Outpost Firewall Pro Allows a Malware? Or my computer is infected?

Discussion in 'other firewalls' started by rebelscum0000, Mar 31, 2011.

Thread Status:
Not open for further replies.
  1. rebelscum0000

    rebelscum0000 Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    70
    Location:
    Mexico City
    Hi,
    Clean Install Windows XP, next I installed the following applications:
    Adobe Flash Player 10 ActiveX Adobe Systems Incorporate 10.2.152.32
    Avira AntiVir Premium Avira GmbH 10.0.0.667
    CCleaner Piriform 3.04
    CDCheck
    CPUID HWMonitor Pro 1.11
    GetRight
    High Definition Audio Driver Package - KB888111 Microsoft Corporation20040219.000000
    Malwarebytes' Anti-Malware Malwarebytes Corporation
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
    Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
    Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
    Microsoft .NET Framework 4 Client Profile Microsoft Corporation 4.0.30319
    Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation
    Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
    Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
    NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 1.0.14.0
    Nero 6 Ultra Edition
    NVIDIA Drivers NVIDIA Corporation 1.3
    Outpost Firewall Pro 7.1 Agnitum, Ltd. 7.1
    Prevx Prevx 3.0.5.220
    REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek 1.24.0000
    Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5964
    Sandboxie 3.50
    Smart Defrag 2 IObit 2.0
    Spybot - Search & Destroy Safer Networking Limited 1.6.2
    TuneUp Utilities TuneUp Software 9.0.4700.23
    Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation
    Windows Internet Explorer 8 Microsoft Corporation 20090308.140743
    Windows Management Framework Core Microsoft Corporation
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3 Microsoft Corporation 20080414.031525
    Wise Registry Cleaner Professional V5.9.4 ZhiQing soft Inc. 5.9.4

    I think none of the above programs installs Spyware Doctor but I am not sure, so since I do not know why do I have these rules I have to block 4 UPDATE.EXE

    If Windows can not find the path why why there is a rule?
    8spywaredoctorupdateb.jpg

    The block Rules

    2spywaredoctorupdatea.jpg
    3spywaredoctorupdatea.jpg
    4spywaredoctorupdatea.jpg

    Only 2 of them has a group
    5spywaredoctorupdatea.jpg

    If I do no have installed any product by pctools, why I can find spyware doctor in application rules?

    Thanks in advance for any help you can provide me
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,286
    Which version ist your cdrom of XP?
    should be SP2 otherwise highly vulnerable with the default install.

    what other files are in that folder?
     
  3. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    213
    Hello rebelscum0000,

    From the Outpost Firewall forum where this is already under discussion. --http://outpostfirewall.com/forum/showthread.php?t=26278


    Outpost created rules for the file because that is how it currently works when you run Outpost in auto-learn mode.

    During windows updates the patches are unpacked into temporary folders and an update.exe files run to handle replacing files or setting up replacement during reboot.

    Once the process is complete the files are removed. The file was there and needed the rule to work. The task was completed and the file is no longer there. The rule remains. This is one of the reasons the purge function is being introduced in version 7.5.

    Many programs use a file called update.exe Corel (Paintshop Pro) and windows update and apparently the pctools product. The real question is why that particular rule name was used. Are the files the same since the fulfill they same function? Is there an error in the presets? Was that the first trusted/signed vendor with update.exe?

    To reiterate what Manny told you there.

    edit:typo they*
     
    Last edited: Mar 31, 2011
  4. rebelscum0000

    rebelscum0000 Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    70
    Location:
    Mexico City
    Windows Home Edition Service Pack 2 English Version

    The others files that are in the folder are:

    9spywaredoctorupdateb.jpg

    I am very sorry to post my problem in 2 forum to be honest I am worried because I use my CC and I did not notice I have this issue

    One think more I did not post I download and run MWMRT (KB890830) March 2011 but I do not know if Microsoft use pctools for this WU, someone?

    Thank you
     
  5. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    No, Microsoft installs updates for its own software and doesn't use other companies. They do deliver hardware drivers for other companies but not software. The fact that the rules are labeled "Spyware Doctor" is leading you astray thinking that something from PC Tools is installed. That's very likely not the case but as Firepost said why the preset picked that name is what needs explaining.

    This could all be due to a simple install of a legit piece of software that created a temporary folder along with update.exe and then got deleted as FP explained in detail above.
     
Loading...
Thread Status:
Not open for further replies.