Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:44am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   Comodo Warning		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Comodo Warning  (Read 381 times)
JohnD
Newbie
*





   


Gender: male
 Posts: 13
Comodo Warning
« on: Oct 29th, 2007, 7:40pm »		 Quote Quote  Modify Modify
Have been reading the thread started by Tingram and am wondering if the code injection mentioned is the answer to the following.
I use CounterSpy and just in the past couple of days my Comodo Firewall has popped up warnings when it has tried to update saying that "TH Guard has modified the parent application SBCS Tray.exe in memory. This is typical of Virus, Trojan...connect to the internet" I obviously trust both programs but can anyone help me with an indication of what it is TH is doing to CS?
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Comodo Warning
« Reply #1 on: Oct 29th, 2007, 11:10pm »		 Quote Quote  Modify Modify
Quote:
I use CounterSpy and just in the past couple of days my Comodo Firewall has popped up warnings when it has tried to update saying that "TH Guard has modified the parent application SBCS Tray.exe in memory. This is typical of Virus, Trojan...connect to the internet" I obviously trust both programs but can anyone help me with an indication of what it is TH is doing to CS?

 
This is THGuard injecting code into programs in memory as part of its (THGuard) self protection scheme.  THGuard has used this method of self protection for years.  Is there a way to "accept always" in Comodo Firewall to always permit THGuard to do so without warning messages?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
JohnD
Newbie
*





   


Gender: male
 Posts: 13
Re: Comodo Warning
« Reply #2 on: Oct 30th, 2007, 5:12am »		 Quote Quote  Modify Modify
Appreciate the reply. What action by CS is it that TH is protecting itself against? I've had them working together for some time, why has it not happened before? Is it something unique that an antispyware program executes - it has not popped up on any other occasion?
 
Your suggestion is correct; I can tell Comodo to remember the "allow" action and it will set up a "rule".
« Last Edit: Oct 30th, 2007, 5:14am by JohnD » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: Comodo Warning
« Reply #3 on: Oct 30th, 2007, 7:11am »		 Quote Quote  Modify Modify
TrojanHunter uses the MadCodeHook injection driver (mchinjdrv.sys) for code injection.  A brief on it is found below:
 
http://www.madshi.net/madCodeHookDescription.htm
 
It is this code that is what is being responded to by Comodo.  I cannot explain the actual logic that THGuard uses.  I just know that it is used by Magnus.  CounterSpy is merely the one of the innocent recipients of what THGuard is doing.  Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
JohnD
Newbie
*





   


Gender: male
 Posts: 13
Re: Comodo Warning
« Reply #4 on: Oct 31st, 2007, 4:42am »		 Quote Quote  Modify Modify
Thanks.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register