By abe10tiger ยท 19 replies
Jan 19, 2010
  1. Hi. My Norton anit-virus currently detected a security risks SecurityRisk.eGatherer and cant remove it!! It told me to visit lenovo help and support site for manual removal. So i went to the site and followed the instructions written their. It was written there that I had do download and install access support 3. So i downloaded it and installed it... but after a few days, it was still there in unresolved security risk of norton. Soi tried downloading access support 1 and 2 but still... nothing happened. Norton info about SecurityRisk.eGatherer said that SecurityRisk.eGatherer was not a malware or virus but was a security risk proned to be attacked. Please help me. I have no idea what to do. Thanks.
  2. jobeard

    jobeard TS Ambassador Posts: 11,122   +982

    google is your friend ---

    using just this SecurityRisk.eGatherer, found this link
  3. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16


    But i've already been to that site. that was the site which told me to visit lenovo help and support. And lenovo help and support told me to download and install access support3. but nothing happened.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please visit Security update for Access Support and Access IBM to download an update for this issue.

    From the referenced site:
    Before you scan with HijackThis, please do this:
    Control Panel> Folder Options> View tab> CHECK 'show hidden files and folders'> Uncheck hide protected system files> Apply> OK.

    Please scan with HijackThis- download HERE
    Paste logs into your next reply.
    We may be able to identify the file in the log.
  5. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16

    Cant find folders option.

    I cant find the folder options. Im not sure if the folder i clicked is the folders option you are talking about. And i cant find the view tab you were talking about. Please help. thanks
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    If you have the Control Panel set in the Category View:

    Start> Settings> Control Panel> Appearance & Themes> Folder Options> click on View tab> Files & Folders section> Check 'show hidden files and folders'> Uncheck 'hide protected system files'-Recommended> Apply> OK.
  7. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16


    Ok. I did the following. Before i scan with Hijack this, do i turn of my anti virus and firewall? thanks.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    No you don't the only things we ask you disable for the preliminary scans are 'Real Time Protection': Examples would be TeaTimer in Spybot Search & Destroy. AdWatch in AdAwarwe or Symantec Endpoint:

    Right click on the icon in the Taskbar notification area & select "Disable Symantec EndPoint Protection".
  9. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16

    Here is the Log for hijack this.

    here is the log for hijack this.

    Attached Files:

  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Your Java is way out of date. this is a vulnerability for the system. You have jre1.6.0_07> current is v6u18.
    Visit Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    Has the Security Risk problem been resolved? If there any other malware-related problem?

    I'd like you to run this online AV scan to make sure we haven't missed anything:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Please attach the Eset logs to next reply. If it's clean and the problems have been resolved, I'll have you remove the cleaning tools and old restore points.
  11. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16

    here is the log for ESET online scanning

    here is the the log for ESET online scanning

    Attached Files:

    • log.txt
      File size:
      840 bytes
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    That is a very clean log! I don't get to see that a lot.

    I suggest you take this off of Startup:

    You are also running a lot of useless processes that will use the system resources. You should review what you have on startup- very little needs to start on boot. Programs and apps can be started when needed. You should also review what is in Add/Remove Programs and uninstall any you no longer use. Get the Java updated-it's a security risk.

    You also need to find the Norton program folder(s) and find out why you have the double entries.

    If the problems are resolved:
    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.
    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    More details and screenshots for Disk Cleanup in Windows Vista can be found here.
  13. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16


    Well, every time i open Norton and check the history and click unresolved security risk, SecurityRisk.eGatherer still appears. But few days ago, i restarted my pc. After restarting it, a message popped up that "your computer has just installed a security update". But the SecurityRisk.eGatherer still appears in the unresolved security risk.

    And, yup, i have a lot of useless processes that i dont know how to close. I tried ending a process in task manager but afraid cause a message pops out that terminating a process can cause undesirable results including loss of data etc. How do i close them properly?

    My Java has been updated and uninstalled old versions of my java just like what you told me.

  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Ending the process in the Task Manager isn't a good idea and isn't going to do anything except stop it until you reboot. You should 1. stop the process from starting on boot. Then 2. uninstall any program or app you don't need or use, then 3. remove the program folder. 4. Change any associated Service to either Disabled or Manual Startup.

    NOTE: I'm using iPod as an example below. It is not the best example but I wanted you to understand where to look and what to do.

    1. Start> Run> type in msconfig>enter> Selective Startup> Startup menu> Uncheck any process you don't want to start> when finished with all the unchecking> click on Apply> OK
    (Example: you decide you don't need this to start on boot: C:\Program Files\iPod\bin\iPodService.exe so you Uncheck iPod
    2. Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Start> Settings> Control Panel> Add/Remove Programs> uninstall here> Close
    (But you don't want to uninstall the iPod so you leave it)

    3. While still in Safe Mode: access Windows Explorer using right click on Start> Explore:
    Open My Computer> double click on Local Drive (C)> Programs> look for the folder for any program you uninstalled> do a right click> Delete on each folder.
    Close Windows Explorer.
    (And you didn't uninstall iPod so you don't delete the folder)

    4. Start> Run> type in services.msc> double click the Service> Change the Startup type as follows:
    For a Service related to a program you will use as needed but does no start on boot> Manual
    For a Service related to a program you have uninstalled> Disable Startup type> stop Service
    Close Services.
    (But iPod has a Service that will start it automatically, but you want to change that: so you find this in the Services and double-click:
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe. So you take it off Automatic startup and change it to Manual instead. This way it will only run when you open the program and run it.)

    Reboot the computer back into Normal Mode: NOTE: the first time you reboot after using msconfig, you get a nag message that you can ignore and close after checking 'don show this message again.' Stay in Selective Startup.
  15. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16


    I did not get the Step4 very much. What service will i double click? Could you explain it a bit easier? Thanks.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    What I gave you was an outline of the steps to take programs or applications off of Startup.

    This section tells you where and how to change a Service Startup type. Services can start Automatically on boot, Manually when you need them or not at all, which would be Disabled.

    I only use iPod as an example. So which Service you change depends on which program you took off of Startup.
  17. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16


    Ok. i've done the following. Do i i install the OTCleanIt by OldTimer now?
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Yes, Abe, follow my instructions in Post 12.

    The following optional but highly recommended. Do one or all:

    Please follow these simple steps to keep your computer clean and secure:
    1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

    System Restore Guide

    2.Stay current on updates:
    • Visit the Microsoft Download Sitefrequently.
      You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
    • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

    3.Make Internet Explorer safer. Follow the suggestions HERE
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

    4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
    6.Use a good, bi-directional firewall(one software firewall)
    See Understanding and Using Firewalls including links to download a firewall.

    7.Consider these programs for Extra Security
    • Spywareblaster:
    • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    • IE/Spyad
    • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.

    If I can be of further assistance, please let me know.
  19. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 789   +16


    Thanks! You have been a very big help. Ask you questions if i run into any troubles. Thanks:)
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You're welcome. Any questions accepted- anytime!
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...