BOClean was taken over by Comodo some time ago, and while they kept it updated for a while, it has now officially been rolled into their security suite.
Some users are getting corrupt database messages again, or other errors relating to their BOClean installation.
My advice is to just uninstall it. It was a great product for a long time, then became a great free product for a while.
Let’s move on.
Comodo BOClean, the free anti-malware software is today reporting a false positive on NTVDM.exe.
DO NOT DELETE!
You may have to temporarily unload BOClean, or else do a manual update to see if they have it fixed yet. The company is aware of it.
One of my accounting clients came across it today when accessing QuickBooks 2007.
This kind of thing happens once in a while and is why I no longer configure BOClean to automatically delete the infected file detected; because sometimes it’s not infected and can kind of hose your computer if you do.
Yesterday I was doing some installs and upgrades of Comodo’s free antimalware software BOClean, now version 4.27.
While I don’t expect anything to go wrong, here’s what I did anyway.
Fortunately nothing did go wrong, but it never hurts to protect yourself with a few simple, free insurance policies against a current or future problem.
I have how to videos for the system state backup and restore point if you are unsure how.
I pretty much gave up on Comodo’s antimalware product BOClean recently. Between false positives and a database that was continually becoming corrupt with errant instructions on how to fix(and a popup that wouldn’t go away), my clients were tired of it.
But BOClean has saved my bacon more than once. So when I checked today and found out the v4.26 has been released, I figured I would download and install it again.
I’ll let you know if there are any problems “pop up”.
I have been a long time supporter of BOClean antimalware software. Recently, however, BOClean’s orignator – NSClean – sold out to Comodo.com and Comodo started giving the product away. Great! I thought, but then the problems began.
How about the BOClean Database is Corrupted message (that won’t go away)?
Then 2 false positives on Windows system files.
I’m afraid I have to pull the plug and uninstall from my client’s PC’s. The Database corrupted message isn’t that hard to fix, but my Users just don’t want to learn it despite this video I created:
BOClean Database Corrupt How To Fix Video
So, for now at least, so long old friend.
With this mornings update (3/5/08), C:\Windows\System32\WUAUCLT.exe (windows update agent) is being stopped by Comodo BOClean as DRP-AGENT.SCK malware.
Is this another false positive like the USERINIT.Exe fiasco of a few weeks ago or is this real?
I posted to Comodo’s BOClean forum and someone else promptly indicated the same thing happened to them. I have had quite a few clients receive this prompt, with at least one selecting “Yes” to BOClean’s offer to delete the file.
As of 24 hours later, Comodo has not chimed in; although my laptop, the first to experience the problem, updated the definition file again around 4pm and then no longer reported the problem.
This is frustrating. Yes, Comodo gives away BOClean for free, but I have a number of clients who paid for it just a year or two ago.
Compound this with the ongoing “file corrupt” message that only goes away if you know the trick (I have a video), and the UserInit.exe false alarm just a short time ago that rendered many PC’s unable to login (and me glad I typically install Windows Recovery Console on PC’s), and I’m about to pull my support of the formerly fantastic product and uninstall from all of my client computers.
Very sad. As another poster commented: “This never happened when Kevin (owner of NSClean who created it) was running the show”.
Just what I needed. BOClean’s update on or about 12/18/2007 misidentified userinit.exe as having malware. And if you either have BOClean configured for “unattended cleanup and removal”, which I no longer recommend, or answered “yes” to delete the file when prompted, then next time you tried to logon to Windows XP it would logoff immediately. Userinit.exe was gone.
Ok, how to fix?
Well, I always install Windows Recovery Console when I setup a new PC; and I always copy the i386 directory from the Windows XP CD to the C drive. That lets me boot to the Windows Recovery Console and execute the command:
Expand C:\i386\UserInit.ex_ C:\Windows\System32
then reboot and problem solved.
Otherwise, you get to boot from your Windows XP CD and get into the Windows Recovery Console that way and expand the file on the CD.
Good news for privacy advocates and Skype users. In fact, this is likely applicable to most VoIP telephony solutions.
German Police report that they cannot decipher the encryption used by Skype to monitor calls. One of the problems is not just the encryption, but the way in which VoIP calls are conducted. Skype and other VoIP calls are broken into small data packets and routed over many internet paths and routers to get from one end to the other.
This means that Police really need to have access at the source, before the encryption preferably, in order to monitor the call.
I’m sure they’ll be working on that. They likely will be trying to install Trojan Horse programs on the originating PC of the suspect. In the U.S., I think that would fall under the category of a clandestine entry of the property.
Read the full story here.
Comodo’s BOClean is quite adept at fighting Trojan Horse programs, and it’s free.
The last day or so users have been calling and reporting that they get an error message (in a persistent dialog box) stating that BOC425.XVU is corrupt, go to BOClean update to correct. But doing so doesn’t fix it and you can’t get the dialog box to go away.
First, right click the BOClean icon 
in the task tray and select “Shutdown BOClean”. If it is not there, then you will likely have BOC425.exe in Task manager. That’s Ok too.
Next, pull up Task Manager (CTRL-SHFT-ESC) or right click the taskbar and select “Task Manager”. Click on the column heading “Image Name” to alphabetize. Look for and click on BOCore.exe and “End Process”. Do the same with BOC425.exe if it’s there. If there is more than one of either of those, do them all.
When you have BOC425.exe or BOCORE.exe highlighted and click on “End Process”, you will have to acknowledge any warnings and then close Task Manager.
Now you can go to Start | All Programs | Comodo | Comodo BOClean | Updater and the update should fix the problem. You will need to either reboot or run BOClean manually (from the Start Menu) to get it up and running and protecting you again.
I wish I weren’t such a nice guy. A gal that works for one of my clients asked where she could take her laptop to for cleaning.
There wasn’t anyone I really felt comfortable recommending and I figured “how bad can it be?”
“Bring it to me”, I foolishly said.
It’s an IBM Thinkpad, which is good, with a Celeron processor, that’s bad.
Even though it has a Windows XP Pro license sticker on the bottom, XP Home is installed – Strike two.
And this thing is so polluted you can barely move the mouse pointer. There was no working antivirus software, although I finally found some program shortcuts for Norton 2003. No sign of the software though.
Internet Explorer is absolutely useless, well, more than usual. Unless you like infinite exploding popup windows. So after cleaning out the registry and everything else that was easy to find, I loaded BOClean antitrojan, antimalware and Firefox. BOClean has found only 1 item so far (and killed it).
Firefox runs, go to Google and do a search, no problem. Try to navigate to http://housecall.trendmicro.com and the program closes.
Using a USB flash drive I copied adaware 2007 (free version) and ran it twice. Found quite a bit and cleaned it. Now it refuses to run.
Using a USB flash drive I copied SysClean from another PC where I downloaded it. It gave me fits too, but finally I was able to make it run.
Also from a USB flash drive I copied the free antivirus from Comodo. It found nothing, although much had already been cleaned.
Searching for RootKits I used F-Secure’s Free (expires Oct 1st) BlackLight. It found nothing.
The persistent file I find, loading from the registry is PRX.exe in C:\Windows\System32. Googling it brought up nothing of any use.
I keep threatening to blast the whole thing, format the drive and reinstall Windows XP Pro from scratch but:
Folks, surf wisely. Check out my User Behavior page on my website. Use SiteAdvisor. Run a competent antivirus program and BOClean for malware. Don’t open suspicious emails.
============
Update
============
Final resolution: Wipe Drive and Reinstall Windows XP.
Subscribe to this site's RSS feed.