Greetings again all,
Please excuse my lack of reply over the last couple of days. I did reply to you all two nights ago, but when I had written a veritable tome of events and pressed the 'Submit Reply' button, the site just locked out with a 'sending reply' (or something of that nature). Leaving everything alone for 15 minutes or so made no difference. Reply gone - not sent, logged out - Ace!
So this time I have written to you all offline in the forlone hope I can 'Beat The Clock'.
Meshman; Thank you for your reply. I tried what you said (start/run/msconfig) but I R/Xd a message that 'Windows does not recognise...' Did something wrong there.
gradyhappyg; Thanks for the input. This is how I initially removed the proggy. The 'COMODO' folder still existed in Program Files (with GeekBuddy inside). It refused to go whether by Delete or Erase.
KellyB; Thanks KerllyB. I D/Ld the normal programme and somehow 'GeekBuddy' and 'Dragon' were in with it. I would not knowingly D/L addons, (but then, given what's happened, what do I realy know!). 'GeekBuddy' is a helpline with a phone number to help you get rid of nasties. I found that amusing..
SW; Thanks mate. Tried Windows Control Panel (mine is Task Manager- XP).. As soon as I stop it, it fires up again immediately.
aeromed222; Thank you aeromed222. I will keep that info on file for the next self inflicted crisis.
Dumenceau; Thank you for the nod. I have McAfee 'free' (don't you just love that?) from my O2 ISP. It's sheer crap. Couldn't find a cold in a hospital full of people with bright red noses sneezing in it's face. When it does it's 'updates', it hangs on to the PC as if it's drowning. I copped a bug last year, MalwareBytes found it straight away; McCrappy missed it, even though the beasty was 18 months old at the time.
I thought I'd take up daveroo's idea of hunting in the registry. I found around thirty+ appearances of COMODO Dragon and GeekBuddy, together and seperately. Deleted .exe, dll, and anything else I could find in all these areas;
HKEY_CURRENT_USER/Software/COMODO
Inproc server32
DATAC/PROGRAM FILES/comodo/GeekBuddy/lps-cspm/components/core/component 3/Autoruns/Wrapper.dll
HKEY_CLASSES_ROOT/Installer/Products/Type Lib/{DA5BEF3F-BBB4-45BE-BDBA-BD57B34ACA97}
HKEY_CURRENT_USER/Software/Search Assistant
HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Explorer/MenuOrder/Programs/Comodo
HKEY_LOCAL_MACHINE/System/Enum/Root/LEGACY_GEEKBUDDYRSP. This one would not delete. Deleting the contents of the main
folder would only make it come back again with a message stating; 'Error whilst deleting key'.
(I have not listed any more as there were around another 25 places and I got writers cramp logging them).
I deleted all the appearances I found and came out. That's when I noticed GeekBuddy at the bottom of the screen, next to the clock, telling me I had not set a password! It never was there before.
Looking in Task Manager GeekyBoy was there as happy as ever. Turn it off and it fired up again immediately.
As I had appeared to have emptied all the Registry files but GeekBuddyRSP.exe still launched I searched for it with the Search programme. It was in;
Programme Files/Common Files/COMODO/, along with it's launcher.exe.
A quick start in safe mode kissed them two goodbye!
But now my 'buddy' has gone, but as far as I'm concerned, due to the fact that it refused to leave when asked, it is a malware/spyware/ - whatever.
But COMODO did find a bug in 'Bloch131.zip' at Sim-outhouse here! A false positive methinks...
My thanks again to each and every one of you all for your ace ideas and concern. I appreciate them all very much. And I learnt a few things too.
Best regards,
Graham 'GeekBuddy free' Sullivan.
