Solved

After downloading and installing CCleaner my anti-virus program detected malware on my computer.

Posted on 2007-11-14
15
2,838 Views
Last Modified: 2013-11-30
Last night, I took the advice of an expert on EE and downloaded and installed CCleaner.  I was trying to clear space on my C.drive(see previous question re: defragging my C drive)After running it and deleteing alot of filess (mostly cookies, temp files, log files, etc.) I left my computer for a few hours(it was left running)and when I came back one of my anti-malware programs (PREVX 2.0) had detected malware on my system. My other program E Trust EZ Antivirus did not report anything.  Prior to this, I had run anumber of full system scans for malware by both programs and both had pronounced my system clean and free from malware. I had downloaded the CCleaner application from a site call somthing like Hippo(I don't have the full site information since all my history files were "cleaned" after I had run the CCleaner.  The malware detected is called "ISMPACK8.EXE"PREVX 2.0specfied  this action it took :
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-C774280ACA35}\RP383\A005503
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005504
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005504"
Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005509
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005509

I am wondering How and Where this malware got on to my system? Is this malware serious? What should I do about it? and Can there be more malware lurking about my system even after many full system scans with several anti-malware programs., Thanks ,Rick
0
Comment
Question by:slooprv
  • 6
  • 6
  • 3
15 Comments
 
LVL 27

Expert Comment

by:Tolomir
ID: 20280754
ccleaner can be downloaded from this site:

http://www.filehippo.com/download_ccleaner/


PREVX 2.0 instead is a malware detector:

www.prevx.com

So could you check if you got a green / yellow / red ball in your system tray (this is the icon of prevx)

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20280768
Start->Programs->prevx (anything like that?)
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 20280778
should read your posting more carefully, ok...
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 20280849
http://www.prevx.com/filenames/1833066102118006264-0/ISMPACK8%2EEXE.html

The most common objects with the name of ISMPACK8.EXE have yet to be classified as safe by our research department.

The filename ISMPACK8.EXE was first seen on Nov 12 2007 in GERMANY.
The filename ISMPACK8.EXE refers to an executable program. It has file size of 389,120 bytes. This file has no vendor, product or version information specified in the file header.

---

Seems like you had that software installed and it is stuck in your C:\SYSTEM VOLUME INFORMATION\_RESTORE folders....

Some sites claim this is a trojan.

http://www.google.com/search?q=ISMPACK8.EXE+ism2

Could you open the folder:

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-C774280ACA35}\RP383\A005509

and check if the file is there.

Then upload it to http://virusscan.jotti.org/

this will scan the file against 20 well know antivirus scanners.


Tolomir


0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 250 total points
ID: 20280935
Just disable System Restore, and it will get rid of them all.....Most likely, the scanners were not originally configured to scan the restore folder, and now it did, once the system was cleaned....
0
 

Author Comment

by:slooprv
ID: 20281171
Thanks for these suggestions, First , Iwill try to locate the folder and open it and upload it to virusscan.jotti.org.  Seondly, I did not know I could turn off system restore, and am concerned that if I do turn it off, that ifin the futre I have a problem and need to restore my system back to an earlier date I won't be able to.  In the past, I have had to do this quite a few times. Obviously I really don't understand the system restore feature very well. Another EE expert suggested I turn it of also  to create more room on my C drive.  and that it is a good hiding space for malware to lurk . I still need to know what to do with these malware files (if that is what they are) residing in my PREVX 2.0 jail.  I have the choices to "cleanup now" to remove all the files, "Cleaanup Logs" to restore changes or "set to probation" what ever that is !!, thank rick
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 250 total points
ID: 20281262
Just disable it, reboot and reenable it. That clears everything out of that System Volume Info folder (which you normally have to grant yourself Full Control over to access anyway). , and once it is re enabled, your still protected, but will not have to worry about restoring bad files in the future....
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 20281365
Probation would be useful to mark that file as "harmless", so you can upload it to virusscan.jotti.org.

If you don't want to deal with that file, use Cleanup now in Prevx.
0
 

Author Comment

by:slooprv
ID: 20281461
TOLOMIR,  I located my system volume information folder , but it is empty.  I assume this is because all the files(6 of them) are now in my PREVX jail, waiting for me to do somthing with them.  Unfortunately, rigth clicking on these files in my prevx jail does not give me the option of copying them.  So ,unless I restore them back to the folder, I amunable to upload them to the viruscan website for evaluation.  I still need to know what to do with them.  Should I just delete them from the jail, or restoe them back to the folder, or put them on "Probation" what ever that is ? Rick
0
 

Author Comment

by:slooprv
ID: 20281653
TOLOMIR,
I set all the files to probation, and PREVX informs that they have been set to probation and allowed to run.  I went back to the C:Documents and Settings/System Volume Information folder but it is still empty.  I don't seem to be able to find where these files are now, I thought they should be in that folder.  I still have no way of copying them or uploading them to virusscan.org.  Now I am worried that they are running on my system. Not sure of what to do now. How does one upload these files?
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 20281683
"I located my system volume information folder , but it is empty."

Was this just by hovering over the folder? That would be normal if your UserID is denied access to it.....Make sure you can double click the folder, and go to the _restore{LONG STRING OF NUMBERS HERE} folder as thats where the large restore points are kept....
0
 

Author Comment

by:slooprv
ID: 20282085
John, I found the folder, did a search for it, opened it in windows explorer, bbut it is empty, I double clickd it, right clicked and clicked "open" etc. . So where would these files go after selecting "probation" on PREVX?  It says there are now running on my system(according to PREVX) so where are they?   I really feel frustarated and am ready just to clean them from PREVX and forget about sending them to virus scan .org. Any other ideas?, Thanks,Rick
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 250 total points
ID: 20282191
Well basically you could of cause just let prevx do its job and you are done.

It would be just interesting to know if this file is a Trojan.

So if it takes to much time to get a hold on this file, take the shortcut.

Make a full system scan with prevx (also make sure that you update to the latest version) and if you like you can run superantispyware as second opinion afterwards: www.superantispyware.com (free version with scanner and malware remover)

Tolomir
0
 

Author Comment

by:slooprv
ID: 20282216
ok, I will try that. I will be back later this evening to let you know what happens, thanks, Rick
0
 

Author Comment

by:slooprv
ID: 20295527
well I innaly got fed up with trying to find out what happened to the virus file after I clicked "probation" on PREVX 2.0.  I even ran two full system scans for it and it no longer was picked up, so I did go ahead and disable the restore feature, restarted and did another full system scan with PREVX and with EZ-Antivirus and still it no longer was picked up. I just wonder what ever happened to i? I also finnally had more than enough room now to defrag my c drive (6.74G now!) My computer is starting to run better Ater doing this and also running CCleaner.  I will follow up with other suggestions now  such as submitting a hijack this scan for analysis., , hopefully I will get this 5 year old vaio back up to speed. Thanks everyone for great help, Rick
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now