Boclean False Positive !???!

In my case system restore wasn't working ether.

 

Hi, folks: The auto reinstallation of such a system file probably has little to do with system restore feature at all. I have it turned off. And the sys file returns after reboot. I think MS has put some sort of safeguard to this sys file, virtually nothing can permanently remove it from your box.

 

It's the Windows File Protection feature

 

Guys, I had the same problem...an FP. BOClean it seems destroyed my internet connection in the process of cleaning the 'trojan'. I had to format the C drive to get things back to normal. Phew...I'm just finished. Anymore of this and BOC is off my box for good.

 

If BOClean finds something, it will automatically clean certain areas of your machine that can and will effect internet connectivity. The default areas for cleaning includes, reset of security zones, Hosts files, temp folder, activeX downloads, winsock connectivity, and IE user stylesheets. They can all be changed/unticked in the configuration options. They are set by default because Malware can change or hide in the areas. Imagine getting a trojan, then it changes your hosts file. Now, you go to google.com only to find out that you've been redirected to badguy.com site. That is why the areas are set as default. http://www.comodo.com/boclean/supboc.html#bocconfig

I think BOClean is a good program, but it is very important to read and understand the manual. I see a lot of grief that could be avoided if only users would get to know the program a little. This goes for any program you use. I know that the people at Comodo say to just install BOClean and it does all the work. Easy as pie. What they didn't say was that after it does it's work, you will have some work to do after its cleaning is done. I guess this is where a backup strategy comes into play.

This isn't directed towards anybody specific. I think it is an important message that needs to be said to everyone new or considering using BOClean. BOClean is very unique in what it does and the way it works. Hopefully that will keep it in the mainstream and allow it to stay a useful tool.

Take care, innerpeace

 

Yesterday two friends whom i had advised to use Boclean phoned complaining all the symptoms depicted in previous posts.
they were running old version- nsclean- Boclean and were using
Automatic MS Updates.
When the BC screen asked for removal permission of AEC.sys they gave the OK, after that no more internet connection and chaos.
I had them go to a nearby friend and download both
LSpfix&Winsock (lspfix.zip) ,which did nothing at all,
and
WinSock XP Fix
from
http://www.snapfiles.com/reviews/WinSock_XP_Fix/winsockxpfix.html

which took care of everything ,fixing connectivity and restoring internet connection on both computers.

Note its a freeware and,should it refuse to backup the registry when you double click on the exe ,just skip the thing by canceling or saying no so that you are brought back at square one where you can just order Fix and proceed from there, rebooting right after you hear the beep and receive communication that's all done.
The AEC.sys will be replaced by MS on reboot,if necessary.
Best wishes if someone has still this problem.


I,for one, did not experience this FP ,perhaps because i dont use MS Office/Outlook and did not do any MS Updates recently or perhaps i was just lucky.

Edit-I performed today-Wednesday-the MS update about the Installer,but its probable by now Comodo people fixed the matter with their own update.

 

Please read this post by Kevin McAleavey. It will explain a thing or two: http://forums.comodo.com/index.php/topic,8915.0.html

 

... also, from here:

 

I configured BOClean and put a check mark to make the configuration permanent, to change the configuration I have to delete BOC423.INI . Just to make sure nothing else gets cleaned up right out of the system..that shouldn't.

 

Hi, Carver: Smart plan indeed. What is your optimal configuration ? Can you share ? Thanks.

 

Hi,

Not exactly sure what you mean, but if it is the option "Prevent any changes to configuration" then allow me a warning in general (just in case):

http://www.nsclean.com/supboc.html

 

Thats the one, it can be undone. A new BOC423.INI is created in C:/Windows/BOC.INI. Put a check mark in "Prevent any changes to configuration". A popup comes up and tells you can be undone and asks if that is what you want to do.