Is quarantining then deleting files enough?

Discussion in 'ewido anti-spyware forum' started by untitled_1, May 9, 2006.

Thread Status:
Not open for further replies.
  1. untitled_1

    untitled_1 Registered Member

    Joined:
    May 9, 2006
    Posts:
    4
    I've carried out 2 scans in the past week.

    One scan found (adware) MiniBugTransporter.dll

    There are references to it in the registry, should I be worried about it?

    The second scan was on my external hard drive and I found 12 Trojans (I think) all called Not-A-Virus.Exploit.HTML.CodeBaseExec but is more widely known as Exploit.HTML.CodeBaseExec

    In both cases ewido detected, quarantined and successfully deleted them. Further scans have returned nothing.

    Just wondering if anyone knows whether this action was sufficient, is there a big chance that the threats may return?

    Any help would be greatly appreciated, thanks.
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    To deal with your first question first, MiniBugTransporter.dll is low grade adware, a.k.a. WeatherBug - nothing to worry about, but you can have a look at these threads:-

    https://www.wilderssecurity.com/showthread.php?t=112036

    http://forum.emsisoft.com/Default.aspx?g=posts&t=447

    As you will see, some people actually like WeatherBug and will put up with the advertising that comes with it, but others are not happy with the way it comes onto peoples machines bundled up with other progs. If you don't want it, just let ewido fix it and that will be the end of the matter.

    With regard to the Not-A-Virus.Exploit, I can tell you that it is 'riskware', which is not the same as malware, but I cannot tell you the consequencies of deleting the file because you haven't told us the file path of what was deleted! You would have to find out the file name and file path for further help on that one.
     
    Last edited: May 9, 2006
  3. untitled_1

    untitled_1 Registered Member

    Joined:
    May 9, 2006
    Posts:
    4
    Thank you for your response.

    Regarding, Not-A-Virus.Exploit.HTML.CodeBaseExec (also know as Exploit.HTML.CodeBaseExec), it was found in a Compressed folder.

    I had a video file in a folder on my external hard drive that was compressed (WinRAR).

    The extracted files didn't seem to be causing any trouble and ewido didn't detect a problem. However, the compressed folder had the Not-A-Virus.Exploit.HTML.CodeBaseExec threats so I quarantined then deleted the whole folder.

    Was that the right thing to do? Should I have done something else?

    Also what does 'riskware' mean? ewido said the risk for this problem was high.
     
  4. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
  5. untitled_1

    untitled_1 Registered Member

    Joined:
    May 9, 2006
    Posts:
    4
    Thanks for the link

    I just need some clarification whether using ewido to delete the threats and the compressed folder they were in will remove the danger forever.

    Is there a chane it could return or is that it?
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    A compressed file (.zip, .rar etc) is an 'archive', any malware in an archive is entirely harmless unless and until it is extracted. If you delete an archive with malware in it, then it stays deleted - there is no possibility of it returning.

    However, in your case the archive was detected as 'Not-A-Virus', which means it is 'riskware' not malware, and the extracted files were not detected as being a problem. In other words the extracted files are clean so you have no problem. It is possible that the archive had some kind of decompressor or installer that was found as a 'risk' because it may also be used by certain malware types - however deleting it would remove the risk in any case.

    If you want, you can configure ewido not to look for riskware at all, by unticking the box for: 'scan for potential dangerous programs' in the scan settings tab. If ewido detects not-a-virus/riskware files it is merely drawing your attention to a file that could be a problem but may well not be. Some progams (eg those that can be used to terminate other progs) can be used by malware but can equally be used for entirely legitimate purposes. Ewido has no means of knowing whether you downloaded the 'risk' as part of a legitimate file or whether it was dropped by a trojan etc. It is up to you to investigate and draw your own conclusion as to whether or not to keep the file.
     
  7. untitled_1

    untitled_1 Registered Member

    Joined:
    May 9, 2006
    Posts:
    4
    Thank you TopperID for responding.

    I think the fact that the extracted files didn't show up as threats and the fact that my PC hasn't been performing abnormally I think that matches what you think. It was probably riskware and deleting it should be more than enough.

    Thanks again for your help.
     
Thread Status:
Not open for further replies.