republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > CCleaner now installs with adware?

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
Reviews:
·AT&T Midwest
·AT&T Midwest

reply to Goodbye CCleaner

Re: CCleaner now installs with adware?

said by Goodbye CCleaner :

D/Led the new version 2.02.257 - and when i ran my av overnight I found that Adware.SystemProcess was also now installed. AV removed it, but I was wondering if anyone else saw this too? The new CC version was all I d/led yesterday.

Thankss
Out of curiosity what AV are you using,because my NIS 2007 zapped that the other day after an update.I thought it was a FP !! it could be if your using NAV too.

Just curious are you??
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."
to forum · permalink · 2007-11-11 10:33:29 ·


sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
kudos:14

I'm using NAV 2006 and have CC 2.02.257. I ran a AV scan yesterday and I just noticed that it tagged the same thing - Adware.SystemProcess

to forum · permalink · 2007-11-11 11:07:30 ·


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

»www.symantec.com/security_respon···&tabid=2

quote:
Updated: February 13, 2007 11:46:22 AM
Type: Adware
Version: 1.0.0.1
Risk Impact: High
File Names: ccapp.exe,navshext.dll
Systems Affected: Windows 2000, Windows 98, Windows CE, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.SystemProcess is executed, it performs the following actions:

1. Creates the following files:

* %System%\ccapp.exe
* %System%\navshext.dll
* %System%\p.dat
* %System%\system.dat

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

2. Downloads the following file:

%System%\ustart.exe (This is detected as Adware.WintaskAd.)

3. Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\System Process
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects
\{C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB}
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\anrdoezrs.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\bfast.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\cc-dt.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\commission-junction.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\dpbolvw.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\fastclick.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\fastclick.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\jdoqocy.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\kqzyfj.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\linksynergy.com
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\qksrv.net
HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003
\Software\Microsoft\Windows\CurrentVersion\Internet Settings
\P3P\History\tkqlhce.com

4. Adds the value:

"*.system-processes.com" = ""

to the registry subkey:

HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software
\Microsoft\Internet Explorer\New Windows\Allow

5. Adds the value:

"%Windir%\system32\ccapp.exe" = "%Windir%\system32\ccapp.exe:*:Enabled:System Process"

to the registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\AuthorizedApplications\List

6. Adds the value:

"System Process Uninstall" = "%Windir%\system32\ccapp.exe UAF"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
to forum · permalink · 2007-11-11 12:05:10 ·
Forums > Broadband Tech > Security > Security

Monday, 28-May 22:31:18 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics