Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2869
  • Last Modified:

After downloading and installing CCleaner my anti-virus program detected malware on my computer.

Last night, I took the advice of an expert on EE and downloaded and installed CCleaner.  I was trying to clear space on my C.drive(see previous question re: defragging my C drive)After running it and deleteing alot of filess (mostly cookies, temp files, log files, etc.) I left my computer for a few hours(it was left running)and when I came back one of my anti-malware programs (PREVX 2.0) had detected malware on my system. My other program E Trust EZ Antivirus did not report anything.  Prior to this, I had run anumber of full system scans for malware by both programs and both had pronounced my system clean and free from malware. I had downloaded the CCleaner application from a site call somthing like Hippo(I don't have the full site information since all my history files were "cleaned" after I had run the CCleaner.  The malware detected is called "ISMPACK8.EXE"PREVX 2.0specfied  this action it took :
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-C774280ACA35}\RP383\A005503
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005504
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005504"
Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005509
"Blocked C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-
C774280ACA35}\RP383\A005509

I am wondering How and Where this malware got on to my system? Is this malware serious? What should I do about it? and Can there be more malware lurking about my system even after many full system scans with several anti-malware programs., Thanks ,Rick
0
slooprv
Asked:
slooprv
  • 6
  • 6
  • 3
5 Solutions
 
TolomirAdministratorCommented:
ccleaner can be downloaded from this site:

http://www.filehippo.com/download_ccleaner/


PREVX 2.0 instead is a malware detector:

www.prevx.com

So could you check if you got a green / yellow / red ball in your system tray (this is the icon of prevx)

0
 
TolomirAdministratorCommented:
Start->Programs->prevx (anything like that?)
0
 
TolomirAdministratorCommented:
should read your posting more carefully, ok...
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
TolomirAdministratorCommented:
http://www.prevx.com/filenames/1833066102118006264-0/ISMPACK8%2EEXE.html

The most common objects with the name of ISMPACK8.EXE have yet to be classified as safe by our research department.

The filename ISMPACK8.EXE was first seen on Nov 12 2007 in GERMANY.
The filename ISMPACK8.EXE refers to an executable program. It has file size of 389,120 bytes. This file has no vendor, product or version information specified in the file header.

---

Seems like you had that software installed and it is stuck in your C:\SYSTEM VOLUME INFORMATION\_RESTORE folders....

Some sites claim this is a trojan.

http://www.google.com/search?q=ISMPACK8.EXE+ism2

Could you open the folder:

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D235F52-3DCC-476D-AAA2-C774280ACA35}\RP383\A005509

and check if the file is there.

Then upload it to http://virusscan.jotti.org/

this will scan the file against 20 well know antivirus scanners.


Tolomir


0
 
johnb6767Commented:
Just disable System Restore, and it will get rid of them all.....Most likely, the scanners were not originally configured to scan the restore folder, and now it did, once the system was cleaned....
0
 
slooprvAuthor Commented:
Thanks for these suggestions, First , Iwill try to locate the folder and open it and upload it to virusscan.jotti.org.  Seondly, I did not know I could turn off system restore, and am concerned that if I do turn it off, that ifin the futre I have a problem and need to restore my system back to an earlier date I won't be able to.  In the past, I have had to do this quite a few times. Obviously I really don't understand the system restore feature very well. Another EE expert suggested I turn it of also  to create more room on my C drive.  and that it is a good hiding space for malware to lurk . I still need to know what to do with these malware files (if that is what they are) residing in my PREVX 2.0 jail.  I have the choices to "cleanup now" to remove all the files, "Cleaanup Logs" to restore changes or "set to probation" what ever that is !!, thank rick
0
 
johnb6767Commented:
Just disable it, reboot and reenable it. That clears everything out of that System Volume Info folder (which you normally have to grant yourself Full Control over to access anyway). , and once it is re enabled, your still protected, but will not have to worry about restoring bad files in the future....
0
 
TolomirAdministratorCommented:
Probation would be useful to mark that file as "harmless", so you can upload it to virusscan.jotti.org.

If you don't want to deal with that file, use Cleanup now in Prevx.
0
 
slooprvAuthor Commented:
TOLOMIR,  I located my system volume information folder , but it is empty.  I assume this is because all the files(6 of them) are now in my PREVX jail, waiting for me to do somthing with them.  Unfortunately, rigth clicking on these files in my prevx jail does not give me the option of copying them.  So ,unless I restore them back to the folder, I amunable to upload them to the viruscan website for evaluation.  I still need to know what to do with them.  Should I just delete them from the jail, or restoe them back to the folder, or put them on "Probation" what ever that is ? Rick
0
 
slooprvAuthor Commented:
TOLOMIR,
I set all the files to probation, and PREVX informs that they have been set to probation and allowed to run.  I went back to the C:Documents and Settings/System Volume Information folder but it is still empty.  I don't seem to be able to find where these files are now, I thought they should be in that folder.  I still have no way of copying them or uploading them to virusscan.org.  Now I am worried that they are running on my system. Not sure of what to do now. How does one upload these files?
0
 
johnb6767Commented:
"I located my system volume information folder , but it is empty."

Was this just by hovering over the folder? That would be normal if your UserID is denied access to it.....Make sure you can double click the folder, and go to the _restore{LONG STRING OF NUMBERS HERE} folder as thats where the large restore points are kept....
0
 
slooprvAuthor Commented:
John, I found the folder, did a search for it, opened it in windows explorer, bbut it is empty, I double clickd it, right clicked and clicked "open" etc. . So where would these files go after selecting "probation" on PREVX?  It says there are now running on my system(according to PREVX) so where are they?   I really feel frustarated and am ready just to clean them from PREVX and forget about sending them to virus scan .org. Any other ideas?, Thanks,Rick
0
 
TolomirAdministratorCommented:
Well basically you could of cause just let prevx do its job and you are done.

It would be just interesting to know if this file is a Trojan.

So if it takes to much time to get a hold on this file, take the shortcut.

Make a full system scan with prevx (also make sure that you update to the latest version) and if you like you can run superantispyware as second opinion afterwards: www.superantispyware.com (free version with scanner and malware remover)

Tolomir
0
 
slooprvAuthor Commented:
ok, I will try that. I will be back later this evening to let you know what happens, thanks, Rick
0
 
slooprvAuthor Commented:
well I innaly got fed up with trying to find out what happened to the virus file after I clicked "probation" on PREVX 2.0.  I even ran two full system scans for it and it no longer was picked up, so I did go ahead and disable the restore feature, restarted and did another full system scan with PREVX and with EZ-Antivirus and still it no longer was picked up. I just wonder what ever happened to i? I also finnally had more than enough room now to defrag my c drive (6.74G now!) My computer is starting to run better Ater doing this and also running CCleaner.  I will follow up with other suggestions now  such as submitting a hijack this scan for analysis., , hopefully I will get this 5 year old vaio back up to speed. Thanks everyone for great help, Rick
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 6
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now