What does this scanning report mean?

wcandres

After a complete computer scan, I received this report.  Following the link comes up with nothing.  What can I do about the "harmful item" found?

 

SCANNING REPORT

• Thursday, January 10, 2019 3:00:00 AM - 5:00:05 AM
• Scan type: Scan for viruses

Results

• Items scanned: 1413618
• Harmful items found: 1

DetailsPUA/Asparnet.B.7f3e78f784!fsocap

• C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVR-TG[1].7z\[49] program files/AskPartnerNetwork/Toolbar/UpdateManager.exe: Skipped

Ukko

Hello,

 

Sorry for my reply. I am only an F-Secure user (their home solutions).

 

This is a Potential Unwanted Application detection for Ask Toolbar installer (or its modified build).

• F-Secure Policy about PUA is: https://www.f-secure.com/en/web/labs_global/potentially-unwanted-applications
• Generic advices about cleaning up against already installed tricky browser's extensions: https://www.f-secure.com/en/web/labs_global/removing-browser-puas

Sounds that your state (maybe) is about static cached downloaded content (browsing/visited page or try to download Ask Toolbar).

Detected item (UpdateManager.exe) is under zipped container (archive AskToolbarInstaller-AVR-TG[1].7z). Since detection is only about packed item - F-Secure does not remove entire .7z-file.

Instead, possible to remove this (AskToolbarInstaller-AVR-TG[1].7z) manually.

 

For example, to locate C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 and find this .7z-file -- rightclick and delete it (with further clean up for Recycle Bin).

In addition, possible to try and perform clean up for browser's cache (but it will affect some other points).

I am not sure that such situation is completely safe - but just because nothing else is detected - maybe manual removal for .7z-file is enough.

 // by the way - if it is not possible to locate folder: possible to try clear cache/temp internet files of browser. Based on your browser in use - possible to perform it with different steps. In general, possible to try with any of installed browsers (system ones included). For Internet Explorer:

• https://support.microsoft.com/en-gb/help/260897/how-to-delete-the-contents-of-the-temporary-internet-files-folder

Good if you will back with feedback!

 

Thanks!

wcandres

Thanks for your help.  I'll try simply deleting the "Ask Toolbar Installer"file.

Ukko

---

@wcandres wrote:

Thanks for your help.  I'll try simply deleting the "Ask Toolbar Installer"file.

---

If it is impossible to do this (as example, folder is not accessible based on some reasons) - one another option is to try configure Scheduled scan.

• https://help.f-secure.com/product.html#home/safe-windows/latest/en/scheduled_scanning-safe-windows-latest-en

Maybe Scheduled Scan will remove such item automatically. Just as check.

 

Otherwise - clean up for temporary internet files/cache is only solution (with less steps compared to another more tricky workarounds).

 

Thanks!

wcandres

Since eliminating the offending file, full system scans show "no harmful items found".  The system seems to be problem free.  Thanks for your help.  I'm still curious why the security suite didn't eliminate or quarantine the problem file automatically.

Ukko

Hello,

 

---

@wcandres wrote:

I'm still curious why the security suite didn't eliminate or quarantine the problem file automatically.

---

There was a discussion about subject and an interesting reply:

• https://community.f-secure.com/t5/F-Secure-SAFE/Gen-Variant-Kazy-79682-virus-How/m-p/30354#M5392

starting from "Reasons for _not_ deleting an infected file can be:"-part of reply.

 

About your direct situation and my own feelings (understanding):

-- detected item is "UpdateManager.exe".

-- this item is a [49]th file inside a compressed archive file "AskToolbarInstaller-AVR-TG[1].7z".

-- even though zipped file is called as "AskToolbarInstaller-AVR-TG[1]" - content of archive is anything.

 

Likely to eliminate or quarantine it automatically possible with the help of steps like:

• unpack .7z-archive; remove certain executable item; pack all other items back to archive (but, as a result, malicious item will be unzipped with all other items to file system directly).
• try to modify zipped item only (sounds that it is anyway done by temporary process as with first example).
• to remove .7z-archive completely (as a result, deleted all items inside archive. Not only detected executable file).

Furthermore, try to understand context of detected item (if it is safe to delete entire archive) or even more to cure it (to remove malicious or harmful additions) is a tricky task probably. At least, with current design and meanings for 'done automatically'.

 

I think that Quarantine was not an option based on such meanings too. If so - such state should be described with Scan Wizard user interface after completed scan and with ability to chose further action.

 

With another situations can be another explanations too. For example, this temporary item (placed under browser's temporary internet files) is cleared already after detection and it was not possible to clean up unavailable item; file was a tricky one or too large(?!); used by certain process (browser as example) or opened by certain software. And so on. But I think that when it is possible - F-Secure should to perform action automatically (with requirement to avoid false positive and unwanted destruction).

 

Thanks!