Home Malware Programs Rogue Anti-Spyware Programs Comodo Enhanced Protection Mode

Comodo Enhanced Protection Mode

Posted: July 28, 2011

ScreenshotComodo Enhanced Protection Mode is a rogue anti-virus program that's unrelated to the Comodo brand, but regardless, still pretends to be a natural part of Comodo application. Comodo Enhanced Protection Mode's 'protection mode' is just a front for disabling your anti-virus software's functions, including database updates and other scheduled events. Our SpywareRemove.com research team has found that Comodo Enhanced Protection Mode is often linked to other rogue anti-virus program infections and other harmful software-based attacks. This makes Comodo Enhanced Protection Mode a definitive and significant danger to your computer's security that should be removed via real anti-virus software, as soon as possible.

Comodo Enhanced Protection Mode – the Fake Media Update That Transforms into a Fake Virus Protection

Comodo Enhanced Protection Mode belongs to a coterie of rogue anti-virus programs that grab popular AV brands and then use those well-known product names to disguise their own PC security attacks. These rogue anti-virus programs distribute themselves through fake Adobe Flash updates, although Trojans, such as Zlob and Fake Microsoft Security Essentials Alert, may also install them.

Once Comodo Enhanced Protection Mode is on your computer, Comodo Enhanced Protection Mode will not try to pretend to be a separate anti-virus program in the fashion of Bogema Security or Windows Security 2011. Instead, Comodo Enhanced Protection Mode will pretend to be just one more function of a legitimate Comodo anti-virus program, by using this taskbar icon-linked pop-up:

"Attention! [Rogue security program name] operates under enhanced protection mode. This is a temporary measure necessary for immediate response to threat from virus. No action is required from you."

Real Comodo anti-virus products don't display this fake enhanced protection message, which doesn't offer any advanced protection at all. Comodo Enhanced Protection Mode's warning about a virus is, likewise, fake, since our SpywareRemove.com malware researchers haven't found any virus-detection features in Comodo Enhanced Protection Mode.

Watching your threat definition database updates may also give you a clue about a possible Comodo Enhanced Protection Mode infection. Comodo Enhanced Protection Mode will always change the update date on your threat databases to make it look like the database updates itself every time you log in to your PC. In reality, of course, Comodo Enhanced Protection Mode hasn't updated anything.

Why Comodo Enhanced Protection Mode is More of an Enhanced Danger Mode

Rather than giving you any kind of virus protection, Comodo Enhanced Protection Mode does its best to shut down all your anti-virus programs, without making it look as though they've been deactivated. This makes your PC ripe pickings for other malicious software attacks including RAT-based remote control and the installation of other kinds of malicious software. Our SpywareRemove.com malware experts have found that Comodo Enhanced Protection Mode infections are particularly closely-linked to the installation of other rogue security products.

Similar attacks can also be seen coming from other rogue anti-virus programs that borrow Comodo Enhanced Protection Mode's methodology and code. Some of these Comodo Enhanced Protection Mode copies include McAfee Enhanced Protection Mode, Microsoft Defender Enhanced Protection Mode, Avira Enhanced Protection Mode and ESET Smart Security Enhanced Protection Mode.

Even though Comodo Enhanced Protection Mode will stop you from using anti-virus programs, rebooting your PC into Safe Mode or using an external boot source will let you use a security program and delete Comodo Enhanced Protection Mode without problems.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Windows%\l1rezerv.exe File name: %Windows%\l1rezerv.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\sysdriver32.exe File name: %Windows%\sysdriver32.exe
File type: Executable File
Mime Type: unknown/exe
%Windows%\systemup.exe File name: %Windows%\systemup.exe
File type: Executable File
Mime Type: unknown/exe
%Users%\[UserName]\Downloads\OTS.exe File name: %Users%\[UserName]\Downloads\OTS.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\Software\Comodo Enhanced Protection ModeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Comodo Enhanced Protection Mode"

Additional Information

The following messages's were detected:
# Message
1Comodo ENHANCED PROTECTION MODE Attention! Comodo operates under enhanced protection mode. This is temporary measure necessary for immediate response to the threat from virus. No action is required from you.

Loading...