MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH | reply to amysheehan
Re: CCleaner now installs with adware?
Thanks Amy. 
Was trying to find some info on this,but did not come up with much. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| What would really help is for everyone to post the name of the file that was flagged during the scan - go to the Log Viewer / Security Risks for the source and name of the file found.
Thanks !!!
-amy-
--
DSLR Phishtracker |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
 ·AT&T Midwest
·AT&T Midwest
| said by amysheehan  :What would really help is for everyone to post the name of the file that was flagged during the scan - go to the Log Viewer / Security Risks for the source and name of the file found. Thanks !!! -amy- This is what I have amy it is not showing a source.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| 
Detailed Risk Properties Info |
said by MagMan :said by amysheehan :What would really help is for everyone to post the name of the file that was flagged during the scan - go to the Log Viewer / Security Risks for the source and name of the file found. Thanks !!! -amy- This is what I have amy it is not showing a source. I found more details for a 'tracking cookie' that was found this AM that had no details by going to Quick Tasks / View History / Security History / Advanced Details / Risk Properties / Details.
See screenshot for more info - have a look there if you can. [2007 and 2008 versions]
-amy-
--
DSLR Phishtracker |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs: 
·Comcast
·Alameda Power & Te..
Host:
Broadband Modem (H..
MSN
DSL Extreme
Windstream
Southeast Asian Br..
1 edit | reply to amysheehan
Amy, I'm not showing anything in my Log Viewer / Security Risks for yesterday's date.
FWIW, I submitted the file to Symantec for review.
NAV said it was found in 25 registry entries. Also NAV never made a peep when I downloaded and installed the new version of CCleaner which was when it first come out. It squawked during my weekly full scan.
--
TH ~ NE ~ EPN ~ NC ~ TD |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| reply to amysheehan
said by amysheehan :said by MagMan :said by amysheehan :What would really help is for everyone to post the name of the file that was flagged during the scan - go to the Log Viewer / Security Risks for the source and name of the file found. Thanks !!! -amy- This is what I have amy it is not showing a source. I found more details for a 'tracking cookie' that was found this AM that had no details by going to Quick Tasks / View History / Security History / Advanced Details / Risk Properties / Details. See screenshot for more info - have a look there if you can. [2007 and 2008 versions] -amy- This is what mine shows.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to sashwa
said by sashwa :Amy, I'm not showing anything in my Log Viewer / Security Risks for yesterday's date. FWIW, I submitted the file to Symantec for review. NAV said it was found in 25 registry entries. Also NAV never made a peep when I downloaded and installed the new version of CCleaner which was when it first come out. It squawked during my weekly full scan. [att=1][att=2] Thanks for the screenshot and for submitting your item to them. Looks like it may just be registry entries that were found. I'm sure that info will be helpful to Symantec.
-amy-
--
DSLR Phishtracker |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
1 edit | Thanks for your imput. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs: | Your screen shot shows 71 Registry Entries and 2 Files.
What were the 2 Files? |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| said by Doctor Olds :Your screen shot shows 71 Registry Entries and 2 Files. What were the 2 Files? This.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
2 edits | said by MagMan :said by Doctor Olds :Your screen shot shows 71 Registry Entries and 2 Files. What were the 2 Files? This. P.DAT is one of the files referenced in the Symantec write up -
Also the registry entry HKLM/ Software / ''System Process ''
»www.symantec.com/security_respon···&tabid=2
-amy-
--
DSLR Phishtracker |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| said by amysheehan :said by MagMan :said by Doctor Olds :Your screen shot shows 71 Registry Entries and 2 Files. What were the 2 Files? This. P.DAT is one of the files referenced in the Symantec write up - » www.symantec.com/security_respon···&tabid=2-amy- So your point being is what according to what NIS is saying it is toast.Which as far as I am concerned never existed in the first place. 
My machine was not infected with this to me this is an FP.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| said by MagMan :So your point being is what according to what NIS is saying it is toast.Which as far as I am concerned never existed in the first place. My machine was not infected with this to me this is an FP. To clarify - I think that the app was flagged because for whatever reason there were registry entries and / or files that matched this definition. I would think it's a FP, but I am NOT the expert.
-amy-
--
DSLR Phishtracker |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
| reply to amysheehan
The reason I say this is the other day after NIS updated and you know how it runs a quick scan after updating it showed up.Now previously to that there was no unusual behavior going on with my machine and zap all of sudden there it is.Plus it is odd to the fact that this has been around for awhile and it never got flagged before by any of the apps that I have and use regularly.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| 
VirusTotal results |
Panda 9.0.0.4 2007.11.11 Suspicious file
Prevx1 V2 2007.11.11 Heuristic: Suspicious Hijacker
Additional information
File size: 2725528 bytes
MD5: 50d8917e026b3402af3d4933018ea33a
SHA1: a9ed613388243cd3997d0b7b8f4e6f4ee7e08101
packers: WiseSFX Dropper, WiseSFX Dropper, WiseSFX Dropper
Prevx info: »fileinfo.prevx.com/fileinfo.asp?···C43DBD89
sashwa submitted her files to Symantec for review - My older version of CCleaner doesn't get flagged by anyone.
--
DSLR Phishtracker |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH | So are we coming to a conclusion here of CCleaner being the culprit. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:
·Comcast
·Alameda Power & Te..
Host:
Broadband Modem (H..
MSN
DSL Extreme
Windstream
Southeast Asian Br..
| reply to amysheehan
Amy, I wonder if it could have something to do with the virus update yesterday rather than from the CC upgrade? My upgrade was done around 11/5/07 and no peep from NAV until I did my weekly full scan.
--
TH ~ NE ~ EPN ~ NC ~ TD |
|
PrntRhd
join:2004-11-03
Fairfield, CA
·Comcast
·Comcast Formerly ..
1 edit | reply to MagMan
said by MagMan :So are we coming to a conclusion here of CCleaner being the culprit. Yeah, it was not CCleaner, it is NIS FP.
Also notice it was a anonymous poster who started the thread. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs: | PrntRhd, it's not just NIS as I only use NAV. |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable
1 edit | reply to PrntRhd
said by PrntRhd :said by MagMan :So are we coming to a conclusion here of CCleaner being the culprit. Yeah, it was not CCleaner, it is NIS FP. Also notice it was a anonymous poster who started the thread. Mods sorry for the OT post. What does a anon post have to do with the problem that others say they have seen as well. 
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle |
|
