Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Stupid PSI 2.0 detection
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
PSI
| TMOnciu | Stupid PSI 2.0 detection |
|---|---|
 |
5th May, 2012 15:01 |
|
Ranking: 0 Posts: 8 User Since: 24th Jan, 2008 System Score: N/A Location: N/A |
Secunia PSI 2.0 detect that I have an unpatched Adobe Flash Player. But if I've click on deails, it tells me about a file: C:\WINDOWS\system32\Macromed\Flash\Flash10y.ocx that DOESN'T EXIST on my PC. Did Secunia PSI 2.0 get drunk or maybe some drogs ??? Because it seems to be halucinating... |
| Maurice Joyce | RE: Stupid PSI 2.0 detection | ||||||||
|
5th May, 2012 15:08 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Once again U have published something without the evidence. What does the troubleshoot report say? FINDING A FILE PATH USING PSI VERSION 2 From the DASHBOARD page click on SCAN RESULTS. 1. This will list all your programmes with a + to the left of each programme. 2. Click the + sign next to the item that U want help with. 3. This will reveal the path under DETECTED INSTANCES. 4. Below DETECTED INSTANCES you will see this You can double click this row for additional information & options>double click it>a box will appear>look to the RIGHT & U will see TROUBLESHOOT REPORT in BLUE writing under the heading TOOLBOX> click TroubleShoot Report & it will reveal some information in a box>highlight the information revealed from ---START--- to ---END--- & copy it (CTRL+C) then post it to the Forum (CTRL+V) As an EXAMPLE the end result U post to the Forum should look something like this: ---START--- Program Name: Adobe Flash Player 11.x Security State: Patched Download Link: http://fpdownload.adobe.com/get/flashplayer/curren... Instances Found: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_20 Last System Scan (localtime): 3. Apr 2012, 09:25 Operating System: Microsoft Windows 7 ---END--- Update 15 09:31 04/04/2012 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| TMOnciu | RE: Stupid PSI 2.0 detection | ||||||||
|
|
5th May, 2012 17:54 | ||||||||
| Score: 0 Posts: 8 User Since: 24th Jan 2008 System Score: N/A Location: N/A |
How can I send you a screen capture in order to believe me ? | ||||||||
|
|||||||||
| RE: Stupid PSI 2.0 detection | [+] |
|
| This reply has been deleted | ||
| Maurice Joyce | RE: Stupid PSI 2.0 detection | ||||||||
|
|
5th May, 2012 23:01 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
The troubleshoot report produces a screenshot of the offending folder or file. If U want to produce other data to compliment it this can easily be done. POSTING A SCREEN SHOT TO THE FORUM To post a screen shot to the Forum U need to: 1. Capture the image by using a programme such as: a. Microsoft Paint - details here:How To Take A Screen shot: http://www.wikihow.com/Take-a-Screenshot-in-Micros... b. Microsoft One Note c. Microsoft Snippet (Windows 7 & Vista) d. Any third party equivalent programme. 2. Save the image to an online repository such as Microsoft Skydrive or here: http://www.picamatic.com/ 3. Post the hyperlink to the stored online image to the Forum. Use CTRL+C to copy & CTRL+V to post to the Forum. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| TMOnciu | RE: Stupid PSI 2.0 detection | ||||||||
|
|
5th May, 2012 23:29 | ||||||||
| Score: 0 Posts: 8 User Since: 24th Jan 2008 System Score: N/A Location: N/A |
See this: http://www.picamatic.com/show/2012/05/06/01/29/839... | ||||||||
|
|||||||||
| Maurice Joyce | RE: Stupid PSI 2.0 detection | ||||||||
|
|
5th May, 2012 23:57 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 6th May, 2012 00:36 |
Flash32_11_202_228.OCX should NOT be present it that folder. That is the old copy replaced by Flash32_11_202_235 hence the vulnerability notification. Flash32_11_202_228.OCX requires deleting & after a full rescan that error should have been removed. Some other files in the folder that are not downloaded from Adobe either. I assume U are using or have used Microsoft Security Essentials? If U have problems deleting that file I would recommend using the traditional method that will clear out your dross as follows: UPDATING THE STANDALONE ADOBE FLASH PLAYER 1. Download & SAVE these to desktop. IE & Other Browsers using the Trident Rendering Engine. http://fpdownload.adobe.com/get/flashplayer/curren... 2. The installer will appear on the desk top. THE IMPORTANT BIT - Before agreeing to install Flash check these programmes are completely shut down (use the Task Manager if necessary (CTRL+SHIFT+ESC) to COMPLETELY EXIT these processes if running)): a. All Browsers. b. Windows Messenger. c. Incredimail. d. All Adobe Products. e. PSI - Unless using version 2 or version 3 BETA 2 3. The new install will then remove all old files during the update process. 4. Complete a PSI rescan & all should be in order. Go to Start>Control Panel>click the Flash Player (32 Bit) icon>check the settings are to your requirements. Update 13 22:53 05/05/2012 EDIT: A bit more research indicates to me that the non Adobe files U have in that folder contain the file that is insecure. Not only should U be deleting Flash32_11_202_228.OCX but also genuinst.exe (where the real offending file resides). KB923789.inf & the file named Install log should also be considered dross & removed to the Recycle Bin -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| TMOnciu | RE: Stupid PSI 2.0 detection | ||||||||
|
|
8th May, 2012 10:20 | ||||||||
| Score: 0 Posts: 8 User Since: 24th Jan 2008 System Score: N/A Location: N/A |
How can I explain in order to understand that: - on my PC (laptop HP Compaq 6720s) doesn't exist a file called Flash10y.ocx in any place (in "C:\WINDOWS\system32\Macromed\Flash\" or anywhere else); - Secunia PSI 2.0 tells me that is a file "C:\WINDOWS\system32\Macromed\Flash\Flash10y.ocx", even this file doesn't exist. More that, I've heared similar situations that happens to other friends. That seems like Secunia PSI 2.0 tell about one or moe application that are not on that PC, but these are on other PC. Apparently because on both PCs are running same Secunia PSI 2.0 (installed from same kit) and registered with same username / e-mail address. The Secunia PSI 2.0 seems to display on every computer where it is installed with same username / e-mail address all aplication installed on all, even an application is installed only on one of these PCs. My friend apparently resolved this issue by uninstalling Secunia PSI 2.0 and replacing it with old Secunia PSI 1.5. Old is better that new ? Like new = trash ??? It is possible that Secunia PSI to display on a computer applications that are not installed on that computer, just like it's detection was not only on that PC, but on all PCs (even that PCs are not in same network - one at work and another at home, for example) ? |
||||||||
|
|||||||||
| Maurice Joyce | RE: Stupid PSI 2.0 detection | ||||||||
|
|
8th May, 2012 21:53 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 8th May, 2012 21:57 |
I did not immediately respond to your latest post to allow other helpers or a Secunia Official to add or offer another way to solve your issue. Does it not surprise U why no one has bothered? Perhaps this due to your downright offensive Thread Header & condescending remarks in your opening post that appears to blame the world for your woes when it is your inability to research & action advice already given, or respond with facts as to why that advice will not work for U. Being in denial will solve nothing. Both threads U have created are confusing in that U "throw in" comments that have nothing to do with this problem. This problem (and your other one) exists on a 32 Bit Windows XP PC (according to the information submitted) full stop. Forget mentioning Linux (your other thread)/Networks/Working from home & work. Better U read the EULA & what variants of Windows PSI supports before writing those irrelevant comments. In the UK call we call such remarks "Red Herrings". For example: Where have your friends posted to the Forum (hyperlink to each thread would be helpful) claiming PSI 2 gives different results to PSI 1.5? To get back to your "problem". As previously posted, from the screen shot U have produced there are files in the Macromed Folder that are causing the issue as follows: 1. Genuine files in the folder that should be retained on a 32Bit XP PC. Flash32_11_2_202_235.ocx Flash Installer log Flash Player Update Service.exe FlashUtil32_11_2_202_235 ActiveX.dll FlashUtil32_11-2_202_235 ActiveX.exe mms.cfg 2. These file SHOULD NOT now be in that folder & once deleted will resolve the issue. Flash32_11_2_202_228.ocx Install log - Look in this Microsoft log file - there should be plenty of clues. KB923798.inf - This dates back to 2006. Have U researched this? http://technet.microsoft.com/en-us/security/bullet... genuinst.exe - This also dates back to 2006 & contains the file Flash10y.ocx The question U should be asking yourself, rather than blame PSI, is why these old files remain in that folder in the first instance. Flash32_11_2_202_228.ocx got there because U improperly updated Flash by having it running during the update procedure. I have no idea how a Microsoft update dated 2006 (2008) is still present in the folder that is your problem not PSI who most certainly did not install those files. genuine.exe has the embedded file that U continually claim is not on your PC. Once U delete these files the problem is resolved. U can easily test this fact. Create an ignore rule for genuine.exe & then run a full PSI scan. U will note the problem has gone from the scan results. In other words these files are dross & should be sent to the Recycle Bin. A full rescan will then give a clean bill of health. Flash32_11_2_202_228.ocx Install log KB923798.inf genuinst.exe Once that is sorted it will resolve the other problem regarding Flash from your other thread. Is your Oracle JAVA folder in the same mess as your Flash folder? If so that accounts for your one outstanding alleged problem on the other thread. I do not work for or represent Secunia in any way. I give a little of my spare time trying to help those who may have a problem. I will now bow out gracefully from this thread (and your other one) until such time as the "tone" of your posts is more in line with someone who appreciates FREE help rather than blame everything/everyone but himself. Before U throw in another "Red Herring" I have researched this using Windows XP SP3 32 Bit. EVIDENCE supplied quantifying any statement on a Forum => Good Research by user/helper - worth helping/trying out. QUESTIONS asked in a temperate tone => Lots of friendly advice from dedicated Forum helpers & if necessary a Secunia Official. To date no help for U on either thread except silly old me. Can U blame them? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| TMOnciu | RE: Stupid PSI 2.0 detection | ||||||||
|
|
8th May, 2012 23:26 | ||||||||
| Score: 0 Posts: 8 User Since: 24th Jan 2008 System Score: N/A Location: N/A |
My friend did not post what it happens. Maybe he didn't have enough time for this. He simply "downgraded" from Secunia PSI 2.0 to Secunia PSI 1.5 and in this mode he solved that problem. So I will do this when I could allow some minutes to this. Escuse me for entire "tone" in this post. Maybe it was a little bit aggresive, but, sincerely, I'm so tired to fight with same stupid situations. Sincerely, when my friend tells me that, it was a little bit after Secunia PSI 2.0 has it's final release (i.e. no beta), but that was some monts in the past... As he remembers, he has installed Google Chrome only on one of his laptops, but Secunia PSI 2.0 looks like he has install this browser on all hes PCs (3 laptops and a desktop, all running Windows XP - SP3, updated "up-to-date" as Windows Update reclaims). After all, if you can fix this issue, very well. If not, Secunia PSI 1.5 is good enough for me. I have not enough time to waste for this issue. I've repeat the last once: apparently, tis issue happens when you have more PCs running Windows XP SP3, Secunia PSI 2.0 registered on each PCs with same Secunia profile. In this case, Secunia PSI 2.0 seems to display on a PC programs/files that doesn't exist on that PC, but are on anoter PC. The problem is you must find the PC where that program is installed and update it to remove the warning on all PCs you have. If this is no stupid, tell me... |
||||||||
|
|||||||||
| Maurice Joyce | RE: Stupid PSI 2.0 detection | ||||||||
|
|
8th May, 2012 23:35 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 10th May, 2012 18:42 |
Once again U have gone off at a tangent. We are NOT interested in your friends issue. If he/she claims a scan bug exists he/she should create their own thread giving PRECISE details of the events that lead to this "problem". Better still he/she should email support with all the details as outlined here http://secunia.com/products/consumer/PSI/faq/#q9 Until this happens as far as I am concerned he/she is talking a load of "claptrap" because there is NO EVIDENCE to support such a statement. Back to your problem. As far as I can see U remain in denial that the vulnerability exists. What have U done from the advice given to date? 1. Have U created an ignore rule to prove genuinst.exe is your problem file? 2. Have U attempted to delete these files? Flash32_11_2_202_228.ocx Install log KB923798.inf genuinst.exe If so what happened? 3. Have U researched the Microsoft link I gave U? If not what is the rationale for not trying? 4. I think U are saying that U created this thread when using PSI version 2 & on the advice of your friend U have now reverted to PSI version 1.5. Is that correct? If so U should lock both threads as they are both totally irrelevant or I can lock them on request. Complete time waster. Thread Locked 16:49 10/05/2012 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
