I run Windows XP SP3, Avast Pro/Free, Superantispyware, Malwarebytes, SpywareBlaster.
I just ran a quick scan with avast which located 2 Win32 Pup files. However they could not be sent to either the virus chest or be repaired as both servers for sending to virus chest or repair were not working. I deleted the varmints.
My questions are with respect to what caused both servers to be not working at the same time or do I have to do something to the program to start them and/or did I do the correct thing in deleting them?
I am grateful for your acknowledgment to this post and for your directions.
However they could not be sent to either the virus chest or be repaired as both servers for sending to virus chest or repair were not working. I deleted the varmints.
:o There is no hurry to delete a file…u clould done a boot-time scan to take care of those PUPS…what if it is a legit file and u deleted it then u are in trouble…but u can u give us the loacation and the threat name to identifiy if it is a FP or not…it can be a false positive…there is no reason for a pup removal to cause a server not working…
@ standeb
Unfortunately you have left off the most important information, the file name, the location and do you actually know these files/programs (e.g. been on your system for some time) and what scan it was that you did ?
The regular on-demand scans Quick and Full System Scans don’t scan for PUPs (Potentially Unwanted Programs) by default, you have to have elected to scan for them ?
My guess on the reason they aren’t scanned for by default is exactly because of what you did here, deleted the file as you feel it is a threat when it might not be. The greatest majority of files scanned in on-demand scans are inert or dormant, so don’t present an immediate risk.
The resident scanner (File System Shield) can scan for PUPs (change Expert Settings) if you feel you want to know if one of these is actually run.
Thank you for your comments and/or suggestions they are duly noted. It is my folley to have deleted those files from the system. I might really be guilty of deleting system files. I don’t know yet how crucial they are but I do hope that you may advise me on them.
Subsequent to seeing the antivirus notification with respect to 4 above I did not really think
in a proper manner to leave them both alone but just deleted them.
Having read your replies I surmise that I will rue my decision and will have to do a clean install of the system. I however look forward to receiving your further comments and/or suggestions.
I found that IE8 was running a bit slow and scanned with Avast which pulled up item (1) of my last post. Subsequent thereto I got the second notification while attempting a site visit. Again a scan with Avast pulled up item 2 of my last post. I do not now recall the exact site I was visiting but I think I was looking for a Photoshop tutorial. Unfortunately I cannot pull the same up because after deleting the the items complained of because I cleaned out Temporary Internet files Browsing Histry and all using Internet options as well as running Ccleaner. Therefore my answer will be that I was not scanning with Mbam but in fact with Avast. I went a bit further to uninstall Mbam with a view to re-installing the same. I have not yet done that.
Permit me to refer to the last paragraph of my last post (“Having read your replies I surmise that I will rue my decision and will have to do a clean install of the system. I however look forward to receiving your further comments and/or suggestions.”)and do ask for you to let me have your thoughts on the question.
I am to add here that although I have quite some scratch the surface knowledge of computers, my experience is very limited in most areas.
no… i think i totally disagree doing a start from scratch i would recommend u our malware expert essexboy to help u…but we will have t wait until pondus or any other evangelists suggest this…
as i said PUP is not a virus…it is a program that can be used for good or bad, depending on what it can do and who installed it…
IF it had been a virus, you where still not infected as it was located in system restore… ( XP - System Volume Information Folder )
you can clear those and create new if you want…turn off, rebot and turn on again http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
This is a restore point “C:System Volume Information.…\A))52078.exe”
Infected Restore Points:
There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
Worst case scenario it isn’t infected and you delete it, you can’t use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point. So even if deleted this is no real loss.
This “Process: C:\Program Files\Malwarebytes’ Anti-Malware\Mbam.exe” is a detection in memory, unencrypted virus signatures loaded into memory by the mbam.exe ‘process.’ Generally you only see the mbam.exe process in the task manager when you are doing or have just run an mbam scan. You can’t actually delete something in memory as it isn’t a physical file, just a block of memory, which in due course will be cleared by windows as and when the memory is needed or you reboot.
Detections in Memory -
My guess is that you were doing a Custom scan in which you have elected to scan Memory and that this detection was in memory. Since they aren’t physical files they can’t be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out (if there were only these memory detections).
The detections in memory are frequently other security applications loading unencrypted virus signatures into memory. Having set off a scan of memory by an antivirus application looking for virus signatures, don’t be too surprised if it finds some in memory.
So generally I wouldn’t recommend you do a custom scan or elect to scan memory, the default scans are file, whilst they scan memory it isn’t in the same depth as the one in a custom scan.
Thanks for your reply. It was educational for me. Seems that some things be left alone.
However I got another notice and clicked on “Block” then another popup showed up to wit:-
Avast File System Shield has blocked a threat.
No further action is required.
Object: Infection Win32Injected-BA [PUP]
Action:
Process C:\Program Files\Seagate.…\MaxBackServiceInt.exe
The threat was detected and blocked when the file qwas created or modified.
Add file to the Scan Exclusion List.
I complied and added the file to the list.
Further I did some checking via Administration Tools, Computer Management. I checked in Applications and found that since 17/11/2011 when I deleted the files mentioned in my initial post, (which I should not have done) I have seen no Winlogon entries. I started my computer system a few times thereafter and noted that there are no Winlogon entries.
Could this be because of the deletion of those files from the location System Volume Information.…\A52078.exe? and I know that I asked this question already but I need a second opinion as to whether I should do a clean instal of my OS?
I am at sea here and would appreciate some advice.
Could this be because of the deletion of those files from the location System Volume Information\...\A52078.exe? and I know that I asked this question already but I need a second opinion as to whether I should do a clean instal of my OS?
why...as said it is not virus
The process MaxBackServiceInt Module belongs to the software Maxtor Backup or Maxtor OneTouch III or MaxBackServiceInt Module or Seagate Manager Installer by Seagate.
Description: File MaxBackServiceInt.exe is located in a subfolder of “C:\Program Files”. Known file sizes on Windows 7/XP are 184,320 bytes (93% of all occurrence), 177,448 bytes.
The program is not visible. MaxBackServiceInt.exe is not a Windows system file. The program has no file description. You can uninstall this program in the control panel. MaxBackServiceInt.exe is able to record inputs. Therefore the technical security rating is 30% dangerous, however also read the users reviews.
If you are having problems with MaxBackServiceInt.exe, you can completely remove Maxtor Backup or Maxtor OneTouch III (Control Panel⇒Add/Remove programs).
Thank you so much for all your contributions. That was a learning experience for me. I also further found via a bootup scan that there were two Java exploits in the system after the last response from Pondus. I have also realised that I did not have to worry about the files [PUPS] I had deleted from the system.
But something occurred giving me cause for some concern :-
I use a 160 gb hard drive for drive “C” and a 80gb had drive for drive “D” and “E” by way of a partition. 20gbs for music and 60gbs for my work. I also use a 500 gb external drive for backing up the whole system.
The full bootup scan took 10 hours to complete. I could find no explanittion for that. The Drives are not even half full.Is there any explanation for this?