Zurchiboy Posted November 6, 2012 Report Share Posted November 6, 2012 Well. I have been using Immunet protect free along side comodo internet security for a few months now. I really like the immunet product a lot. But everytime i open Como dragon chrome, internet explorer. I will see the process start but then exit. I have already solved the issue. Had to uninstall immunet and did a scan with Emsisoft emergency toolkit. It found stuff in quarantine that was not removed and removed those files that were not deleted when i uninstalled immunet. and after I restarted computer everything is fine. I don't know if this is a bug or if it was a problem with mine only. I am running Windows 7 64-bit home premium service pack 1. Link to comment Share on other sites More sharing options...
ritchie58 Posted November 6, 2012 Report Share Posted November 6, 2012 Hi Zurchiboy, Immunet's uninstaller should have asked you if you wish to delete or restore any quarantined files. If you clicked to delete and the files remained it's a good bet that you were infected before Immunet was installed, anyway, it sounds as if Immunet may have detected one or more threats that had infected your browser software (a fake BrowserHelperObject or malicious Toolbar maybe?), quarantined the threat(s) but in doing so also made your browsers unusable for some reason. I would venture to guess these infected files were blocking access to files necessary for the operation of the browsers. When a new threat is detected and quarantined by Immunet it is not automatically deleted, rather it has been deactivated and made safe. This is just in case that it is a false positive so the file can be restored later. So when you unistalled Immunet those infected files where still in your system. That's why Emsisoft found them. You can permanently delete infected files (genuine malware) with Immunet by opening the GUI and click on Quarantine. This will give you a list of all file paths quarantined, the detection name, etc. Click on a file and then you have the option to choose delete or restore. It's usually ok to just leave the infected files in quarantine or they can be, as in your case, deleted. If you're not sure about a file it's best to keep it in quarantine and do some research (Virustotal is a good site to start with) or you can post your findings right here at this forum, in the Support Issues/Defects section, before deleting or restoring anything. If you find that a file is genuine malware and want to delete it there are instances where a file can not be deleted because it's locked or "in use" by another system file, process or 3rd party software. This is a very good indicator that the malware was already present in your system before Immunet was installed. Only select restore if you are "absolutly sure" that a file in question is a false positive. Did you make any screenshots or look to see which files were quarantined and what the threat name was before unistalling? If you saved this information could you upload the screenshots or tell us the affected file paths and threat names used? This would give us an idea which detection engine quarantined the files and what type of malware was involved. Regards, Ritchie... Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 6, 2012 Author Report Share Posted November 6, 2012 Hi Zurchiboy, Immunet's uninstaller should have asked you if you wish to delete or restore any quarantined files. If you clicked to delete and the files remained it's a good bet that you were infected before Immunet was installed, anyway, it sounds as if Immunet may have detected one or more threats that had infected your browser software (a fake BrowserHelperObject or malicious Toolbar maybe?), quarantined the threat(s) but in doing so also made your browsers unusable for some reason. I would venture to guess these infected files were blocking access to files necessary for the operation of the browsers. When a new threat is detected and quarantined by Immunet it is not automatically deleted, rather it has been deactivated and made safe. This is just in case that it is a false positive so the file can be restored later. So when you unistalled Immunet those infected files where still in your system. That's why Emsisoft found them. You can permanently delete infected files (genuine malware) with Immunet by opening the GUI and click on Quarantine. This will give you a list of all file paths quarantined, the detection name, etc. Click on a file and then you have the option to choose delete or restore. It's usually ok to just leave the infected files in quarantine or they can be, as in your case, deleted. If you're not sure about a file it's best to keep it in quarantine and do some research (Virustotal is a good site to start with) or you can post your findings right here at this forum, in the Support Issues/Defects section, before deleting or restoring anything. If you find that a file is genuine malware and want to delete it there are instances where a file can not be deleted because it's locked or "in use" by another system file, process or 3rd party software. This is a very good indicator that the malware was already present in your system before Immunet was installed. Only select restore if you are "absolutly sure" that a file in question is a false positive. Did you make any screenshots or look to see which files were quarantined and what the threat name was before unistalling? If you saved this information could you upload the screenshots or tell us the affected file paths and threat names used? This would give us an idea which detection engine quarantined the files and what type of malware was involved. Regards, Ritchie... opera still worked. I might have been infected but I don't think so because emsisoft found nothing that was out or the quarantine folder. I don't believe i had any tool bars on my CPU Link to comment Share on other sites More sharing options...
ritchie58 Posted November 8, 2012 Report Share Posted November 8, 2012 Not knowing if anything was quarantined, or since you didn't submit a SDT report to Support before unistalling Immunet, your guess is as good as mine as to why your browsers stopped working. So you don't think it was an infection. Not much information to go on. It is strange though. No one else has as yet reported any bugs with any particular browsers with this newsest 3.0.8.9025 build of Immunet on this forum (I also use Win 7 64bit) or were you using an older version? Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 9, 2012 Author Report Share Posted November 9, 2012 Not knowing if anything was quarantined, or since you didn't submit a SDT report to Support before unistalling Immunet, your guess is as good as mine as to why your browsers stopped working. So you don't think it was an infection. Not much information to go on. It is strange though. No one else has as yet reported any bugs with any particular browsers with this newsest 3.0.8.9025 build of Immunet on this forum (I also use Win 7 64bit) or were you using an older version? It was 3.5 I believe Link to comment Share on other sites More sharing options...
ritchie58 Posted November 11, 2012 Report Share Posted November 11, 2012 May I suggest that you try the newest 3.0.8.9025 build. No bugs concerning browsers have been reported with this version to my knowledge and some great improvements over older builds have been made. It is possible that this newest build does not support your native language but if you feel comfortable enough using English I would say give it a try! Just select the English language version when prompted by the bootstrapper installer if your language is not included. You can download the newest installer at this link. https://sourcefire-a...otstrap_url.exe Cheers, Ritchie... Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 12, 2012 Author Report Share Posted November 12, 2012 May I suggest that you try the newest 3.0.8.9025 build. No bugs concerning browsers have been reported with this version to my knowledge and some great improvements over older builds have been made. It is possible that this newest build does not support your native language but if you feel comfortable enough using English I would say give it a try! Just select the English language version when prompted by the bootstrapper installer if your language is not included. You can download the newest installer at this link. https://sourcefire-a...otstrap_url.exe Cheers, Ritchie... downloading and trying. I will see what happens Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 12, 2012 Author Report Share Posted November 12, 2012 Tried eicar. when immunet was not installed. it showed alert once. when it was installed it showed alert 6 times in a row. Link to comment Share on other sites More sharing options...
ritchie58 Posted November 12, 2012 Report Share Posted November 12, 2012 I've run the EICAR test string with Immunet in the past. It is strange that you got 6 detections in a row. I've never seen that before. When I would run the test first you had to disable Immunet or it would quarantine the downloaded zip file even before you had a chance to unpack it (Scan Archive Files, Scan Packed Files enabled in Scan Settings)! After unpacking and restarting Immunet the whole test string was quarantined within seconds! In my tests Immunet Free would always detect and quarantine the entire string before the "paid version" of Panda Cloud AV had a chance to detect even one .exe file which I found very impressive at the time. Those were my results but as I said that was a while ago with older builds of both AV's. Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 12, 2012 Author Report Share Posted November 12, 2012 I've run the EICAR test string with Immunet in the past. It is strange that you got 6 detections in a row. I've never seen that before. When I would run the test first you had to disable Immunet or it would quarantine the downloaded zip file even before you had a chance to unpack it (Scan Archive Files, Scan Packed Files enabled in Scan Settings)! After unpacking and restarting Immunet the whole test string was quarantined within seconds! Those were my results but as I said that was a while ago with an older build. I meant comodo. the full fledged av. I probably should have bee more specific. comodo alone when did eicar would show onealert. With immunet it would alert me 4-6 times in a row. I might bring this up in comodo's forums. Link to comment Share on other sites More sharing options...
ritchie58 Posted November 12, 2012 Report Share Posted November 12, 2012 Ok, I get it, Comodo AV is giving you multiple detection alerts. Still that's rather odd isn't it? Which AV quarantined the files first or did both detect & quarantine some of the string? You got my curiosity going there, lol! Here's a tip, put each AV's "Program Files" folder in thier respective Exclusion or Safe Programs List. What ever Comodo calls it. This will eliminate any dual or loop scanning of files, speed up scan times and prevent any possible conflicts that can significantly reduce system performance. Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 12, 2012 Author Report Share Posted November 12, 2012 Ok, I get it, Comodo AV is giving you multiple detection alerts. Still that's rather odd isn't it? Which AV quarantined the files first or did both detect & quarantine some of the string? You got my curiosity going there, lol! comodo deteted it first. Immunet showed no alert because all comodo processes are in exclusions. Link to comment Share on other sites More sharing options...
Zurchiboy Posted November 12, 2012 Author Report Share Posted November 12, 2012 Ok, I get it, Comodo AV is giving you multiple detection alerts. Still that's rather odd isn't it? Which AV quarantined the files first or did both detect & quarantine some of the string? You got my curiosity going there, lol! go on chat when you can. I stay online in chat. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.