Someone please help me

Discussion in 'ewido anti-spyware forum' started by robinb, Oct 3, 2006.

Thread Status:
Not open for further replies.
  1. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    ok one of the computers that is running the new antispyware found this:

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029019.exe -> Heuristic.Win32.Dialer : No action taken.

    I quarantined it. Can I remove it? I cannot send the file for support because I have no "Help" file. so now what do I do?


    robin
     
  2. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    and this?

    can this be removed too? I also quarntined them

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0023918.dll -> Adware.Comet : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0024008.dll -> Adware.Comet : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0028971.dll -> Adware.Comet : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029039.dll -> Adware.Comet : No action taken.
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    Disable system restore (right click "My Computer > System Restore), perform another scan > enable system restore after that if you feel the need.

    regards,

    paul
     
  4. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    wait a sec i lost you, I want to know if these files can be removed safely or is this a falst positive. I know how to remove them.

    You did not answer that part.

    robin
     
  5. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    Unfortunately, without copies of the actual files, we cannot tell you anything, sorry... If possible, could you please submit them?

    http://www.ewido.net/en/malware/
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    When they are in system restore format the only way to know what the actual file names are or if they are false positves would be to do a system restore which you probably do not want to do :doubt:

    Since you have them in quarantined....you could unquarantine those items and send them to the address peter.ewido suggested.

    Bubba
     
  7. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I put this in another thread but i do not think it belonged there anyway.
    I ran a full complete scan with the new AVG Pro antispyware on xp home service pak 2

    It came up with these files below so I did not know if I should delete it completely so I put them in quarantine.


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029019.exe -> Heuristic.Win32.Dialer : No action taken.


    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0023918.dll -> Adware.Comet : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP292\A0024008.dll -> Adware.Comet : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0028971.dll -> Adware.Comet : No action taken.
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0029039.dll -> Adware.Comet : No action taken.

    Someone said to run the program with system restore off. Ok I went into Quantine and "restored" the files to see what would happen and turned off System Restore and ran a new complete scan. Now it comes up and says there are no infected files. (umm I restored them- why is it saying this?)

    Ok so I turn System restore back on, rebooted the computer and ran another complete scan and it is clean. WHY? these files were restored back. What happened to them? And why did this happen in the first place, You normally do not turn off system restore when scanning.


    thanks
    robin
     
  8. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    take a look at my post "please help me"

    now explain what happend?

    I did not click Delete- I clicked RESTORE


    robin
     
  9. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    Re: AVG Anti-Spyware 7.5 is the new Ewido release

    Peter I cannot because they are gone- Look at my post Please help me"

    Also peter, when are you going to add the Help file to the program. I am to return this computer to my client Thursday this week and I was wondering if this update was going to be done before then so I can update his program

    robin
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    There was no problem but perhaps it is best that the assistance does continue in this thread you have started and I have taken the liberty to move all relevant posts here.

    There are 2 parts to this situation so we'll need to separate them.

    1) When you turned system restore off(which is a valid recommendation BTW)....you removed all evidence of system restore information which means there was zilch\nothing\nada for any anti-malware program to find.

    2) We now have to determine what was actually contained in the quarantine. Did you happen to save a Report of what was actually found ??

    Bubba
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    When you disable system restore you delete all your restore points. When you turn on system restore you create a new set of restore points.

    Since your files were among your restore points they were deleted and cannot be recovered. It is very unlikely you would want them back again, so your problem is resolved. ;)

    Edit - beat me to it there Bubba :D
     
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yeah but there is # 2 if you wish to explain it better than I possibly did :doubt:
     
  13. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ

    That was the report, in the first post. I took that from the report info.

    robin
     
  14. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Well that could be tricky 'cos I don't suppose the Report is going to be any more helpful regarding what has been deleted than that which has already been posted. o_O

    Edit - now you've beaten me robinb, I don't type quick enough. :D
     
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    That was my thoughts also but wanted another pair of eyes :thumb:

    If I was given a guess....I'd guess the adware.comet entry were cookies and why they weren't found in subsequent checks is mute and should be chalked up as oh well. The Heuristic.Win32.Dialer entries as far as We know could have been false positives initially since there have been a few posted in the past but with the actual file names We will never know and they also could be chalked up as oh well.

    Bubba
     
  16. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I did a check all over the computer to see if anything was not working correctly. I looked in event viever and so no errors. Hopefully it did not delete anything that was really needed in the first place.

    What I am concerned about this is going to be used by someone who really is cluless and will do the recommendations of the program. He will not know to shut off system restore nor will most un techy users.

    He will just quarantine the files. Ewido (AVG antispyware) should know what to do with them in the first place.

    robin
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Unfortunately that individual has a rough road to hoe and they are only 1 of a million ? individuals that are less knowledgeable. However....FP's are a fact no matter what anti-malware We are speaking of. If these individuals desire further knowledge hopefully someone will suggest where they get this knowledge. If they are individuals that when presented with a scan result or a pop-up or any kind of decision making and they are those that simply say OK....what ever you need just do it :blink: ....then they are I'm afraid always going to have issues no matter what security\privacy program We are speaking of. If one wants to be on the net now a days and dance....you gonna have to pay the fiddler and learn safe hex. You can not put the whole monkey on the back of security\privacy programs. The days of wheely kneely on the net has long been gone unfortuantely.

    Bubba
     
  18. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    true but when you are dealing with the "older generation" (most of my customers are 55+) you are dealing with people that are totally clueless. I made a faq for Ewido for these type of users on what to delete and what to quarantine, and most of the time I have them quarantine the file. Safer than deleting them. The only ones I tell them to delete are the cookies. This way they run into less trouble. I have clients that I do a monthly maintenance on their computers because either they are totally clueless or terrified to do it themselves, but i also have clients who will do it themselves but are still clueless. In fact even the "younger generation" will get a program put it on and do nothing or do worse delete files that they really should not be deleting.

    Even I do not know everything and that is why I come here for help since there are alot here much more knowledable then I am, especially in this program and I use what you tell me for future use with clients.

    But the program needs to be a bit user friendly for the majority of the people who are clueless and I say it is a major majority.

    robin
     
Thread Status:
Not open for further replies.