SecurityRisk.eGatherer

Status
Not open for further replies.
abe10tiger

abe10tiger

Posts: 611   +16
Hi. My Norton anit-virus currently detected a security risks SecurityRisk.eGatherer and cant remove it!! It told me to visit lenovo help and support site for manual removal. So i went to the site and followed the instructions written their. It was written there that I had do download and install access support 3. So i downloaded it and installed it... but after a few days, it was still there in unresolved security risk of norton. Soi tried downloading access support 1 and 2 but still... nothing happened. Norton info about SecurityRisk.eGatherer said that SecurityRisk.eGatherer was not a malware or virus but was a security risk proned to be attacked. Please help me. I have no idea what to do. Thanks.
 
hi

But i've already been to that site. that was the site which told me to visit lenovo help and support. And lenovo help and support told me to download and install access support3. but nothing happened.
 
Please visit Security update for Access Support and Access IBM to download an update for this issue.

From the referenced site:
If you have installed Access Support fix pack 1 or 2, you should also install fix pack 3 even if you have not reinstalled Access Support.

Access Support fix pack 3 also addresses an issue where Symantec's Norton Anti Virus may identify and flag associated files. To avoid continuing to get Norton AntiVirus notifications, please install fix pack 3.
Click to expand...
See the "Additional information" section to learn which files may be reported by Norton AntiVirus.
Files reported by Norton AntiVirus

This patch addresses the following files that Symantec's Norton AntiVirus may report:
Note: Other files may be reported as well. These are only the most common ones.

* acpcontroller.dll
* acpcontroller
* acpcon~1.dll
* acpcontrol.cab
* ibmegath.cab
* ibmegath.dll
* as_setup.ex2
Click to expand...

Before you scan with HijackThis, please do this:
Control Panel> Folder Options> View tab> CHECK 'show hidden files and folders'> Uncheck hide protected system files> Apply> OK.

Please scan with HijackThis- download HERE
Paste logs into your next reply.
We may be able to identify the file in the log.
 
Cant find folders option.

I cant find the folder options. Im not sure if the folder i clicked is the folders option you are talking about. And i cant find the view tab you were talking about. Please help. thanks
 
Control Panel> Folder Options> View tab> CHECK 'show hidden files and folders'> Uncheck hide protected system files> Apply> OK.
Click to expand...

If you have the Control Panel set in the Category View:

Start> Settings> Control Panel> Appearance & Themes> Folder Options> click on View tab> Files & Folders section> Check 'show hidden files and folders'> Uncheck 'hide protected system files'-Recommended> Apply> OK.
 
Hi

Ok. I did the following. Before i scan with Hijack this, do i turn of my anti virus and firewall? thanks.
 
No you don't the only things we ask you disable for the preliminary scans are 'Real Time Protection': Examples would be TeaTimer in Spybot Search & Destroy. AdWatch in AdAwarwe or Symantec Endpoint:

SYMANTEC ENDPOINT PROTECTION
Right click on the icon in the Taskbar notification area & select "Disable Symantec EndPoint Protection".
EndPoint.gif
 
Here is the Log for hijack this.

here is the log for hijack this.
 

Attachments

  • hijackthis.log
    8.9 KB · Views: 1
Your Java is way out of date. this is a vulnerability for the system. You have jre1.6.0_07> current is v6u18.
Visit Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

Has the Security Risk problem been resolved? If there any other malware-related problem?

I'd like you to run this online AV scan to make sure we haven't missed anything:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Please attach the Eset logs to next reply. If it's clean and the problems have been resolved, I'll have you remove the cleaning tools and old restore points.
 
here is the log for ESET online scanning

here is the the log for ESET online scanning
 

Attachments

  • log.txt
    840 bytes · Views: 1
That is a very clean log! I don't get to see that a lot.

Has the Security Risk problem been resolved? Is there any other malware-related problem?
Click to expand...

I suggest you take this off of Startup:
RobloxApp.exe

You are also running a lot of useless processes that will use the system resources. You should review what you have on startup- very little needs to start on boot. Programs and apps can be started when needed. You should also review what is in Add/Remove Programs and uninstall any you no longer use. Get the Java updated-it's a security risk.

You also need to find the Norton program folder(s) and find out why you have the double entries.

If the problems are resolved:
Remove all of the tools we used and the files and folders they created
  • DownloadOTCleanIt by OldTimer
  • Save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.
You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

More details and screenshots for Disk Cleanup in Windows Vista can be found here.
 
Hi

Well, every time i open Norton and check the history and click unresolved security risk, SecurityRisk.eGatherer still appears. But few days ago, i restarted my pc. After restarting it, a message popped up that "your computer has just installed a security update". But the SecurityRisk.eGatherer still appears in the unresolved security risk.

And, yup, i have a lot of useless processes that i dont know how to close. I tried ending a process in task manager but afraid cause a message pops out that terminating a process can cause undesirable results including loss of data etc. How do i close them properly?

My Java has been updated and uninstalled old versions of my java just like what you told me.

Thanks.
 
Ending the process in the Task Manager isn't a good idea and isn't going to do anything except stop it until you reboot. You should 1. stop the process from starting on boot. Then 2. uninstall any program or app you don't need or use, then 3. remove the program folder. 4. Change any associated Service to either Disabled or Manual Startup.

NOTE: I'm using iPod as an example below. It is not the best example but I wanted you to understand where to look and what to do.

1. Start> Run> type in msconfig>enter> Selective Startup> Startup menu> Uncheck any process you don't want to start> when finished with all the unchecking> click on Apply> OK
(Example: you decide you don't need this to start on boot: C:\Program Files\iPod\bin\iPodService.exe so you Uncheck iPod
2. Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Start> Settings> Control Panel> Add/Remove Programs> uninstall here> Close
(But you don't want to uninstall the iPod so you leave it)

3. While still in Safe Mode: access Windows Explorer using right click on Start> Explore:
Open My Computer> double click on Local Drive (C)> Programs> look for the folder for any program you uninstalled> do a right click> Delete on each folder.
Close Windows Explorer.
(And you didn't uninstall iPod so you don't delete the folder)

4. Start> Run> type in services.msc> double click the Service> Change the Startup type as follows:
For a Service related to a program you will use as needed but does no start on boot> Manual
For a Service related to a program you have uninstalled> Disable Startup type> stop Service
Close Services.
(But iPod has a Service that will start it automatically, but you want to change that: so you find this in the Services and double-click:
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe. So you take it off Automatic startup and change it to Manual instead. This way it will only run when you open the program and run it.)

Reboot the computer back into Normal Mode: NOTE: the first time you reboot after using msconfig, you get a nag message that you can ignore and close after checking 'don show this message again.' Stay in Selective Startup.
 
Hi

I did not get the Step4 very much. What service will i double click? Could you explain it a bit easier? Thanks.
 
What I gave you was an outline of the steps to take programs or applications off of Startup.

This section tells you where and how to change a Service Startup type. Services can start Automatically on boot, Manually when you need them or not at all, which would be Disabled.

I only use iPod as an example. So which Service you change depends on which program you took off of Startup.
 
Yes, Abe, follow my instructions in Post 12.

The following optional but highly recommended. Do one or all:

Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:
  • Visit the Microsoft Download Sitefrequently.
    You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP2
  • Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
  • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
6.Use a good, bi-directional firewall(one software firewall)
See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security
  • Spywareblaster:
  • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  • IE/Spyad
  • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know.
 
Status
Not open for further replies.

Similar threads

D
Google Chrome gets real-time phishing and malware protection with upgraded Safe Browsing...
Replies
7
Views
251
Evrsr
E
A
The US Department of State is still using 13-year-old operating systems
2
Replies
28
Views
981
yRaz
yRaz
A
Microsoft left a kernel-level, zero-day bug in Windows for six months before patching it
Replies
9
Views
225
LimyG
LimyG

Latest posts

Back