Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vunerabilities


  • Please log in to reply
5 replies to this topic

#1 MommaD

MommaD

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 29 August 2008 - 08:31 AM

Good Morning,

Hopefully a small question.

PC Ciilin is picking up a "Vulnerability" asking me to go to the website to find a "patch"
I have tried to find such patch without any luck. I suppose I am not sure what I am searching for.

This is what is found during my scan:

Cryp_FakeAV Generic Not Fixed Yet

Infected File: A0008267.exe

Location: C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}RP61\

I would be grateful for some guidance.

Thank you,
Ladyhawk

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:31 PM

Posted 29 August 2008 - 08:43 AM

Welcome to BleepingComputer

C:\System Volume Information\_restore


that is in your system restore, before we deal with it would your please install MBAM and run a scan with it

http://www.bleepingcomputer.com/forums/ind...st&p=926512
Chewy

No. Try not. Do... or do not. There is no try.

#3 MommaD

MommaD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 29 August 2008 - 09:36 AM

Thank you Chewie,

I ran the suggested program, it found 8 spyware, says nothing malicious.

Nothing mentioned regarding the exe file that was found earlier.

Shall I run another PC Cillin scan ?

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:31 PM

Posted 29 August 2008 - 10:09 AM

would you post the MBAM log?

you can run another scan with your AV but for now ignore anything it finds in system restore, I would suggest doing a scan with PC Cillin from safe mode

http://www.malwareremoval.com/tutorials/safemodeboot.php
Chewy

No. Try not. Do... or do not. There is no try.

#5 MommaD

MommaD
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 31 August 2008 - 07:57 PM

Malwarebytes' Anti-Malware 1.25
Database version: 1094
Windows 5.1.2600 Service Pack 2

9:29:33 AM 8/29/2008
mbam-log-08-29-2008 (09-29-33).txt

Scan type: Quick Scan
Objects scanned: 63338
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge WebTrust Seal.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-4F1261A8E5\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:31 PM

Posted 31 August 2008 - 08:05 PM

If all the malware symptoms are gone and the only thing showing with a pc cillin scan is in restore then you can safely flush those old restore points

http://www.bleepingcomputer.com/forums/ind...st&p=930161
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users