cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Puppy
Bit Torrent
Posts: 1,813
Location: CZ
Views: 1,858
Message 11 of 19

Re: Malware detected in lenovo System Update


@bmaxxd wrote:

C:\Program Files (x86)\Lenovo\System Update\thinkpadRegKeys\MODNAME.exe doesn't have a digital signature listed under properties on my T500's System Update 5.02.0011


It is something Lenovo should fix. Technically it is an easy task that is part of automated build process.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
newuser222
Serial Port
Posts: 39
Location: United States
Views: 1,843
Message 12 of 19

Re: Malware detected in lenovo System Update

Okay sorry guys it appears to be a false positive.  I could have sworn I had both program and virus defintions up to date, but this morning I updated avast to version 8, and after doing so did a file scan of modname.exe and it didn't pick up anything.

 

EDIT:

 

out of the blue the malware pop-up came again,  modname.exe, so I guess the problem isn't solved. What makes it suspect is that it's running through the system32/rundll32.exe process.

Community SeniorMod
Community SeniorMod
Posts: 1,879
Location: US
Views: 1,825
Message 13 of 19

Re: Malware detected in lenovo System Update

 

 I suggest having the file scanned at Virus Total – http://www.virustotal.com/

*At the top of the page you will see: “Choose File”

*Click that and browse to the file.

*Click “Scan it!”

*Just follow the prompts.

The submission will then be tested against many different AV vendors’ scanners. That will give you an idea what it is and who recognizes it. In addition, unless told otherwise, Virus Total will provide the sample to all participating vendors.

Virustotal Youtube Tutorial

When you get the report, please post back the exact results.

 

Have you tried posting on Avast's forums to see what they have to say?












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





newuser222
Serial Port
Posts: 39
Location: United States
Views: 1,821
Message 14 of 19

Re: Malware detected in lenovo System Update

it passed all clear on virustotal. The weird thing is not even Avast picks up on it when running a full system scan, but that pop-up comes up every now and then anyway.

 

I will check with the avast forums...

Community SeniorMod
Community SeniorMod
Posts: 1,879
Location: US
Views: 1,816
Message 15 of 19

Re: Malware detected in lenovo System Update


@newuser222 wrote:

it passed all clear on virustotal. The weird thing is not even Avast picks up on it when running a full system scan, but that pop-up comes up every now and then anyway.

 

I will check with the avast forums...


Good. Make sure you tell them about the VT results. It sounds as if Avast needs to fix something on their end.












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





newuser222
Serial Port
Posts: 39
Location: United States
Views: 1,780
Message 16 of 19

Re: Malware detected in lenovo System Update

posted in avast forums, from what I gather it's a FP.

 

http://forum.avast.com/index.php?topic=123124.0

Community SeniorMod
Community SeniorMod
Posts: 1,879
Location: US
Views: 1,772
Message 17 of 19

Re: Malware detected in lenovo System Update

It's good to have our suspicions confirmed. Thank you for your follow-up. Smiley Happy












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





ky331
Punch Card
Posts: 56
Location: US
Views: 1,757
Message 18 of 19

Re: Malware detected in lenovo System Update

newuser222 wrote:  "posted in avast forums, from what I gather it's a FP".

 

I don't see how you're inferring that from the avast thread to which you linked:

Expert user Asyn simply advised you how to go about reporting a possible F/P;

Expert user polonus simply summarized what was being asserted in your screen shot [for those who hadn't taken the time to open/view it], then performed a web-search to link to some pages that mentioned that filename, and concluded by asking the question "Could this be a FP?"

I don't see anything definitive coming out of that discussion.

 

The part that puzzles me is your statement that "not even Avast picks up on it when running a full system scan, but that pop-up comes up every now and then anyway".

 

Can you confirm which avast definitions you have?  As of the moment, it should be 13-05-05-0.   Are you still getting the popup/warning?   Or have they stopped?

 

Can you also try to identify some specifics about the Modname.exe file?   For example, is yours also size 184,320 bytes, dated 12/23/10 --- or is something different?   [If different, that could explain why I'm not getting any avast messages on mine.]

 

EDIT:   The message you're getting from avast's file shield asserts FileRepMalware... i.e., the detection is based on the file's "reputation".   The bottom-line here being that "less common" files can be picked-up as being "suspicious"/"unknown".   This is a double-edged sword:   While it can help protect you against new/UNknown malware, it can also object to legitimate, but rarely-seen, programs.   If you wish to test this, you could consider temporarily disabling the FileRep aspect of Avast:   open the orange avast a-ball, select SETTINGS (in the upper-right), select the CLOUD SERVICES tab (on the left), where you can then uncheck (or check) the box to ENABLE REPUTATION SERVICES; then click OK at the bottom.

If the messages are stopped by UNchecking that box, that confirms HOW/WHY the message was being generated.   However, keep in mind that if you leave that box unchecked, you are disabling the FileRep component for ALL programs.

Avast needs to analyze your file, to update their database & reputation-server if it's a F/P [as we suspect], or else, to confirm a malware problem in your particular version...

Windows 7 Pro SP1 (64-bit), avast! 2015 Free, MBAM Pro, Windows Firewall, EMET & MBAE, OpenDNS Family Shield, IE11 & Firefox (both using WOT), Zemana AntiLogger Free, MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS, SAS (on-demand scanner), Secunia PSI.
[I am experimenting with Sandboxie, and believe computer-users who sandbox are acting prudently.]
silhouttejames
Paper Tape
Posts: 4
Location: Philippines
Views: 1,484
Message 19 of 19

Re: Malware detected in lenovo System Update

Update your anti-spyware program. If you do not currently have a spyware removal program, there are many free, highly regarded software downloads.


Disconnect your computer from the Internet. Even if you have Internet Explorer  closed, as long as there is a connection available, the spyware may be connecting and causing damage. Unplug your computer from its modem or the modem from the wall.


Check your "Add/Remove Programs" list from the control panel. If you see a spyware program listed, uninstall it. If you see a program you are not familiar with but are unsure whether it is spyware, check it out before removing it.


Run your antispyware program. If you run it and are still receiving pop-ups, especially if you are still disconnected from the Internet, turn your computer off. Start it again and press the F8 key repeatedly until you see the "Safe Mode" option. Run the antispyware program while your computer is in safe mode.


Revert your system to a date in time prior to the spyware infiltration. Go to the Start menu and point to "All Programs." Point to "Accessories" and then point to "System Tools." Click "System Restore" and follow the instructions on the "System Restore Wizard."

Top Kudoed Authors