fouten update windows 7

Senior Advisor

Re: fouten update windows 7

Superuser

Re: fouten update windows 7

Looks a bit complex, that one.  red-face.gif

Scholar

Re: fouten update windows 7

O..k 

I started hitmanpro  and it solved my problem

it found 586 errors   

and solves them bij deleting or put them in quaratine 

 

Thanks every one for inputting answers to me 

 

I will also inform microsoft that the problem could be solved so easely 

and not the way they suggested 

 

 

Senior Advisor

Re: fouten update windows 7

@joopkass 

 

Glad to hear you are sorted out but can you provide a little more detail.

 

Did HitmanPro find errors or malware? Could you post one of the "errors" it corrected?

 

Your experience confirms that HitManPro is a good backup scanner to have in anyone's protection arsenal. 

Superuser

Re: fouten update windows 7

Also like addition:

 

 - HitmanPro probably always (doesn't matter if you choose "one time scan") create a log-files local-folders (AppData/Local Settings) in txt-files; Already not sure - but it's can to have any "user information", but must be possible to "copy" just "found items";

 

 - HitmanPro also detected most part of tracking cookies (F-Secure can to not deleting some of them "as design" by "safe-status"; or just if you use any alternative browser);

 

 Also HitmanPro can to "give" a little be more "numbers" of "found items", than it's can be - just because it's a little be another kind of "statistics" (it's mean 586 items - can be not really indeed 586 trouble-files or registry-keys or just tracking cookies);

 

But... probably indeed HitmanPro can to "back to default" any system settings. But that can to do Malwarebytes too (especially about part of "blocked Windows update"-keys). :)

 

Anyway - you can be close to "sure" - that system are OK. But still you need to check more (it's must be related with kind of found-items) :).

Highlighted
Scholar

Re: fouten update windows 7

Here are the details of hitmanpro 

 

Scan date . . . . . . : 2014-04-19 10:34:46
Scan mode . . . . . . : Normal
Scan duration . . . . : 13m 45s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 586
Traces . . . . . . . : 889

Objects scanned . . . : 2.286.197
Files scanned . . . . : 152.748
Remnants scanned . . : 824.134 files / 1.309.315 keys

 

Malware _____________________________________________________________________

C:\ProgramData\Wincert\win32cert.dll -> Quarantined
Size . . . . . . . : 7.168 bytes
Age . . . . . . . : 109.0 days (2013-12-31 11:14:04)
Entropy . . . . . : 5.0
SHA-256 . . . . . : 667985D140FF2E4AB20FDF12F1F5195693E0AB32318827D446CA182CC311F1EE
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.SearchSuite.a
Fuzzy . . . . . . : 106.0

C:\Users\hcc FVC platform\AppData\Local\Temp\{45F4935D-CF7A-4BFB-A910-87589E17B1AB}\Custom.dll -> Quarantined
Size . . . . . . . : 61.440 bytes
Age . . . . . . . : 369.7 days (2013-04-14 16:57:30)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D269508431C5F9946D7A2C4217B24A2E9FD30AFA2B32E23FF40960D04CF5E994
Product . . . . . : SoftSafe
Publisher . . . . : SoftSafe
Description . . . : Custom DLL for SoftSafe
Version . . . . . : 2013.4.
Copyright . . . . : Copyright © 2012 S
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Agent.aeph
Fuzzy . . . . . . : 100.0

C:\Users\hcc FVC platform\AppData\Roaming\OpenCandy\6894ED5653D54DA6AFE460B86873752B\SSStub_SearchProtect_p1v0.exe -> Quarantined
Size . . . . . . . : 322.680 bytes
Age . . . . . . . : 20.6 days (2014-03-29 19:38:50)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 74D1728E35E66597921E27256C6EA6997498BD61BC6EB2536FB250D368964630
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virusSmiley Very Happyownloader.Win32.Agent.baxm
Fuzzy . . . . . . : 108.0

 

Potential Unwanted Programs _________________________________________________

C:\Program Files (x86)\Ask.com\ (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\config.xml (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\favicon.ico (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar) -> Deleted
Size . . . . . . . : 1.520.776 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:14)
Entropy . . . . . : 6.8
SHA-256 . . . . . : F20D2999461349323E7D44795ABED7A2A1EA8D3B6A32F91B3B1B58822503766F
Product . . . . . : Toolbar
Publisher . . . . : Ask
Description . . . : Ask Toolbar
Version . . . . . : 5.15.23.36191
Copyright . . . . : (c) Ask. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -17.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKU\S-1-5-21-905213307-2693827331-2924149415-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
HKU\S-1-5-21-905213307-2693827331-2924149415-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\

C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\precache.exe (AskBar) -> Deleted
Size . . . . . . . : 71.816 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 4A343C9AAF47664B14C03AFB281C15F6705C6A750B59A6C578D712200A180F07
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0

C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar) -> Deleted
Size . . . . . . . : 198.280 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 7939C565BD4751048F57854DEE262D437E79B992EA05EE29D6111A39F7A7DAB7
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0

C:\Program Files (x86)\Ask.com\Updater\ (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar) -> Deleted
C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar) -> Deleted
Size . . . . . . . : 1.646.216 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:14)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 0CEEC40C38DEBE1012C6D9FD08FF648AD3AB8080B388E5B62A6946847A2BB243
Product . . . . . : Updater
Publisher . . . . : Ask
Description . . . : Ask Updater
Version . . . . . : 1.2.536191
Copyright . . . . : (c) Ask. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Running processes : 5180
Fuzzy . . . . . . : -17.0

C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar) -> Deleted
Size . . . . . . . : 137.864 bytes
Age . . . . . . . : 359.0 days (2013-04-25 09:44:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 727D5CF5392C6E53306C6029455EEAD2C45923010297958975700A17101698FE
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -11.0
Startup
C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

C:\Program Files (x86)\Conduit\ (Conduit) -> Deleted
C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit) -> Deleted
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit) -> Deleted
Size . . . . . . . : 638.560 bytes
Age . . . . . . . : 651.7 days (2012-07-06 18:55:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
Product . . . . . : Alert
Publisher . . . . : Conduit Ltd.
Description . . . : Alert
Version . . . . . : 1.1.4.1
Copyright . . . . : Copyright © Conduit Ltd. 2011.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0

C:\Program Files (x86)\DealPly\ (Delta Search) -> Deleted
C:\Program Files (x86)\DealPly\DealPlyTune.dll (Delta Search) -> Deleted
Size . . . . . . . : 71.272 bytes
Age . . . . . . . : 669.8 days (2012-06-18 14:22:21)
Entropy . . . . . : 6.4
SHA-256 . . . . . : CDF6791EEB0EE9FBC9BBA1E96694B708EC51F0B10B68941E96D62AB217F84D4C
Product . . . . . : DealPlyTune.dll
Publisher . . . . : DealPly Technologies Ltd.
Description . . . : http://www.dealply.com/
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright (C) 2011 DealPly Technologies Ltd.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0

 

As you see several programs caused the problems

 

 

Superuser

Re: fouten update windows 7

Thanks for updates.

 

How you can see... a lot of troubles was about adware/riskware/toolbars, which marked as "not-a-virus";

And F-Secure practically doesn't detect that files; because marked like as "clean/legimate programs" (a little be sad about it);

 

But detected any certainly malicious adware/riskware/toolbars/not safe (for user's data) and etc.

 

Bad there just next points:

 

 - some of toolbars/riskware/adware (legimate) can be worst for users, than malware.

 

If user want to install it - all OK. Program will be do, which user want.

But some kind of "marketing" for that programs as "payload" - and user just not "unchecked" any in installer for another program... and already have a lot of any toolbars in system or other kind of protectors/guards (which so related with any search/media big companies);

 

 

DeltaSearch, OpenCandy and AskToolbar - some kind of already "known" mainstream in that situations... and it's a little be sad... that F-Secure doesn't prevent that yet (because current programs did a really trash things with system/registry).

 

If you can to remember... which installers was with that "payload" (potential) - you can transfer that sample for F-Secure SAS (service for analysis samples) and ask about "are that normal or not";

Just because current samples... most related with any not good things with system (include any broken default settings);

 

-----------

But.... very important - that possibly current "samples" indeed was like "payload" in any installer for another program (uncheck any settings during installation - and all good with system); Or installed by any "service-provider";

This is some kind of "normal" and close to "legimate" process for most companies (but some of them - detected that items as "not-a-virus" or include current items to PuPs/Riskware category);

 

And it's totally different with situations, when:

 

 - valid certs by any that of companies (because it's all with any SaaS-relationships) compromissed;

like some of "Xunlei Downloader" was so famous about "malicious-actions";

 - payload in installer - indeed malicious totally;

 

That kind of "malware" F-Secure detected practically always. Also it's related with any "unknown" companies (which same with ask.com, but "unknown" so good).

 

Anyway - you can able to transfer any "samples" for F-Secure.... because:

 - what if.. current situation... "variant of compromissed" and malicious items (not likely);

 - what if - F-Secure must to detect that... and it's missing in somewhat reasons.

----

Like example.. about first item on your log-list:

667985d140ff2e4ab20fdf12f1f5195693e0ab32318827d446ca182cc311f1ee - can to check on virustotal.com

Here practically visible.. that detected by some of companies (and most of them with category "toolbar"/"not-a-virus"/"generic-behavior-heur");

 

Except HitmanPro (just because it's close to "trial-program" or which need to buy);

I still also can to recommend Online Scanner by NOD32 - it's practically detected most related "PuPs/Adware" and it's good "help" too.


All other means - F-Secure better or with "one-line" about other companies (it's mean - can not be "greates level up" if you use any other scanners for detection malicious items in malicious means);

Senior Advisor

Re: fouten update windows 7

@joopkass 

 

As suspected your errors are threats. But as Ukko states most of these are PUPS/unwanted Toolbars/BHOs, which nearly all AVs including F-Secure are not too hot in detecting.

 

Although you now appear threat free I would carry out additional scans to make sure you have in fact detected all the threats.

 

1. Download AdwCleaner onto your desktop; http://www.bleepingcomputer.com/download/adwcleaner/  When the scan has finished, look through the scan results and uncheck any entries that you do not wish to remove. When you are satisfied with the selection, simply click on theClean button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing.  On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

 

2. Download Junkware Removal Tool to your desktop and carry out a scan; http://www.bleepingcomputer.com/download/junkware-removal-tool/

 

3. Carry out another scan with Malwarebytes Anti-Malware; but if it detects any PUPS make sure that these are either checked for removal (MBAM v.1.75) or set for "Treat detections as malware" (MBAM v. 2). (Did you not try and remove these threats with MBAM first time round?).

 

In the future I would consider backing up F-Secure with MBAM/HitMan Pro and making sure you carry out regular Image backups of your system.