I downloaded redsn0w_win_0.9.10b5c (iPhone jail breaking sw) from redsn0w.us and ran it as Administrator as it states that is needed.
COMODO scanned it and found no virus in it.
When I executed redsn0w COMODO reporter a number of actions that seems to show it has a malware payload. It changed a lot in the registry, for example registry for certs.
I ran a COMODO system scan which found nothing. I the ran online virus scanners which found no viruses.
I also uloaded the redsn0w file to virustotal which found now virus in it.
Below excerpt from COMODO Internet Security Logs which shows redsn0w is doing very strange and probably very bad things.
Is my computer infected? Why does not the online AVs show anything?
Defence+ Logs
Date Created
:
2012-08-06 19:57:59
Log Scope
:
Last 30 Days
Records count
:
14
Date/Time Application Action Target
8/4/2012 6:30:01 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:34:16 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:37:04 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:54:29 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Windows\System32\dwm.exe
8/4/2012 6:54:35 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Windows\explorer.exe
8/4/2012 6:54:52 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
8/4/2012 6:55:14 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
8/4/2012 6:55:37 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:55:50 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\Windows Sidebar\sidebar.exe
8/4/2012 6:56:17 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe
8/4/2012 7:44:42 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\USBAAPL64\Type
8/5/2012 7:55:52 PM C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Changes Defense+ Mode Safe Mode
8/5/2012 7:58:42 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
8/5/2012 8:00:42 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
End of The Report
redsn0w_win_0.9.10b5c
Comodo is a VERY weak AV.
Try running a quick scan with Malwarebytes and fix all it finds.
If that doesn’t rectify the problem, run Trojan Remover and Hitman Pro untill they run clean.