Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to okjoe
Re: CCleaner now installs with adware?
said by okjoe  :Auto scan after 11/10 NIS update. "84 Registry Entrys, 2 Files Affected" Risk Name: Adware.SystemProcess. Status "Removed" CCleaner 1.40 What were the names of the two files in your system?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cork1958
Cork
join:2000-02-26
Fruitport, MI
 ·Verizon Online DSL
 ·Charter Pipeline
| reply to Goodbye CCleaner
Seems kind of odd that the original poster hasn't came back here to reply at all?
Obviously the person is using Norton or McAfee, which are both about worthless!
My Kaspersky Personal Pro or Clamwin AV for Windows found nothing on 7 machines. Neither has Spybot or SuperAntiSpywarePro.
--
The Firefox alternative.
»www.mozilla.org/projects/seamonkey/ |
|
orig poster
@cox.net
| reply to Goodbye CCleaner
I use nis/nav 2008 fully updated, fully patched vista box behind a cisco router.
CCleaner was d/led from filehippo, which appears to be the default d/ler for ccleaner
no other d/ls on that day, nav is run every night and nav removed the filesreg entries the night of the install. No subsequent files found by nav.
Some of us take a day off for the weekend, so sorry for the delay, |
|
okjoe
join:2003-05-20
| reply to Doctor Olds
said by Doctor Olds :said by okjoe :Auto scan after 11/10 NIS update. "84 Registry Entrys, 2 Files Affected" Risk Name: Adware.SystemProcess. Status "Removed" CCleaner 1.40 What were the names of the two files in your system? C:\WINDOWS\system32\p.dat
C:\Documents and Settings\xxxx\Local Settings\Temp\ibho.log |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
2 edits |  reply to Goodbye CCleaner
Resolution
The first set of definitions containing the fixed script is –
Rapid Release Sequence – 75350
Version – 12th November 2007 (rev. 020)
NOTE: Please make sure to select the appropriate release for your version and Operating System.
These updates will be available using the certified definitions from the 13th onwards.
Many thanks to my friends at Symantec who worked this issue today [ a holiday ] and got back to me with the official word before 5PM Pacific !!!!
Link to rapid release definitions:
»www.symantec.com/avcenter/rapidr···oad.html
-amy-
--
DSLR Phishtracker |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:  | So this was a FP, Amy? |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| said by sashwa :So this was a FP, Amy? More like a tweak to an old detection set [ as I understand it ]
--
DSLR Phishtracker |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs: | Okay. Thanks for the help. |
|
VR38DETT
Turbocharger X2
join:2002-10-24
Vancouver, BC
clubs: | reply to Goodbye CCleaner
Re: CCleaner now installs with adware?
Thank you for the follow-up, Amy! |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to Goodbye CCleaner
For a condensed topic and resouces for the 3 most integrated isues please jump over to »NAV/ SAV defintions release for 'weekend bug-fixes'
for help, and posting of any issues still un-resolved.
All three issues reported over the weekend are combined forthe sake of reporting and prompt resoultion with feedback to be sent to Symantec that may be found all in one discussion.
Please report your findings !!!
Thank you so very much
Amy Sheehan
1 Symantec Enhanced Testing member
2 Symantec beta tester
3 unoffical fact gatherer and submissions to Symantec for product improvement and support resolution "On your Side"
--
DSLR Phishtracker |
|
siliconman01
Premium
join:2005-05-08
Saint Albans, WV
1 edit | reply to Goodbye CCleaner
This False Positive is not yet fixed. I ran the rapid response update prior to running the NIS 2008 Quick Scan on my Vista Business system.
Interestingly, it says it deleted 79 entries from the HOSTS file; however, my HostsMan only shows 8 entries were deleted. Using MVPS hosts entries only.
This has been going on since 10-Nov-07. I would hope that the Symantec group gets it resolved soon. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| Could you post this follow up information in the combined topics and solutions/feedback thread here: »NAV/ SAV defintions release for 'weekend bug-fixes'
thanks
--
DSLR Phishtracker |
|
might join
@btcentralplus.com
| reply to Goodbye CCleaner
Hi guys
I have just found this thread after I experienced the same Adware.SystemProcess problem after a Norton update a couple of hours ago (It is Tues 13th in my time Zone but I guess the fix isn't "out-there" yet, lol).
Anyway FYI...
my CCleaner is 2.0.0.500
my Spyware Blaster had 6 IE threats unprotected (but I don't use IE!)
So I thought I'd do a little experiment... I re-enabled all of SpywareBlaster's protection, updated it, and enabled everything again. I ran a quick Norton scan again, wondering if it would find the same problem a second time.
No, it didn't. But it did disable 6 SBlaster things again (without saying anything!)
AND ...
It "fixed" a security risk "SecurityRisk.URLRedir", this translates to 79 hosts file entries....or it would have done, except that I blocked Norton's change with WinPatrol (free version) I haven't checked all of the supposed bad entries, but the few that I did check were NEVER there!!! - things like Kaspersky, McAffee, F-secure etc.
Now that is two lies. That they were there, AND that they had been fixed.
...and why didn't it find this "problem" when it found the Adware.SystemProcess problem? Nothing had changed in the meantime except the SpywareBlaster update.
My Spybot S&D immunisation, however, hadn't been tampered with at all. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to Goodbye CCleaner
Please post followups and issues following the fixes outlined in this combined thread here:
»NAV/ SAV defintions release for 'weekend bug-fixes'
This will enable all parties to get the info in one place for later evaluation based from the revisions up to this point in the investigation and for full resoltion.
It really helps to have all the info in one place
Thanks, Amy
--
DSLR Phishtracker |
|
aeloel
@1starnet.com
| reply to amysheehan
There is no source file. My NAV CE logs don't have good detail, except to say the infection was succesfully quarantined, but in looking at the event logs on the PC, I found the following symantec application message.
Event Type: Information
Event Source: Symantec AntiVirus
Event Category: None
Event ID: 3
Date: 11/12/2007
Time: 2:02:06 AM
User: N/A
Computer: 01WS010704
Description:
Risk: in File: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.
In reviewing the documentation on this Adware.systemprocess infection. It seems weird that this was the only element present in any of the affected machines.
FYI: we only use NAV CE now, but used to also have SpyBot S&D on some of them too. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
|  Something to do - re: possible SpyBot old entries
quote:
In reviewing the documentation on this Adware.systemprocess infection. It seems weird that this was the only element present in any of the affected machines.
FYI: we only use NAV CE now, but used to also have SpyBot S&D on some of them too.
Open regedit
Navigate to this key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
If there are still entries from the old install of SpyBot S&D
and to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
and see if there are still entries that include domain names.
If so, let me know and I will give you a quick fix to remove all the leftovers from the old install.
That will insure that all domains are removed and should you decide to add those entries in the future that they will install properly.
-amy-
--
DSLR Phishtracker |
|
blue
@telus.net
| Hello,
Thanks Amy for posting this info.
I too had this infection over the weekend. Do you know which program cause this???
I had a look under the regedit and there are lots under the zonemap\domains but I am still using Spy bot S&D. Please advise on what to do next. My pc is running good, but I am having lots of cookies every day, and not even using the internet.If I delete the files in the regedit under zonemap\domains will that remove the Spy bot S&D program?
Please post the quick fix.
Thanks |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| said by blue :
Hello,
Thanks Amy for posting this info.
I too had this infection over the weekend. Do you know which program cause this???
I had a look under the regedit and there are lots under the zonemap\domains but I am still using Spy bot S&D. Please advise on what to do next. My pc is running good, but I am having lots of cookies every day, and not even using the internet.If I delete the files in the regedit under zonemap\domains will that remove the Spy bot S&D program?
Please post the quick fix.
Thanks
On the machine that has SpyBOT installed you can remove the SBot entries made by removing the immunization.
After you close SBot check the registry for any entries that are still present for each user account in the registry at the locations I noted before. Manually delete any entries you did not make yourself and close the registry.
Immunization will work best if zonemap\domains no longer lists any SUBKEYS. Do NOT delete the zonemap\domains key just any SUBKEYS.
Now you should be ready for a clean re-immunization with SpyBot.
If you note any strange reg entries please post back with the info.
-amy-
--
DSLR Phishtracker |
|
w8sdz
join:2001-05-21
Port Orange, FL
3 edits | This inf file will clean the Domains keys:
; DelDomains.inf
; Created by: Mike Burgess Microsoft MVP
; »mvps.org/winhelp2002/
(edited to remove code because next posting by Amy Sheehan has an improved version)
--
73 de w8sdz - sip:271752@fwd.pulver.com |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
1 edit | Deldomains and how to reset restricted zones - MORE
Thank you for posting the deldomains info.
I was going to post the link and info once I got home to the computer to retrieve it all.
Again, thank you !!!
Some additional info:
How to download and more about deldomains and etc:
»mvps.org/winhelp2002/ [split] DelDomains.inf [remove split from URL to access]
For instructions on how to use Deldomains go to: »mvps.org/winhelp2002/restricted.htm
and scroll down to the section titled ''To remove all the sites listed in the Restricted Zone''
NOTE: Also new to IE7 the "Reset Internet Explorer settings" will remove all sites in the Trusted and Restricted Zones. Go to internet options/advanced and the reset button is at the bottom of the window.
-amy-
--
DSLR Phishtracker |
|
