Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adobe flashplayer updateservice.exe is not a friend of AVG antivirus


  • Please log in to reply
9 replies to this topic

#1 smarchand

smarchand

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 August 2013 - 09:16 AM

25 August 2013,

 

Threat detected in my adobe flashplayer updateservice.exe.

using win7 and avg 2013.

this is new, only a couple of days. keeps alerting me  !

 

is it a false alert ?

 

thanks


Edited by hamluis, 25 August 2013 - 10:13 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:21 AM

Posted 25 August 2013 - 10:13 AM

Aside from AVG notification...any problems with your system?  Any other indications that you may be infected?

 

Louis



#3 smarchand

smarchand
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 August 2013 - 10:15 AM

no.

 

the only annoying thing is avg keeps alerting me on

that updateservice.exe



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 25 August 2013 - 06:00 PM

Hello -

Can we please run one diagnostic scan, and one repair scan -

 

Download Security Check by Screen317
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Scan your machine with ESET OnlineScan
1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button
Or you can find a report at  C:\Program Files\esetonlinescanner\log.txt.

 

 

Thank You -



#5 smarchand

smarchand
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 26 August 2013 - 11:30 AM

security check result :

 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 CCleaner     
 CleanMyPC - Registry Cleaner  
 Java 7 Update 25  
 Visual Studio Extensions for Windows Library for JavaScript 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

 

eset scan online will follow

will take forever ...



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 26 August 2013 - 04:03 PM

CleanMyPC Registry Cleaner download: NOT RECOMMENDED
Corrupt PC Optimizers CleanMyPC Registry Cleaner spyware remover was carefully tested by 2-spyware.com research center. The review is the result of our test.  However, this cleaner shows a lot of false positive alerts, which makes it a questionable tool, because none of the legitimate registry cleaners show them.
- A direct quote above from the reviewers - Also your Registry will not get "Dirty" and need cleaning.
Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
CleanMyPC - Registry Cleaner has been found to be bundled with 3rd party software, so you should be safe uninstalling it.
• Step One: Go to Start, and click on All Programs.
• Step Two: Scroll down the list and right click CleanMyPC Registry Cleaner.
• Step Three: Click Uninstall CleanMyPC Registry Cleaner option to start the removal.

 

 

 Spybot - Search & Destroy has been well overtaken by programs like Malwarebytes Anti-Malware Free (aka MBAM) and SUPERAntiSpyware Free (aka SAS). We recommend that you remove it fully -

 

 

Thank you for running the ESETScanner, and please post back the results -



#7 smarchand

smarchand
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 27 August 2013 - 07:22 AM

a 13 hours scan ...
 
result of esetscan
 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\DeltaToolbar67.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip Win32/Bagle.gen.zip worm
C:\Program Files\Codec-V\Codec-V.dll Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Program Files\Codec-V\Codec-V.exe a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\Program Files\Codec-V\Codec-VGui.exe a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantined
C:\Program Files\Codec-V\Uninstall.exe a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\Program Files\Codemasters\DiRT 3\paul.dll Win32/HackTool.Crack.O application cleaned by deleting - quarantined
C:\Program Files\Codemasters\DiRT 3\SKIDROW.dll Win32/HackTool.Crack.O application cleaned by deleting - quarantined
C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.exe a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-CGui.exe a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantined
C:\Program Files\Premiumplay Codec-C\Uninstall.exe a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\DeltaToolbar67.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8OPV8B7\pack[1].7z multiple threats deleted - quarantined
C:\Users\steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1FKN8AU\pack[1].7z multiple threats deleted - quarantined
C:\Users\steph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRODZMJD\pack[1].7z multiple threats deleted - quarantined
C:\Users\steph\AppData\Local\Microsoft\Windows Live Mail\Yahoo (smar 511\Inbox\387C579C-00000C74.eml HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\steph\AppData\Local\Temp\NERO20100525193452279\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
C:\Users\steph\Downloads\SuperMarioBros3_downloader_by_gamefabrique.exe Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\steph\Downloads\Dirt.3-SKIDROW\sr-dirt3.iso Win32/HackTool.Crack.O application deleted
C:\Users\steph\Downloads\Halo 2 Vista-Win7\LAN\TeknoGods_Beta16.rar Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DN1T4PV0\upgrade[1].cab a variant of Win32/Adware.OneStep.AU application deleted - quarantined
I:\documents\Downloads\Adobe.Photoshop.CS2.v9.0.Incl.Keygen.READ.NFO-SSG (1).ZIP a variant of Win32/Keygen.AO application deleted - quarantined
I:\documents\Downloads\Adobe.Photoshop.CS2.v9.0.Incl.Keygen.READ.NFO-SSG.ZIP a variant of Win32/Keygen.AO application deleted - quarantined
I:\documents\Downloads\cnet_pgbreeze_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
I:\documents\Downloads\BOTH\BOTF.iso a variant of MSIL/Injector.HN trojan deleted - quarantined
I:\documents\Downloads\Nero 7.10.1.0\Keygen.exe Win32/Keygen.AJ application cleaned by deleting - quarantined
I:\documents\Downloads\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
I:\documents\steph\Pharaoh with Cleopatra Expansion.exe a variant of Win32/GameHack.AD application deleted - quarantined
I:\documents\steph\scanner.zip a variant of Win32/NetTool.SuperScan.AA application deleted - quarantined
I:\documents\steph\pharaoh\Trainer.exe a variant of Win32/GameHack.AD application cleaned by deleting - quarantined
I:\uTorrent Downloads\games\Dirt.3-SKIDROW\sr-dirt3.iso Win32/HackTool.Crack.O application deleted - quarantined
I:\uTorrent Downloads\games\Halo 2 Vista-Win7\LAN\TeknoGods_Beta16.rar Win32/Packed.Autoit.C.Gen application deleted - quarantined
I:\uTorrent Downloads\games\PC_Search and Rescue 4...Coastal Heros (.incl.crack.)\Search and Rescue 4 - Coastal Heros.part01.rar probably a variant of Win32/Obfuscated.CLMVYDU trojan deleted - quarantined
I:\uTorrent Downloads\softwares\Adobe Flash Pro CS5.iso a variant of Win32/HackTool.Patcher.P application deleted - quarantined
I:\uTorrent Downloads\softwares\ZMatrix.exe MSIL/Solimba application cleaned by deleting - quarantined
I:\uTorrent Downloads\softwares\Nero Burning ROM 6.0 Reloaded (Ultra Edition)\Nero Burning ROM 6.6.1.15c.exe Win32/Toolbar.AskSBar application deleted - quarantined
 

there is nothing about macromedia flashplayer updater ?

and by the way, i'm not receiving any alert message from avg about the flash updater ...

bizarre

 

thanks



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 27 August 2013 - 04:44 PM

Thanks for letting the scan complete smarchand, and that is unusually long due to your infections.

 

< < there is nothing about macromedia flashplayer updater ? > >
It is now just Adobe Flash Player and not listed as Macromedia these days

 

This is where you will download all these fake infections and they will continue while you use the site
I:\uTorrent Downloads\softwares\Adobe Flash Pro CS5.iso a variant of Win32/HackTool.Patcher.P

 

Genuine Adobe FlashPlayer 11.8.800.94 update < <
Untick the Google Chrome Add-on with your download.

 

Between, CleanMyPC - Registry Cleaner (scam), and the continued use of Torrents game downloads, the computer will be reinfected so please make sure that no more programs come from illegal sources, and you should remove the infected ones that you already have installed, as they can never be fully "cleaned", just patched over with each Antivirus / Antimalware scan.

I:\uTorrent Downloads\games\PC_Search and Rescue 4...Coastal Heros (.incl.crack.)\Search and Rescue 4 - Coastal Heros.part01.rar probably a variant of Win32/Obfuscated.CLMVYDU trojan

 

Crack / Keygen illegal programs are always full of infections and are not "free", as you still pay in the end.

 

Adobe Flash Player 11.7.700.224 should be removed FIRST from Programs and Features.

I would download Malwarebytes Anti-Malware and SUPERAntiSpyware (both Genuine Free versions) from the links above, make sure they are updated, and take the time to run a Full Scan with both programs. This will take (about) 60 to 90 minutes with each program, and then Update and run a scan at least once every week with them.

 

Uninstall your infected games and stop using Torrents Downloads, Run the scans I have said to run, and it will save you from Reinstalling a clean O/S -

 

Let it sit (normal usage) for a few days and see if you get any warnings, but it should be OK -

 

 

Thank You -



#9 smarchand

smarchand
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 27 August 2013 - 10:43 PM

thank you !



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:21 PM

Posted 27 August 2013 - 11:47 PM

Hi, Just a quick follow up -

 

Has the problem improved at all, or are you still working on it ?

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users