Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Free Av "had" It..and Then Not.....?


  • Please log in to reply
10 replies to this topic

#1 1Bart

1Bart

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:03:37 AM

Posted 21 July 2007 - 02:45 PM

While browsing, computer initiated daily scan. During scan, noticed Python as "item/threat". Before finishing scan, I stopped the scan with the belief that I could disinfect the file and then re-do scan in safe mode.

Stopping the scan prohibited me from "cleaning" the file. (Yeah..I know now)

Started and completed the AVG Free scan in Safe mode with NO threats found...??????

Sent file to Jotti.....Nothing found.

Well is it or isn't it...lol....a python trojan.....

If it is an infection, what can I use to clean it up?...Since AVG didn't.

If not...very very well. What was up with the initial detection by AVG Free AV then.....Not the most important question in this thread.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:37 AM

Posted 21 July 2007 - 03:00 PM

Links below will explain what it is. Don't know why AVG would flag the program. Not sure what "Bin" in the file path means. Maybe a tool that HP offers if you want it. Googling around finds no other program with that file name. Looks legit to me.
http://www.python.org/about/
http://www.python.org/download/releases/2.2.3/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:03:37 AM

Posted 21 July 2007 - 03:27 PM

Agreed.....Or at least I thought so.

Googled a bit too and could not find anything of negative substance.

Your 1st link has a "documentation" link that has much info. Started and will continue there...at least.

Bin has many "items"...Took screenshots but....Can't figure how to post files in responses.

Thanks a GIG.....

#4 buddy215

buddy215

  • Moderator
  • 13,501 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:37 AM

Posted 21 July 2007 - 03:37 PM

Don't you think the Bin is where HP stores all of the programs that came with your computer?
Like a tool bin.

Edited by buddy215, 21 July 2007 - 03:38 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:03:37 AM

Posted 21 July 2007 - 03:48 PM

Judging from its contents....it is that and then some.....

#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:37 AM

Posted 21 July 2007 - 03:55 PM

Normally HP stores all the programs that come with the computer in two locations, the recovery partition (D Drive) and C:\SWSETUP.

Python comes on HP computers, and is clean. this looks like a false positive.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:03:37 AM

Posted 21 July 2007 - 04:19 PM

Hey...Thanks a gig again....

That bin folder does have quite a few "interesting" files though...
  • DeviceManager.log
  • DeleteDriver.bat
  • TurboTax Folder with Adj.cmd and lg.ini files
  • KillWind.exe.. We've been through this one and it is OK
  • Spawn.exe..Sounds "viral" but is part of True Image...Whatever THAT is.
  • partition.bat
  • FullScreen.exe
  • TransientMessage.exe
  • ASK.exe
  • GetCurrentBlock.js
Actually about 120 files and 5 folders.

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:37 AM

Posted 21 July 2007 - 07:58 PM

Looks like parts of the standard Cr*pware that comes preloaded from HP. If this is in C:\Python\bin or C:\hp\bin, it is various binaries for hp remote control and diagnostics. these are not remotely accessible unless you run them and allow access.

Edited by oldf@rt, 21 July 2007 - 08:02 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:03:37 AM

Posted 22 July 2007 - 09:12 AM

Indeed.......I have, once, in the past...allowed HP to access the computer. Allowed them to "take control" of the pointer and fix an "issue" that I was having. It was a godsend/great time saver at the time and there was always an item in the tray where I could shut them out at any given moment.

As I recall, we (HP and myself) were on the phone..during the warranty period....and it was I who said..."I wish you could take this thing over to resolve the issue much faster"....And so it was "born".

Question: If one allow access as such to your computer and they "just" click around......is there any security issue involved...? No sending files ect...Just the sheer fact that they are somehow "in" the computer, can malware be transferred? I pose this question NOT because I suspect any harm at that time but it was such a help then and wouldn't mind "others" (BC) "taking over" at a later time......

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:37 AM

Posted 22 July 2007 - 01:05 PM

Normally a vpn type connection is set up, so it is secure.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:03:37 AM

Posted 22 July 2007 - 06:01 PM

Much obliged....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users