What does this scanning report mean?

wcandres
wcandres Posts: 5 New Member
After a complete computer scan, I received this report.  Following the link comes up with nothing.  What can I do about the "harmful item" found?
 
SCANNING REPORT
  • Thursday, January 10, 2019 3:00:00 AM - 5:00:05 AM
  • Scan type: Scan for viruses
Results
  • Items scanned: 1413618
  • Harmful items found: 1
DetailsPUA/Asparnet.B.7f3e78f784!fsocap
  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVR-TG[1].7z\[49] program files/AskPartnerNetwork/Toolbar/UpdateManager.exe: Skipped

Comments

  • wcandres
    wcandres Posts: 5 New Member

    Thanks for your help.  I'll try simply deleting the "Ask Toolbar Installer"file.

  • Ukko
    Ukko Posts: 3,770 Superuser

    @wcandres wrote:

    Thanks for your help.  I'll try simply deleting the "Ask Toolbar Installer"file.


    If it is impossible to do this (as example, folder is not accessible based on some reasons) - one another option is to try configure Scheduled scan.

    Maybe Scheduled Scan will remove such item automatically. Just as check.

     

    Otherwise - clean up for temporary internet files/cache is only solution (with less steps compared to another more tricky workarounds).

     

    Thanks!

  • wcandres
    wcandres Posts: 5 New Member

    Since eliminating the offending file, full system scans show "no harmful items found".  The system seems to be problem free.  Thanks for your help.  I'm still curious why the security suite didn't eliminate or quarantine the problem file automatically.

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     


    @wcandres wrote:

    I'm still curious why the security suite didn't eliminate or quarantine the problem file automatically.


    There was a discussion about subject and an interesting reply:

    starting from "Reasons for _not_ deleting an infected file can be:"-part of reply.

     

    About your direct situation and my own feelings (understanding):

    -- detected item is "UpdateManager.exe".

    -- this item is a [49]th file inside a compressed archive file "AskToolbarInstaller-AVR-TG[1].7z".

    -- even though zipped file is called as "AskToolbarInstaller-AVR-TG[1]" - content of archive is anything.

     

    Likely to eliminate or quarantine it automatically possible with the help of steps like:

    • unpack .7z-archive; remove certain executable item; pack all other items back to archive (but, as a result, malicious item will be unzipped with all other items to file system directly).
    • try to modify zipped item only (sounds that it is anyway done by temporary process as with first example).
    • to remove .7z-archive completely (as a result, deleted all items inside archive. Not only detected executable file).

    Furthermore, try to understand context of detected item (if it is safe to delete entire archive) or even more to cure it (to remove malicious or harmful additions) is a tricky task probably. At least, with current design and meanings for 'done automatically'.

     

    I think that Quarantine was not an option based on such meanings too. If so - such state should be described with Scan Wizard user interface after completed scan and with ability to chose further action.

     

    With another situations can be another explanations too. For example, this temporary item (placed under browser's temporary internet files) is cleared already after detection and it was not possible to clean up unavailable item; file was a tricky one or too large(?!); used by certain process (browser as example) or opened by certain software. And so on. But I think that when it is possible - F-Secure should to perform action automatically (with requirement to avoid false positive and unwanted destruction).

     

    Thanks!

This discussion has been closed.
Feedback on New Design