Anyone using Comodo Firewall Pro?

[SaraMK]

I have a game that I registered using a *coughkeygencough* and for some reason it repeatedly tries to hijack my web browser. I don't think this is the *coughkeygencough*'s fault, since none of the other games do this.

It doesn't do anything if I'm just playing the game. But, if I start a web browser while the game is running, and then go to any website, I get a popup saying that the game has "modified the memory of iexplorer.exe in memory." It does the same thing to Firefox.

I deny this action, which causes the website to not load. Then I can't load any websites until I restart my web browser. After restarting my web browser everything works fine and it doesn't try to hijack it again... for a while, anyway.

Is this game trying to get me busted? Or is the firewall acting crazy? What does that message mean, anyway?

[jrd]

Sounds like spyware antics to me. When is the last time you did a deep scan of your system for malware?

No program should ever be allowed to modify the memory of a third-party program. This is exactly how trojan horses work: they attach themselves to a legit process like a web browser, and do their damage in the background.

Might be the game, or the keygen.

[J. M. Pescado]

No program should ever be allowed to modify the memory of a third-party program. This is exactly how trojan horses work: they attach themselves to a legit process like a web browser, and do their damage in the background.

This is not entirely true: There are legitimate reasons for why a program would modify the memory of another program: Debuggers, cheat programs, and even some forms of cracks and hiding software all have legitimate reasons for why they would modify the memory or executable space of a third-party program.

Most likely, however, in this case, the behavior is that of Evil Spywares.

[morriganrant]

I had my browser doing something similar for awhile although not using the game as an excuse. It was then that i realized that my boyfriend looks at porn and doesn't run the virus scan or ad-aware afterward. I don't care if he looks at pron but he will not infect my computer by his own stupidity! I now badger him to run them after such use and run them twice a week anyway.

[Paperbladder]

I use CPF 3.0.2.5 Alpha (it's still somewhat unstable and you have to sign up to get it), and this is what pops up whenever I get a global hook.



I've noticed that CPF 2.4 displays some really odd messages when it comes to web browsers saying something like "Photoshop wants to inject a hook into Firefox" or "Some setup program wants to inject a hook into Firefox".  Like you said, if you deny these then it'll prevent your browser from connecting to anything.  This is one of the reasons I stopped using it.

[SaraMK]

I found tons of adware. Looks like the game and keygen had nothing to do with it after all, since I seem to have been infected yesterday. It probably hitched a ride with some stuff I downloaded from NoNags.

*sigh of relief*

Now I can go back to stealing from Reflexive with a clear conscience....

[Zazazu]

NoNags, the one whose Yahoo! listing says "Offers freeware programs with no viruses, spyware, or trojans." 

[SaraMK]

Well, if you have a NoNags membership, which you have to pay for, I guess they scan everything you download. But if you don't, then you're downloading from individual publishers' sites. So it isn't much safer than just finding those sites on your own, I guess.