Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Am i infected?

  • Please log in to reply
1 reply to this topic

#1 Splashhh


  • Members
  • 8 posts
  • Local time:08:51 PM

Posted 28 February 2010 - 04:42 PM

First off i have another open thread that is not related to this computer. Just in case anyone notices.

So recently my computer has been running a little slow, so i download this SuperAntiSpyware, which seems to be a popular application on this site and i ran it. It came up with :

SUPERAntiSpyware Scan Log

Generated 02/26/2010 at 02:24 AM

Application Version : 4.34.1000

Core Rules Database Version : 4621
Trace Rules Database Version: 2433

Scan type : Complete Scan
Total Scan Time : 00:26:57

Memory items scanned : 550
Memory threats detected : 0
Registry items scanned : 5257
Registry threats detected : 0
File items scanned : 23069
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Pumpo\Cookies\pumpo@atdmt[1].txt
C:\Documents and Settings\Pumpo\Cookies\pumpo@smartadserver[2].txt
C:\Documents and Settings\Pumpo\Cookies\pumpo@ad.yieldmanager[2].txt
C:\Documents and Settings\Pumpo\Cookies\pumpo@invitemedia[2].txt
C:\Documents and Settings\Pumpo\Cookies\pumpo@doubleclick[2].txt

C:\SYSTEM VOLUME INFORMATION\_RESTORE{612F964E-9002-42F1-8B0D-875486B962CA}\RP335\A0103924.EXE

The application said it had quarantine the item ( Trojan.Agent/Gen-PennyStockChaser ). I tried to look this up but i was unable to find anything. So that is why i am asking here.

Any help would be great. Thank you.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,780 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:51 PM

Posted 01 March 2010 - 09:42 AM

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.

System Restore is enabled by default and will back up the good as well as malicious files, so when malware is present on the system it gets included in restore points as an A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) and moved into quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat. Thereafter, you can delete it at any time.

The other detections are Cookies which are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them but not all websites use them.
  • Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.
  • Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.
The type of persistent cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. Cookies are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners.

Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups or install malware and they cannot erase or read information from a computer.

Cookies cannot be used to run code (run programs) or to deliver viruses to your computer.

MS Article ID: 60971 - Description of Cookies

To learn more about Cookies, please refer to:As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal. However, you can minimize the number of them which are stored on your computer by referring to:How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users