Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Facebook Photo Uploader Active X problem
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: |
And, this specific program: Facebook Photo Uploader ActiveX Control 4.x |
| taffy078 | Facebook Photo Uploader Active X problem |
|---|---|
 |
20th Feb, 2010 09:21 |
|
Ranking: 399 Posts: 1,200 User Since: 26th Feb, 2009 System Score: 100% Location: UK |
Good morning. Has anyone tried running the fix? It prompts me to download the solution but all that then happens is three files are downloaded: PhotoUploader55, PhotoUploader55.ocx and unicows.dll. Selecting any of them brings a window "Select a destination" with a sub-heading "select a place where you want to extract the selected item". There is nowhere to simply hit "Run". How can I run the fix please. PS I like the new layout but haven't yet found out how to find the specific topics pages. So, apologies if I should have posted somewhere else. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
20th Feb, 2010 15:42 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
It gets worse. I deleted the programs or so I thought. But a second scan shows the insecure file still there: C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx But it's not in that folder. I've searched hidden files as well. Anyone else having this problem? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| thedillpickl | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 07:51 | ||||||||
| Score: 376 Posts: 872 User Since: 3rd May 2009 System Score: 100% Location: US |
Hi taffy; Having trouble with unicows.dll, hmm? Could it be Welsh? Any file you have to extract to use is a zipped file. For select a destination, if it's not suggesting something like "C:/program files/FaceBook/...", is 'desktop' an option. If so try it. Or possibly create an empty folder on the desktop and extract them there. If all works, you should put them where the old Face Book files were before 'installing' them. Don't forget that .ocx files 'hang' if they're being used or Windows thinks they're being used. You used the folder icon in PSI to find this file? Did you try to find it using cmd.exe in the 'run' box? If you can find it, I know of a utility that will get rid of it. Fred -- XP Home Chrome, Firefox, IE8 -- consilio et animis |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 11:27 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
on 21st Feb, 2010 07:51, thedillpickl wrote: Hi taffy; Having trouble with unicows.dll, hmm? Could it be Welsh? Any file you have to extract to use is a zipped file. For select a destination, if it's not suggesting something like "C:/program files/FaceBook/...", is 'desktop' an option. If so try it. Or possibly create an empty folder on the desktop and extract them there. If all works, you should put them where the old Face Book files were before 'installing' them. Don't forget that .ocx files 'hang' if they're being used or Windows thinks they're being used. You used the folder icon in PSI to find this file? Did you try to find it using cmd.exe in the 'run' box? If you can find it, I know of a utility that will get rid of it. Fred Hi Fred. I think Unicows is a load of bull - groan! Excuse my ignorance but I've never really used DOS commands. (I will, now I have the time to read up on the subject.) So, after cmd.exe, and 'OK' what should I do next?I've entered the filename but it says "bad command/parameter" etc. By the way, when I used the folder icon in PSI, nothing happened. I used the PSI solution wizard. That found the folders but there was no 'run' command. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
21st Feb, 2010 12:08 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Hello Taffy, Not really active on this Forum anymore but saw U were in distress while I was doing some research work. Me thinks U could be going round in circles. If I am reading your posts correctly U have successfully removed: PhotoUploader55, PhotoUploader55.ocx and unicows.dll? What U cannot find is: C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx which Secunia is saying is vulnerable. Am I correct so far? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 12:19 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. Nice to hear from you again.Yes - you're spot on. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 12:49 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
OK. Navigate back to: C:\WINDOWS\Downloaded program files. Can U see this entry? 0CCA191D-13A6-4E29-B746-314DEE697D83 -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 17:36 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. There are three files that look like that: 4A85DBE0-BFB2-4119-8401-186A7C6EB654 Installed (Last accessed 11/12/2007) 8FFBE65D-2C9C-4669-84BD-5829DC0B603C unknown (Last accessed none) D821DC4A-0814-435E-9820-661C543A4679 Damaged (Last accessed 20/02/2010) Could it be the last one? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 18:34 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Right click on each entry - what are their properties? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 20:06 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. Properties are: 4A85DBE0-BFB2-4119-8401-186A7C6EB654 Installed (Last accessed 11/12/2007) ActiveX Control MSN Messenger 8FFBE65D-2C9C-4669-84BD-5829DC0B603C unknown (Last accessed none) Active X control fpdownload. macromedia D821DC4A-0814-435E-9820-661C543A4679 Damaged (Last accessed 20/02/2010) Active X Control drmlicense.one.microsoft.com/crlupdate In case it's relevant, last night I went to run an overnight scan on my Ad-Aware (paid version 8.2.0). It said an update was available, which I downloaded. The damage would have happened during either the download or subsequent scan. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
21st Feb, 2010 22:45 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Not what we want but we can clear these up. Looks like U are not using MSN Messenger in which case remove entry ActiveX Control MSN Messenger by right click>delete. This entry Active X control fpdownload. Macromedia indicates to me that U have a bit of Adobe bloatware installed mainly a download manager from NOS. Check in add/remove for an entry Adobe Download Manager - if it is there I strongly advise U remove it then return C:\WINDOWS\Downloaded program files and delete the ActiveX. The damaged ActiveX is just that - delete it. When required again by the Windows Media Player U will be asked for permission to install it. That clears bit up but not the main event - I am 100% sure that PSI is correct & the ActiveX is there somewhere. Can U please double check the properties of all remaining entries - any U are not completely sure about please post back. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| thedillpickl | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 04:18 | ||||||||
| Score: 376 Posts: 872 User Since: 3rd May 2009 System Score: 100% Location: US |
Hi Taffy & Maurice; Glad to see Maurice has not forgot his friends on the forum. :) Will let you two work this out. @Taffy, let me know if you care to dabble with the 'black box' later. @Maurice, if I don't get a chance to say for a while, please know that I appreciate you. Your presence is missed. Take care of yourself. Fred -- XP Home Chrome, Firefox, IE8 -- consilio et animis |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 08:44 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Thanks Maurice - and a 'good morning' to you. I haven’t got Adobe Download Manager (I did a search too) – just Flash, Shockwave and Air (whatever that is!). I deleted all three and scanned again: (1) The Upload Manager is still there (2) I’ve also gained Macromedia Flash Player 7.x and (3) found a warning for Firefox 3.6.x. I removed Macromedia Flash, using the Adobe tool posted on the Secunia site. I’ll check out the forum for Firefox and am confident there’ll be something already posted but the blasted Facebook Photo Upload Manager5.ocx is annoying me! I googled (to show you guys that I am trying!) - I found many entries with problems; they all refer to Uploader 5 but say the file name is UploadManager55.ocx According to one entry (SpywareHammer) the program has been used to let in all kinds of mischief – rootkits and backdoor Trojans. Some poor guy is in real doobies (a technical term): http://spywarehammer.com/simplemachinesforum/index... So, chaps – what should I do next, please? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 10:28 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
That is my concern - Photouploader5.ocx & Photouploader55.ocx CAN be hidden because they COULD be a Roolkit. I can see U have been dabbling but have U completed all this by deleting all 3 ActiveX? This entry Active X control fpdownload. Macromedia indicates to me that U have a bit of Adobe bloatware installed mainly a download manager from NOS. Check in add/remove for an entry Adobe Download Manager - if it is there I strongly advise U remove it then return C:\WINDOWS\Downloaded program files and delete the ActiveX. The damaged ActiveX is just that - delete it. When required again by the Windows Media Player U will be asked for permission to install it. That clears bits up but not the main event - I am 100% sure that PSI is correct & the ActiveX is there somewhere. Can U please double check the properties of all remaining entries - any U are not completely sure about please post back. What was the result of this? As U now know, if we cannot find the entry in the folder highlighted by Secunia the assumption must be U have a Roolkit which is a completely different ball game. I need to be absolutely sure what is in the folder pointed out by PSI as vulnerable before giving any more advice. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 10:57 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. I have checked the properties of every file in the Downloaded Program Files. There was a new one there, from today: D27CDB6E-AE6D-11CF-96B8-44455354000 Active X Control fpdownload2.macromedia.com/get/shockwave version 10.0.42.34 Description/Company/Language/Copyright: all “unknown” I’ve deleted it. I’ve checked/ searched everywhere for Adobe Download Manager but no trace of it. The offending file is shown by Secunia as C:\WINDOWS\Downloaded Program Files\PhotoUploader 5.ocx I followed the Secunia Fix and got three new files: PhotoUploader 55 (Set Up information), unicows.dll and PhotoUploader55.ocx but there are no Run/instal buttons on them. I'm so sorry to take up your time Maurice. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 11:04 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
PS What I find extremely frustrating is I have Norton Internet Security, AdAware and Spywareblaster. I check for updates every day rather than rely on automatic updates. Yet this happens! humph. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 11:07 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
PPS and I don't even use Facebook.My daughters have, so when this episode is over, I'll delete anything to do with Facebook! -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 11:07 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
PPS and I don't even use Facebook.My daughters have, so when this episode is over, I'll delete anything to do with Facebook! -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 12:02 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
My time is not important. I am reluctant to declare the fact that I think it is a Roolkit so the search goes on. Although very boring could U please confirm: 1. U have checked the properties of all the entries in C:\WINDOWS\Downloaded program files & U are 100% certain the Photoloader5.ocx is not lurking? 2. That this data is correct C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx in that we are looking for an issue with the C drive. 3. Please open IE. Go to Tools>from the drop down box select Manage Add Ons> is there an entry there? I have got an appointment shortly to fix a PC. If the above has not found the issue then I need a clue as to whether it is a Roolkit. Please download Malwarebytes from here: http://www.malwarebytes.org/ Once installed disable Ad Watch - run a full scan. If the scanner will not start STOP what U are doing because I need that information. If it does start let it run & act on any recommendations it makes - again I would like to know the result. Will be back later -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 13:44 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
on 22nd Feb, 2010 12:02, Maurice Joyce wrote: My time is not important. I am reluctant to declare the fact that I think it is a Roolkit so the search goes on. Although very boring could U please confirm: 1. U have checked the properties of all the entries in C:\WINDOWS\Downloaded program files & U are 100% certain the Photoloader5.ocx is not lurking? 2. That this data is correct C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx in that we are looking for an issue with the C drive. 3. Please open IE. Go to Tools>from the drop down box select Manage Add Ons> is there an entry there? I have got an appointment shortly to fix a PC. If the above has not found the issue then I need a clue as to whether it is a Roolkit. Please download Malwarebytes from here: http://www.malwarebytes.org/ Once installed disable Ad Watch - run a full scan. If the scanner will not start STOP what U are doing because I need that information. If it does start let it run & act on any recommendations it makes - again I would like to know the result. Will be back later I confirm #1 and #2, Maurice. Nothing lurking in Downloaded Program files and it's def. the C drive shown by Secunia scan. 3. When I tried to open Manage Add-ons I got an error message "instruction at 0x04b30068 referenced memory at 0x04b30068 could not be written." 4. I downloaded Malwarebytes - but couldn't find Ad Watch. Is this in the Paid version perhaps? 5. Full scan being done - currently 93510 items scanned - 1 hour 15 minutes. Found 15 infected items so far. I've got to pop out now for a half hour so I'll leave it scanning. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 15:40 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 22nd Feb, 2010 15:41 |
Hi. Scanning completed. 350,000 files in just under 3 hours. 20 objects found: Malwarebytes' Anti-Malware 1.44 Database version: 3774 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/02/2010 14:38:04 mbam-log-2010-02-22 (14-38-04).txt Scan type: Full Scan (C:\|E:\|) Objects scanned: 346459 Time elapsed: 2 hour(s), 56 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 17 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W HKEY_LOCAL_MACHINE\SOFTWARE\Relevant Knowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. I'll run another Secunia scan now, Maurice. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 15:54 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
nope - the PhotoUploader is still there in my C Drive Downloaded files. I'll trawl through everything again. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 19:25 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 22nd Feb, 2010 19:26 |
I don't know why I didn't click on the Open Folder icon on the scan results page before, Maurice, but I have just now. There's a message: _______________________________ "The program has been detected in a special folder on your PC. This means that opening the folder where this program was found, most likely won't display for you the actual file. You can, however, open a "Command Prompt" and go to the directory and see the files with 'dir'. Do this by: 1) Press "Start" then select "Run . . " 2) Type "cmd" and click "Ok" 3) In the new window, type "cd C:\WINDOWS\Downloaded Program Files\" 4) type "dir" Do you still want to open the folder?" _________________________________________ Should I do this next, Maurice? Gotta go now to eat - it'll probably be stale bread and warm water, given the day I've had today! -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
22nd Feb, 2010 21:49 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
That is merely taking us where we have already been. We can give that a look later. Have U cleared the IE cache? Open the browser>look for the SAFETY TAB (normally top right)>select Delete Browsing History(tick the boxes U want in ADDITION to the TOP 4 which should be ticked by default. Go to Start>Run>type in REGEDIT>at the top click on EDIT>from the drop down box select FIND>in the box provided type in PHOTOUPLOADER>click find next Does it find anything? If it finds an entry make a note of the highlighted bit on the RIGHT screen. Keep clicking the FIND NEXT option from the EDIT drop down box until U are told it has finished the search. NOTE ALL RIGHT HAND highlighted entries. Do exactly the same thing again only this time type in DC7.exe in the search box. Anything? Close REGEDIT via the red box (top right) & post any info. Go to Start>search>(ensure the C drive is selected/all files & folders including hidden ones) - type in set6930.tmp - anything? -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| Anthony Wells | RE: Facebook Photo Uploader Active X problem | ||||||||
|
22nd Feb, 2010 22:49 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A |
If it helps , this is what Online Armour has to say about the elusive .ocx's and their status , normal location , etc. :- http://www.tallemu.com/oasis2/file/facebook__inc_/... http://www.tallemu.com/oasis2/report/photouploader... Good hunting. Anthony -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 05:54 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. regedit search for photouploader Right screen #1: Name: "ab" icon (Default) Type: REZ_SZ Data: Facebook PhotoUploader5 Control (on the left screen are two sub-folders, one is CurVer and the other is Insertable) Right screen #2: Name: "ab" icon (Default) Type: REZ_SZ Data: value not set Right screen #3: Name: "ab" icon.Owner Type: REZ_SZ Data: Unknown Owner Right screen #4: Name: C:\WINDOWS\Downloadable Program Files\PhotoUploader5 Type: REG_DWORD Data: 0x00000001 (01) Right screen #5: Name: "ab" icon. 005 Type: REZ_SZ Data: PhotoUploader Right screen #6: Name: "ab" icon. 007 Type: REZ_SZ Data: PhotoUploader REGEDIT search for DC7.exe found nothing part 2 to follow -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 05:59 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. Search (via Start/Search) for set6930.tmp found nothing.. Regards David -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| olaflacour | RE: Facebook Photo Uploader Active X problem | ||||||||
|
23rd Feb, 2010 09:11 | ||||||||
| Score: 0 Posts: 9 User Since: 10th Jun 2009 System Score: N/A Location: N/A |
sorry, but you cant delete the file by using the DOS command. I have tryed, but it isnt posible. | ||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 10:08 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Olaf. Hopefully Maurice will be able to resolve this problem. In the meantime, you may wish to run through all the steps he's already posted? (Maurice - Olaf has the same problem, by the looks: http://secunia.com/community/forum/thread/show/358...) -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| olaflacour | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 10:29 | ||||||||
| Score: 0 Posts: 9 User Since: 10th Jun 2009 System Score: N/A Location: N/A |
Hi Taffy I have looked at all the correspondings, and I se the same problem. It is not an add, so it isnt posible to disconnect in IE. I have been in the REGIDIT, but I cant delete it from here. You can delete data here, but the files still exist after doing that. Secunia show 2 items as I should update: C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx I have tryed to extract the files to the map, but without success. It isnt posible to do anything with files in the map C:\WINDOWS\Downloaded Program Files\ - this is a closed map ! We have to wait for a solution..... Olaf |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 11:05 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 23rd Feb, 2010 11:12 |
There is good news. I am now 99.99% sure U have not got a Roolkit & we are dealing with a straightforward file(s) that you cannot find. Regedit has confirmed that Photouploader is there as found by Secunia in C:\WINDOWS\Downloadable Program Files\PhotoUploader5. Just a matter of finding it!! 1. Please confirm U have cleared the cache as requested. 2. I am interested in this entry. Right screen #4: Name: C:\WINDOWS\Downloadable Program Files\PhotoUploader5 Type: REG_DWORD Data: 0x00000001 (01) Please go back to the registry & search again for PHOTOUPLOADER. This time I would like to know where it located from the LEFT PANE. Hopefully U will give me an answer like: HKEY_CURRENT_USER Downloaded programs ...... or it might highlight an entry that should read 0CCA191D-13A6-4E29-B746-314DEE697D83 Edit: There is no great rush for a reply - I am off out to finish off the PC work I started yesterday. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| olaflacour | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 11:37 | ||||||||
| Score: 0 Posts: 9 User Since: 10th Jun 2009 System Score: N/A Location: N/A Last edited on 23rd Feb, 2010 12:05 |
Hi Maurice By searching wit the word "PhotoUploader I find keys here: HKEY_CLASSES_ROOT\CLSID\{0CCA191D-13A6-4E29-B746-3 - and HKEY_CLASSES_ROOT\CLSID\{11C00D9C-F6B0-4470-A4EB-C - and HKEY_CLASSES_ROOT\CLSID\{316DC664-0D6A-4505-A282-8 - and HKEY_CLASSES_ROOT\CLSID\{57D12894-A7FB-4239-A0F6-D - and HKEY_CLASSES_ROOT\CLSID\{70A07902-4D50-4D4B-A5D2-9 - and HKEY_CLASSES_ROOT\CLSID\{8100D56A-5661-482c-BEE8-A - and HKEY_CLASSES_ROOT\CLSID\{A770F9B2-935A-4086-9C5E-1 - and HKEY_CLASSES_ROOT\CLSID\{E57034DA-F2E5-4e06-9393-F -and HKEY_CLASSES_ROOT\Facebook.FacebookPhotoUploader5 -and HKEY_CLASSES_ROOT\Facebook.FacebookPhotoUploader5. - and HKEY_CLASSES_ROOT\TheFacebook.FacebookPhotoUploade -and HKEY_CLASSES_ROOT\TheFacebook.FacebookPhotoUploade -and HKEY_CLASSES_ROOT\TypeLib\{4A85DC9D-85B8-4A9E-A3A0 -and HKEY_CLASSES_ROOT\TypeLib\{C9C78BE1-AF82-4396-8CDA -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191 -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11C00D9 - and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{316DC66 -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57D1289 -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70A0790 -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56 -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A770F9B -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E57034D -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Facebook.Faceb -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Facebook.Faceb -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TheFacebook.Fa -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TheFacebook.Fa -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4A85D -and HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C78 - and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database -and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968} -and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr -and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr I dont need to clere data in the cache, because I never keep data in IE. Hope it helps you to help other, because I cant use such data to anything... Olaf |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 12:03 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
on 23rd Feb, 2010 11:05, Maurice Joyce wrote: There is good news. I am now 99.99% sure U have not got a Roolkit & we are dealing with a straightforward file(s) that you cannot find. Regedit has confirmed that Photouploader is there as found by Secunia in C:\WINDOWS\Downloadable Program Files\PhotoUploader5. Just a matter of finding it!! 1. Please confirm U have cleared the cache as requested. 2. I am interested in this entry. Right screen #4: Name: C:\WINDOWS\Downloadable Program Files\PhotoUploader5 Type: REG_DWORD Data: 0x00000001 (01) Please go back to the registry & search again for PHOTOUPLOADER. This time I would like to know where it located from the LEFT PANE. Hopefully U will give me an answer like: HKEY_CURRENT_USER Downloaded programs ...... or it might highlight an entry that should read 0CCA191D-13A6-4E29-B746-314DEE697D83 Edit: There is no great rush for a reply - I am off out to finish off the PC work I started yesterday. Hi Maurice. 1) I’ve cleared the cache - if that’s what’s meant by Internet Explorer/Tools/Internet Option/delete browsing history (ticking all seven boxes) 2) The entry in "right screen 4" above is in HKEY_LOCAL MACHINE / SOFTWARE / MICROSOFT / WINDOWS / CURRENT VERSION / MODULE USEAGE / SET UP / SHAREDDLLS Hoping this helps. DAvid -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 17:11 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
David, Looks like U have cleared the cache. If it was my PC I would just delete that key but I want to be absolutely certain of what U are telling me before I confirm the action. U claim U have found this in the LEFT hand pane. HKEY_LOCAL MACHINE / SOFTWARE / MICROSOFT / WINDOWS / CURRENT VERSION / MODULE USEAGE / SET UP / SHAREDDLLS LEFT click on that entry in the registry - what key shows up in the RIGHT pane? It should be something like this 0CCA191D-13A6-4E29-B746-3 14DEE697D83 Olaf - I will come back to U. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 18:37 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
on 23rd Feb, 2010 17:11, Maurice Joyce wrote: David, Looks like U have cleared the cache. If it was my PC I would just delete that key but I want to be absolutely certain of what U are telling me before I confirm the action. U claim U have found this in the LEFT hand pane. HKEY_LOCAL MACHINE / SOFTWARE / MICROSOFT / WINDOWS / CURRENT VERSION / MODULE USEAGE / SET UP / SHAREDDLLS LEFT click on that entry in the registry - what key shows up in the RIGHT pane? It should be something like this 0CCA191D-13A6-4E29-B746-3 14DEE697D83 Olaf - I will come back to U. Hi again Maurice. Left-clicking on SharedDlls in the above "route/pathway'? brings up dozens of REG_DWORD enties, including Name: C:\WINDOWS\Downloadable Program Files\PhotoUploader5 Type: REG_DWORD Data: 0x00000001 (01) All of them have similar names, nearly all .dll but only one of them has the style you mention. It's "8CD7F5AF-ECFA- etc etc. I'm happy to follow your advice and just delete it. If I do a 'save' under System Restore, will it bring it back later if I need to? As I see it, I don't use Face Book so if I 'lose' their PhotoUploader, it won't be the end of the world. Oh no. It's just started snowing again! It looks like it will stick so I'll have to stay in tomorrow anyway! :0) You're a star, Maurice but please don't blush! -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 19:06 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
David, Creating a Restore Point is a good idea if U have that feature turned on. Deleting from the Registry is PERMANENT. The trouble is with editing the registry is that there is a possibility of the Black Screen Of Death at boot if the wrong key is removed in which case the restore point is useless because the system will not boot into Windows in any mode. That is why I need exact answers to my questions so I do not give U bad advice. We have proved beyond doubt that the little blighter is in fact in C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx It is safer for U to go back here and investigate further. Navigate back to C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx Please give me an exact list of all the entries U find. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| olaflacour | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
23rd Feb, 2010 21:00 | ||||||||
| Score: 0 Posts: 9 User Since: 10th Jun 2009 System Score: N/A Location: N/A |
tnx Maurice I will wait. Olaf |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 09:14 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
"Navigate back to C:\WINDOWS\Downloaded program files\PhotoUploader5.ocx Please give me an exact list of all the entries U find." There are 32 programs there, Maurice but that file isn't there now. I'll rescan with Secunia to see what that brings. -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 09:24 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
I've just rescanned - it's still picking it up as an insecure program, pointing me to C:\WINDOWS\Downloaded Program Files|PhotoUploader5.ocx. Should I create an 'ignore rule' for it? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 10:06 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK Last edited on 24th Feb, 2010 11:39 |
Up to U but U are hiding a vulnerability. It is there and is dependant on one of the 32 U can see. By listing them, I will be able to give U a clue of which one it is. U can of course do it yourself. On each entry RIGHT click & look at the properties - in the box that appears is a tab called DEPENDENCY - that will reveal which one is used by the vulnerable file. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 12:00 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK Last edited on 24th Feb, 2010 12:01 |
on 24th Feb, 2010 10:06, Maurice Joyce wrote: Up to U but U are hiding a vulnerability. It is there and is dependant on one of the 32 U can see. By listing them, I will be able to give U a clue of which one it is. U can of course do it yourself. On each entry RIGHT click & look at the properties - in the box that appears is a tab called DEPENDENCY - that will reveal which one is used by the vulnerable file. Hi Maurice. I am slowly working my way through them. I'll post them in batches but first I'd like to show you this: Java Runtime Environment 1.6.0. THERE ARE THREE OF THESE. All are ActiveX Control, version 6,0,170,4 and are showing unknown Description and Company. Size of each is 0 bytes. ALL ARE SHOWING LAST ACCESSED ON 11/10/2073 #1 ID {8AD9C840-044E-11D1-B3E9-00805F499D93} Created on 23.02.09 #2 ID {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Created on 23.02.09 #3 ID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Created on 11.10.2009 Is it normal to have IDs like #2 and #3? The letters are reversed. And is 11/10 a co-incidence? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 12:40 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Here's the entire list. 1 of 3: (Dependency in brackets) I haven’t shown the Java packages on which some depend. Checkers Class (C:\WINDOWS\DOW…\MSGRCHKR.DLL) 132 KB DevicEnum Class (C:\WINDOWS\DOWNLOA…\SETUP.INF) 4 KB GMNRev Class (C:\WINDOWS\DOWNLOA…\SETUP.INF) 4 KB iCC Class C:\WINDOWS\…\PCPCONNCHECK.DLL) 86 KB and (C:\WINDOWS\D…\MSGRCHKR.INF) 4KB Installation Support (C:\PRO…\YINSTHELPER20073151.DLL) 213 KB and (C:\PROGRAM FIL…\YINSTHELPER.DLL) 195 KB and (C:\PROGRAM FILES\YAHO…\YINST.INF) 4 KB -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 12:41 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Here's #2of 3: Java Runtime Environment 1.6.0. THERE ARE THREE OF THESE. All are ActiveX Control, version 6,0,170,4 and are showing unknown Description and Company. Size of each is 0 bytes. ALL ARE SHOWING LAST ACCESSED ON 11/10/2073 #1 ID {8AD9C840-044E-11D1-B3E9-00805F499D93} Created on 23.02.09 #2 ID {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Created on 23.02.09 #3 ID {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Created on 11.10.2009 MessengerStatsClient Class (C:\...\MESSENGERSTATSPACECLIENT.DLL) 307 KB Microsoft Data Collection Control (C:\WINDOWS\DOWNL…\MSDCODE.DLL) 397KB Minesweeper Flags Class (C:\WINDOWS\D…\MINESWEEPER.DLL) 131KB MSN Games Installer (C:\WINDOWS\DOWNLO…\ZINTRO.OCX) 159KB MUWebControl Class (C:\WINDOWS\DOWNLO…\MUWEB.INF) 4KB and (C:\WINDOWS\SYSTE…\MUWEB.DLL) 217KB Oberon Flash Game Host (C:\WI…\OBERONGAMEHOST_DBG.INF) 4KB and (C:\WINDO…\OBERONGAMEHOST.DLL) 635KB Office Genuine Advantage Validation Tool (C:\WINDO…\OGACHECKCONTROL.DLL) 696KB and (C:\WINDOWS\DO…\OGACONTROL.INF) 4KB -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 12:42 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
and here's the final third of the list: PCPitstop Exam (C:\WINDOWS\DOW…\PCPITSTOP2.DLL) 389,120 bytes and (C:\WINDOWS\DOW…\PCPITSTOP2.DLL) 385,024 bytes and (C:\WINDOWS\DOW…\PCPITSTOP2.DLL) 385,024 bytes PreQualifier Class (C:\WINDOWS\…\MOTIVEPREQUAL.INF) 4KB Shockwave ActiveX Control. There are two of these. Both are showing created 18/01/2010. Both are versions 11,5,6, 606 and 4KB. Different IDs though: {166B1BCA-3F9C-11CF-8075-444553540000} and {233C1507-6A77-46A4-9443-F871F945D258} Shockwave Flash Object (C:\WIN…\FP_AX_CAB_INSTALLER.EXE) 1.9KB and (C:\WINDOWS\DOWNL…\SWFLASH.INF) 4KB Solitaire Showdown Class (C:\WIND…\ SOLITAIRESHOWDOWN.DLL) 140KB Symantec Download Manager (C:\WINDOWS\DOW…\SYMDLMGR.DLL) 450KB and (C:\WINDOWS\DOWN…\ SYMDLMGR.INF) 4KB Symantec RuFSI Utility Class (C:\WINDOWS\DOWNLOAD…\CABSA.INF) 4KB and (C:\WINDOWS\DOWNLOAD…\ RUFSI.DLL) 4KB System Requirements Lab (C:\WINDOWS\...\SYSREQLAB_NVD.DLL) 356KB and (C:\WINDOWS\DO…\ SYSREQLAB.OSD) 4KB UnoCtrl Class (C:\WINDOWS\DOW...\GAME_UNO1.DLL) 386KB and (C:\WINDOWS\DOW…\ GAME_UNO1.INF) 4KB Webhelper Class (C:\WINDOWS\...\BTWEBCONTROL.DLL) 167KB and (C:\WINDOWS\...\BTWEBCONTROL.INF) 4KB Windows Live Safety Center Base Module (C:\WINDOWS\DOWN...\WLSCBASE.DLL) 458KB and (C:\WINDOWS\DOWN...\WLSCBASE.INF) 4KB WUWebControl Class (C:\WINDOWS\DOWNLO...\WUWEB.INF) 4KB and (C:\WINDOWS\SYSTE...\WUWEB.DLL) 213KB Yahoo! Chess (C:\WINDOWS\D...\YAHOO!CHESS.OSD) 4KB Yahoo! Poker (C:\WINDOWS\...\YAHOO!POKER.OSD) 4KB Yahoo! Pool2 (C:\WINDOWS\D..\YAHOO!POOL2.OSD) 4KB ZoneChess Object (C:\WINDOWS\Downloa..\CHESS.OSX) 380KB -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 12:47 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
PS I see there was a vulnerablity in version 4 too: http://secunia.com/advisories/28713/ -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| M.Hansen | RE: Facebook Photo Uploader Active X problem |
|
24th Feb, 2010 13:51 |
| Score: 188 Posts: 376 User Since: 26th Jan 2009 System Score: N/A Location: Copenhagen, DK |
Hi ActiveX Controls is located in "C:\Windows\Downloaded Program Files\" On Windows XP and Vista: Looking in this folder will NOT display the files the PSI detects. Instead, use the Command Prompt to see the content of the folder and locate the insecure files. If a Solution Download link is not available and you can't replace the old files with the patched one, a possible solution could be to remove the insecure files from the system, and let the website that needs them install the needed files next time you visit the page that uses the ActiveX Control. Please note that deleting files may cause some programs to loose functionality Command Prompt Guide: (On Windows XP only) Go to "Start" -> "All Programs" -> "Accessories" -> "Command Prompt" (On Windows Vista only) Go to "Start" -> "All Programs" -> "Accessories" ->, right click the "Command Prompt" Program and run as admin A black windowbox should now appear. Type: cd "c:\Windows\Downloaded Program Files\" To see the content of the folder, type: dir You should now be able to see the files with their filenames and file extension (such as .dll or .ocx) To delete files type: del filename.fileextension Example: del ActiveX.ocx On Windows 7: With Windows 7 you can now see the files as normal files (.dll, .ocx, etc.) Simply replace the needed files or delete them if needed. |
| olaflacour | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 15:50 | ||||||||
| Score: 0 Posts: 9 User Since: 10th Jun 2009 System Score: N/A Location: N/A |
Hi M.Hansen If you read all threads, then you will se it isnt posible to delete anything in this map. I have tryed 2 times without succes. This is just shit and crap from Facebook Olaf |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 16:09 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Thanks Morten, I am working on the assumption that neither David or Olaf can identify the "bit" to delete wherever they look. Fred was heading in that direction in the first instance but lack of positive ID prevents the deletion of the offender. Having seen entries in their registries & got more of a handle on it both might now be able to "see" the blighter(s) & dump them the traditional way as U describe. Olaf - U have more than one entry. Can U identify them by the method described? Edit: Olaf - I see U have responded. Let me see how this pans out with David before I get back to U. I have posted this 3 times - other attempts did not register - If 3 entries appear I apologise. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 20:43 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Hi Maurice. I saw Morten's reply earlier. But as you have invested so much of your spare time in this problem, I'd like to stick with your thoughts - I'm sure Morten will understand. So did the Java Runtime Environment files stick out as the possible problem, Maurice? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 21:04 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
sorry guys but I decided to try Morten's solution. I've done nothing but shovel blasted snow all day today and I didn't want to take up any more of Maurice's time, especially as Olaf now needs your help, Maurice. It worked!!! Yippeeeeeeeeeeeeeeeeeeeeeeee. It's really cheered me up. Thank you ever so much Maurice, and Morten. Much appreciated. Especially as I needed cheering up - I've just had the results of my annual medical "MOT" - in the UK, it's free for people "of a certain age" (30+!). The doctor said I've got pneumonoultramicroscopicsilicovolcanoconiosis. Well, he thinks I have. Apparently it's hard to say. ;0) Thank you all again, especially Maurice. I'll stick to the "IE8 - German Government" thread from now on! -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 21:06 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
oops - in my excitement, I forgot the rather strange entries for Java Runtime Environment files - see above. Should I delete these and be told later, when I need them, to instal them again? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
24th Feb, 2010 21:28 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
David, Pleased everything is OK - I perhaps got the wrong end of the stick in your case - I thought U could not identify the file by name. Never mind U eventually got there. From your logs I suspect U use BT as your ISP? Could not help seeing U have some bloatware/hassleware on board. If U are happy with your set up so be it - if U want to know more just let me know. Olaf - Below is my bog standard ActiveX remover. Your situation is not that much different from David who has managed to find the file & deleted it. In your case U need to find a few more which I suggest U delete one at a time. Give it a try & let me know the outcome. REMOVING ACTIVEX ================= The traditional method to remove ActiveX is: * * * Windows XP ++++++++++++++++ Launch the command prompt from accessories in the programs list or go to Start>run> and type cmd in the box that appears. type: cd c:\windows\downloaded program files press enter type: dir press enter find the files you wish to remove from the list that appears type: del now type the details of the file found above press enter type: exit press enter * * * Vista +++++++++++ Click Start>In the search box type cmd A Command Prompt icon will display at the top Right click on it & select "Run as administrator" type: cd c:\windows\downloaded program files press enter type: dir press enter find the file you wish to remove from the list that appears type: del now type the details of the file found above press enter type: exit press enter Windows 7 +++++++++ Life is much simpler with Windows 7. Just note the FILE PATH of the insecurity highlighted by Secunia by clicking the + sign next to the entry> click OPEN FOLDER in the toolbox>a screen will appear>click OK>now select the file noted in the FILE PATH & zap it. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| wlls2 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
25th Feb, 2010 00:14 | ||||||||
| Score: 0 Posts: 3 User Since: 24th Feb 2010 System Score: N/A Location: US Last edited on 25th Feb, 2010 00:19 |
Use "Disk Cleanup" in Windows making sure to check the box next to "Downloaded Program Files", this will remove the "Facebook Photo Uploader 5 Control", rerun SPSI and you'll find the alert is gone. Hope this helps. -- Bill (not Gate$) |
||||||||
|
|||||||||
| taffy078 | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
25th Feb, 2010 09:24 | ||||||||
| Score: 399 Posts: 1,200 User Since: 26th Feb 2009 System Score: 100% Location: UK |
Thanks Maurice. I'd be happy to delete all the bloatware, the chocolate teapots, as you say! Should I post a new thread? BTW are you happy with the strange Java files I have? -- taffy078, West Yorkshire, UK Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003 Laptop: Win 7 / IE9 / PSI v2.0.0.3003 |
||||||||
|
|||||||||
| Maurice Joyce | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
25th Feb, 2010 11:05 | ||||||||
| Score: 10500 Posts: 8,063 User Since: 4th Jan 2009 System Score: 100% Location: UK |
David, I suggest it is a good idea to create a new thread called something like BT Hub Set Up. It could be interesting to UK residents because there are settings that improve security. All I need to know is which hub U have. Mk1 is generally white & has green lights & has a small aerial. Mk 1.5 or the latest v2. The details are on the plate at the back. Please do not disclose any other details from the label. As a wash up to this thread our journey was not a complete waste of time. ORACLE JAVA. I have just looked at my test machine which is XP. There are 3 entries as U describe. Have U got the latest version of JAVA installed which is version 6 update 18? The difference I see is that all mine are dated 16/1/10 with a version number of 6.0.180.7 which reflects the latest version. LAVA SOFT AD AWARE U mentioned somewhere in the thread that U had Lavasoft Ad Aware paid version installed. I asked U to switch off Ad Watch which U thought might be part of Malwarebytes. Ad Watch is part of Ad Aware & can be activated to give real time protection. Have U got it switched on? I think I have posted elsewhere how to clear the Blue Screen Of Death if it occurs in XP with Lavasoft. MALWAREBYTES Have U uninstalled Malwarebytes? If not, keep an eye on it - it does NOT like Ad Aware & they fight each other resulting in excessive CPU usage. I have dumped my Pro version of Ad Aware for the Pro version of Malwarebytes which is much more focused. SYMANTEC (NORTON) INTERNET SECURITY U also have this installed. Works seamlessly with Malwarebytes but again does not like Ad Aware dependant on version. Lavasoft introduced an anti virus element into the latest & greatest Pro version. Once again this caused massive CPU usage as the battled for dominance. It looks like your overall security set up is OK because our search proved that U had not got a Roolkit in relation to Photouploader after all. ACTIVEX There is much hype about ACTIVEX. I have no concerns but they do need controlling. From your log U can clearly identify what most of them are for. Delete any that are redundant. Hope this helps & pleased to hear U are back to 100%. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| Anthony Wells | RE: Facebook Photo Uploader Active X problem | ||||||||
|
|
25th Feb, 2010 19:33 | ||||||||
| Score: 2324 Posts: 3,203 User Since: 19th Dec 2007 System Score: N/A Location: N/A Last edited on 25th Feb, 2010 19:41 |
Hello taffy and Maurice , FWIW , it is often recommended to run MBAM again after it has found the sort of aggressive "adware" which showed in your log and to Keep rerunning MBAM until it shows clear . The first clear out can expose other stuff . The following item will reappear as it refers to your Windows Security Centre status ; if your set up is as you wish , you can select to ignore this alert , and it will appear under the "ignore list" tab Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. SuperAntiSpyware is a very good (complimentary) partner to MBAM and they don't fight ; they both have free and paid versions , I have both as free versions and so only get on "demand scans" , this is fine for me as I prefer to have only one "active guard" running at a time and the one in my Security Suite does all I require . I have found they are better for me than AdAware , in all respects , which became very uppity on my system when they added the A/V stuff 14 months or so ago Take care Anthony PS: look away now taffy , you won't want to know that our temperature todaay is 16°C nor that the first strawberries are in from Maroc at 3 to 5 € per kilo :)))) -- It always seems impossible until its done. Nelson Mandela |
||||||||
|
|||||||||
