky my machine went, I tend to believe that. I just don't know how it would have been infected, coming from CNET and having no prior infections on my machine.

Thanks again your time and kind efforts.



Yes guard32.dll is a legititmate file related to Comodo.

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Comodo products require services and running processes that can be as difficult to remove as Symantec. That's why its best to remove while in safe mode where these processes are not loaded and running as they can interfere with complete removal when attempting to uninstall.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:36 AM

Posted 21 May 2010 - 03:41 PM

several sites and programs, including WinPatrol Plus, are identifying guard32.dll as malware *when in the system32 folder

That does not mean it is a correct identification. No program is immune from a false positive from time to time.

See our info on guard32.dll.

Edited by quietman7, 21 May 2010 - 03:41 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 floridaze

floridaze
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:36 AM

Posted 22 May 2010 - 05:37 PM

It wasn't identified by any program as a false positive. It was just the opinion of some software producers that it COULD be a piece of malware which had renamed itself to guard32, if it was in the System32 folder.

Let's leave it at this:

1. Guard32.dll is a legit app of CIS which installs in the System32 folder

2. For whatever reason, my particular computer didn't like that particular guard32.dll running and reverted to normal once it was gone

Thanks for your time. Hope to see you around again as I peruse the forums. :thumbsup:



That does not mean it is a correct identification. No program is immune from a false positive from time to time.

See our info on guard32.dll.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users