Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Vulnerability Detected in Recycle Bin

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
sexauerwl Vulnerability Detected in Recycle Bin
Member 12th Sep, 2010 17:34
Ranking: 7
Posts: 8
User Since: 12th Sep, 2010
System Score: N/A
Location: US
PSI detected an old, vulnerable program in my Recycle Bin (Windows 7). I have emptied it and rescanned, but PSI is still reporting it as there. I cannot find the reported file on my hard drive, but cannot make the report go away. Is there any reason why I should not make a rule to exclude the Recycle Bin?

Maurice Joyce RE: Vulnerability Detected in Recycle Bin
Handling Contributor 12th Sep, 2010 18:55
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If U have emptied the recycle bin & PSI has still found a file what path does it point to?
I assume U have carried out a FULL rescan of the system?
FINDING A FILE PATH - ALL PSI VERSIONS EXCEPT VERSION 2 (BETA)

To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum if U are unsure what to do next.

PSI VERSION 2 (BETA)

From the DASHBOARD page click on RESULTS.

1. This will show U the file that is vulnerable.
2. Click the + sign next to the file.
3. This will reveal the path.
4. Highlight it then copy (CTRL+C) & then paste (CTRL+V) that path back to the Forum if U do not know what to do next.


Update 4 20:22 03/09/2010

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
sexauerwl RE: Vulnerability Detected in Recycle Bin
Member 12th Sep, 2010 21:52
Score: 7
Posts: 8
User Since: 12th Sep 2010
System Score: N/A
Location: US
OK, here is the path:
C:\$Recycle.Bin\S-1-5-21-1648810591-973358973-3872 646014-1000\$RO8EJR1\Acrobat 9.0\Acrobat\Acrobat.dll

I can't find any such directory on my system. I do have my folder options set TO show hidden files and directories, and TO NOT hide file extensions. And I emptied the Recycle bin two days ago after first receiving the PSI warning about the vulnerability of this file. I'm still getting the warning that my system is not secure because of this one file. Everything else is clean.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Vulnerability Detected in Recycle Bin
Handling Contributor 12th Sep, 2010 21:57
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Silly question I know but have U actually opened the Desktop Recycle Bin to check it is not there?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+3
-0
sexauerwl RE: Vulnerability Detected in Recycle Bin
Member 12th Sep, 2010 21:59
Score: 7
Posts: 8
User Since: 12th Sep 2010
System Score: N/A
Location: US
Not silly, a lot of users would not have done that. But I have and the recycle bin is in fact completely empty.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Vulnerability Detected in Recycle Bin
Handling Contributor 12th Sep, 2010 22:02
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
In the toolbox click on OPEN FOLDER - it should show U the file

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
sexauerwl RE: Vulnerability Detected in Recycle Bin
Member 12th Sep, 2010 22:06
Score: 7
Posts: 8
User Since: 12th Sep 2010
System Score: N/A
Location: US
Sorry, I should have mentioned that I've tried that. Hovering over the folder icon shows me the path name, but clicking on it does nothing.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Vulnerability Detected in Recycle Bin
Handling Contributor 12th Sep, 2010 22:11
Score: 11720
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is being troublesome. There is sometimes a slight delay for updating.

Try another full scan - if that does not clear it I would leave this thread open for Secunia to comment tomorrow.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
sexauerwl RE: Vulnerability Detected in Recycle Bin
Member 12th Sep, 2010 22:51
Score: 7
Posts: 8
User Since: 12th Sep 2010
System Score: N/A
Location: US
I reran the system scan, no change. I'll just monitor this thread to see if an answer comes in the next day or so.

Thanks for listening,
Bill
Was this reply relevant?
+0
-0
dracudok RE: Vulnerability Detected in Recycle Bin
Member 12th Sep, 2010 23:42
Score: 42
Posts: 26
User Since: 14th Jun 2009
System Score: 100%
Location: DE
Last edited on 13th Sep, 2010 01:47
Hi sexauerwl,

login to your OS as the user that belongs to the SID S-1-5-21-1648810591-973358973-3872646014-1000 (probably this is the "Administrator"-account) and clear the recycle bin to get rid of the file.

If it is not the administrator account, to find out which user that is, download the tool psgetsid (as part of the pstools) from SysInternals (http://technet.microsoft.com/de-de/sysinternals/bb...).

Open a command prompt and change to the folder where you unzipped the pstools.zip and enter the command

psgetsid S-1-5-21-1648810591-973358973-3872646014-1000

to show you the corresponding user.

dracudok
Was this reply relevant?
+1
-0
sexauerwl RE: Vulnerability Detected in Recycle Bin
Member 13th Sep, 2010 07:56
Score: 7
Posts: 8
User Since: 12th Sep 2010
System Score: N/A
Location: US
OK, I downloaded and ran the PsGetSID program and it told me that the user ID was BILL, which is me. So that does not seem to help any. Nice try though.
Was this reply relevant?
+0
-0
TiMow RE: Vulnerability Detected in Recycle Bin
Dedicated Contributor 13th Sep, 2010 08:30
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Does running a search in Windows Explorer, get you any closer to the location? - make sure hidden files and folders, and sub-folders are checked.

Some forum contributors recommend the use of programs such as RevoUninstaller, to clear out stubborn file remnants. There's obviously some old Acrobat hanging around somewhere.

I personally, have never had cause to use this, and am unfamiliar with it's exact use - but others have reported success in instances such as yours.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-1
mogs RE: Vulnerability Detected in Recycle Bin
Expert Contributor 13th Sep, 2010 08:43
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 13th Sep, 2010 09:01
Hello.
If you do use Revouninstaller; it's got two wonderful tools included....Junk file cleaner and Evidence Remover. The first does exactly as it's name suggests...tho' if it does find anything that might still be in use it will tell you.
The second...Evidence Remover...apparently not all users are aware of the fact that tho' you delete items, they are not really completely removed......ER scans for previously deleted items and removes all trace....freeing some space in the process.
These tools may be found particularly useful for you at the moment.....but Revo has lots of other advantages too.
Hope this helps........regards,

PS You can read more and download from here :-
http://www.revouninstaller.com/
There is a free version and Pro with even more facets.

--
Was this reply relevant?
+0
-1
This user no longer exists RE: Vulnerability Detected in Recycle Bin
Member 13th Sep, 2010 09:50
Hi,

What happens if you enter "C:\$Recycle.Bin\S-1-5-21-1648810591-973358973-387 2 646014-1000\$RO8EJR1\Acrobat 9.0\Acrobat\" in the Start > Run box (for XP) or directly in the Start search bar (For Vista and Win7)?
Was this reply relevant?
+0
-0
sexauerwl RE: Vulnerability Detected in Recycle Bin
Member 13th Sep, 2010 17:55
Score: 7
Posts: 8
User Since: 12th Sep 2010
System Score: N/A
Location: US
Tried that search, no results. Nothing found.
Bill
Was this reply relevant?
+0
-0
Anthony Wells RE: Vulnerability Detected in Recycle Bin
Expert Contributor 13th Sep, 2010 19:12
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Bill ,

This , or at least something similar , has happened to another user a few months ago as per this thread :-

http://secunia.com/community/forum/thread/show/458...

Perhaps something therein might help you .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
This user no longer exists RE: Vulnerability Detected in Recycle Bin
Member 14th Sep, 2010 09:23
Last edited on 14th Sep, 2010 09:23 Hi,

This file does not appear to be located in the regular recycle bin, or opening the path to view the file should have been simple. Have you tried rebooting? It could be the file is stored in a temporary location that is purged on boot.

However, since this program is located in the Recycle bin, it should be harmless. If you wish, you can (at your own risk) ignore this particular file. To do this, first enter Advanced Mode, by clicking "Advanced" in the top right corner.

Then, navigate to the Insecure Tab, where the file in question will be listed. If you click the "+" button next to the detected entry, you will see a button labeled "Ignore Program". If you click this, you will no longer be alerted to this issue.

hope this helps.
Was this reply relevant?
+0
-0
ddmarshall RE: Vulnerability Detected in Recycle Bin
Dedicated Contributor 14th Sep, 2010 17:16
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
You should be able to see this folder if you unhide protected operating system files (different from hidden files). There are two files for each file moved to the recycle bin. The original data which you are detecting and a metadata file which has a similar name except that $RO8EJR1 will be $IO8EJR1. It appears that your metadata has been corrupted.

To delete the entire recycle bin folder and create a new one, follow this procedure:
http://www.vistax64.com/tutorials/131294-recycle-b...

As this is a rather drastic step, make sure you have backup before proceeding.



--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability