Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Ghost System32 Flash Player

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Flash Player 10.x

This thread has been marked as locked.
nimrod63 Ghost System32 Flash Player
Member 6th Nov, 2010 15:44
Ranking: 0
Posts: 19
User Since: 16th May, 2009
System Score: 100%
Location: UK
PSI insists that I have a Macromedia file in System32 but the only one I can see is the one in Syswow64. PSI identifies the Flash Plugin and Active-X files here correctly. When I ask PSI to open the System32 versions it has identified it tells me that the location is not available. I have uninstalled the Flash Player using their uninstall tool which removes all reference to Flash Player in PSI.
When I reinstall the same files are again identified. Please help me with this problem. I have Windows 7 64 Bit system.

--
Brian

Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 6th Nov, 2010 16:35
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
All Macromedia Flash works from the WOW folder on 64 Bit systems.

Try this:
REMOVE OLD ADOBE (FORMERLY MACROMEDIA) OCX FILES.

If Flash was running when an update was attempted it will not remove all of the old (and vulnerable) files.

To remove these files:

COMPLETELY EXIT (using Task Manager if necessary:

a. All Browsers.
b. Windows Messenger.
c. Incredimail
d. All Adobe products
e. PSI unless using Version 2 BETA.

Now navigate to here:

32 Bit Systems - C:\Windows\system32\Macromedia\Flash

64 Bit Systems - C:\Windows\sysWOW64\Macromedia\Flash

In these locations U may well find these entries:
FLASH10K or other extensions.OCX - Right click & delete it/them.

FLASH10L.OCX - The latest version (10.1.102.64) which should be retained.

Empty the Recycle Bin (or remove any Flash items from the bin) complete a full PSI rescan & all will be in order.

Update 1 11:27 05/11/2010



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 7th Nov, 2010 02:58
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi Maurice,
Thanks for the reply. The thing is that PSI says there is an entry in C:\Windows\System32\Macromedia\Flash but no such entry can be seen so I cannot delete it. When I use the Flash uninstall tool the reference in PSI to Both System32 and Syswow64 is removed. But when I reinstall, both references return even though when I look there is no Macromedia file in System32.
Brian

--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 7th Nov, 2010 11:56
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 7th Nov, 2010 11:59
Brian,
Please confirm that at no time have U installed the BETA version of Flash for 64 Bit systems?
If U have did U also install the 32 Bit BETA as well?


If NOT,with a 64 Bit system there will be no entries in C:\Windows\System32\Macromed\Flash

PSI might point to that directory but in fact all files will be in C:\Windows\sysWOW64\Macromed\Flash by default.

In that location are 4 Flash entries all dated November 2010.

Can U see any with another date stamp? If so delete them.

There should only ONE entry for FLASH10L.OCX

Are there any others ending with .OCX?

If so, these are the files to delete to remove the vulnerability. Before manual deletion U MUST EXIT these programmes otherwise the delete will fail because the files are in use.

a. All Browsers.
b. Windows Messenger.
c. Incredimail
d. All Adobe products
e. PSI unless using Version 2 BETA.






--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 7th Nov, 2010 15:49
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi,
My computer was returned from Mesh repair on 10/10/10 so unless they put a beta version on with the factory software then no beta versions have been installed. I have looked in the SysWOW64\Macromedia\Flash file and I have 7 items listed as follows:-
(1) Flash 10l.ocx
(2) Flash Install
(3) Flash Player.xpt
(4) Flash Util 10l_ActiveX.dll
(5) Flash Util 10l_ActiveX
(6) Flash Util 10l_Plugin
(7) NPSWF32.dll
They are all dated Nov 5th and 1,4,5,6 and 7 are version 10,1.102.64
No version numbers for 2 and 3.
I do not know what they are all for but presume that they are all necessary.
I have nothing else in the Macromedia file.
Brian.

--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 7th Nov, 2010 15:54
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
They look OK to me - clearly U have a Gecko based browser (Firefox) installed as well.

I need to see what PSI is telling U.

FINDING A FILE PATH

ALL PSI VERSIONS EXCEPT VERSION 2 (BETA)


To locate the exact file that the Secunia PSI has detected, use or switch to the ADVANCED interface, then :

1 Click on the + sign of the programme to "expand' it.
2 Click on Technical Details in the Toolbox to see the installation path of the detected file. (Copy (CTRL+C) & paste (CTRL+V) the Installation Path of the file back to the Forum.

PSI VERSION 2 (BETA)

From the DASHBOARD page click on SCAN RESULTS.

1. This will list all your programmes with a + to the left of each one.
2. Click the + sign next to the item that U want help with.
3. This will reveal the path under DETECTED INSTANCES.
4. Highlight it then copy (CTRL+C) then paste (CTRL+V) that path back to the Forum.


Update 7 18:43 02/10/2010




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 7th Nov, 2010 16:27
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi,
I should have mentioned that I am using the 32 bit version Windows Internet Explorer because some add ons do not function in the 64 bit version.
I do not have Firefox on this machine, only 32 and 64 bit versions of Internet Explorer.
Technical details


Technical details about this installation of Adobe Flash Player 10.x, you can use this information to determine why the Secunia PSI detected the program and the security state of it.

Version Detected:
10.1.102.64 (ActiveX)

Installation Path:
C:\Windows\System32\Macromed\Flash\Flash10l.ocx

Last Inspection of Program:
6th Nov. 2010, 1:13 CET

Close
Technical details


Technical details about this installation of Adobe Flash Player 10.x, you can use this information to determine why the Secunia PSI detected the program and the security state of it.

Version Detected:
10.1.102.64 (NPAPI)

Installation Path:
C:\Windows\System32\Macromed\Flash\NPSWF32.dll

Last Inspection of Program:
6th Nov. 2010, 1:13 CET

If I click on the "Open Folder" option I am told this lo0cation is not available.
Brian.



--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 7th Nov, 2010 17:24
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
This file & one other belong to a Gecko based (Firefox etc) browser

C:\Windows\System32\Macromed\Flash\NPSWF32.dll

Can U please uninstall Flash using this link:

http://kb2.adobe.com/cps/141/tn_14157.html - the download U want is dated 4/11/2010.

Save it to DESKTOP. Now close all these:
a. All Browsers.
b. Windows Messenger.
c. Incredimail
d. All Adobe products
e. PSI unless using Version 2 BETA.


Activate the Adobe uninstaller from the desktop. Once it has finished uninstalling complete a FULL rescan of PSI.

If that does not give U a clean bill of health what path does it give to the problem?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 8th Nov, 2010 01:53
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi.
I have done this and now have no references to Flash player. I think I have done all this before only to find when I reinstall that the System32 file references return.
Anyway, Should I now reinstall Flash Player and see what happens?
Brian.

--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 8th Nov, 2010 08:50
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
Now install Flash from here:

http://fpdownload.adobe.com/get/flashplayer/curren...

Run a full PSI scan & all should be in order.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
nimrod63 RE: Ghost System32 Flash Player
Member 8th Nov, 2010 13:23
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
I have done this and now have the four entries you suggested I should have in the Macromedia Flash file. The PSI scan still shows the System32 reference as well as the SysWOW64 one. I have exactly the same problem with Shockwave showing up in System32 even though no file can be located. Perhaps there is a bug in PSI or it is something to do with Windows 7 including 64 bit and 32 bit browsers in the installation. Perhaps I should just ignore it if there is no solution.
Brian.

--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 8th Nov, 2010 17:52
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 8th Nov, 2010 17:52
Brian,
I use IE only with 64 Bit - there are no problems.

By Shockwave do U mean U have the standalone version installed?
If so uninstall it using this guide:

SHOCKWAVE


Before starting to fix Adobe Shockwave do U really require it? Windows works perfectly without this programme which may have been pre installed on the PC at the time of purchase.

If not required just uninstall it completely. If you do have a requirement read on:

1. Uninstall Shockwave for your OS from the clearly marked link here:
http://www.adobe.com/shockwave/download/alternates...

2. Reboot to clear out any left over ocx files. Do not reinstall yet.

Once this is complete what are all the paths to any vulnerability still showing?








--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
nimrod63 RE: Ghost System32 Flash Player
Member 9th Nov, 2010 02:08
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
I know how to uninstall Shockwave, I only mentioned it as additional information.
Whether I use 64 bit or 32 bit browser is again only additional information.
Does any of this address why PSI is showing Flash and Shockwave files that apparently do not exist?
Brian.

--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 9th Nov, 2010 09:25
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
Any information U give is helpful. PSI is showing the files because somehow they have managed to plant themselves on your PC.

We have managed to remove the Flash Gecko files from the PC. For them to get there someone has installed the non IE Flash player.

With or without Shockwave installed what are the paths to all the files that PSI is now showing as vulnerable.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 9th Nov, 2010 16:05
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Last edited on 9th Nov, 2010 16:38
Hi,
I use the 32 bit browser because Adobe Flash, CanonEasy-Webprint and Trusteer Rapport do not have 64 bit browser versions and that's just for starters.
I do not have any vulnerabilities showing up on PSI, just Adobe Flash and Shockwave programs in System 32 and they are not there.
When I ask PSI to open these folders it tells me the location cannot be found which is not surprising because I have looked and they are not there.
Another thing I know is when I manually delete the SysWOW Flash entries and then scan with PSI the System 32 entry has also disappeared even though I have done nothing to it because it cannot be found.
Surely this indicates a problem with the PSI software, you tell me.
Brian.
Maybe I do not need the Shockwave installation but I don't think that is the point.
It is not allowed to set the 64 bit browser as the default in Windows 7, but PSI thinks it is my default. I have seen the post about correcting the Not your Default message, to no avail. Sorry this is off topic.
Brian

--
Brian
Was this reply relevant?
+0
-0
ddmarshall RE: Ghost System32 Flash Player
Dedicated Contributor 9th Nov, 2010 16:39
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
This is starting to look like a problem with junction points. I can remember this causing problems in the past; but I can't think why your two similar systems should behave differently.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 9th Nov, 2010 18:00
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 9th Nov, 2010 18:02
Brian,
Thank U. Nothing U have written is off topic.

The good thing is we have removed the Gecko based files U do not want and there is no vulnerability.

The difference lies it what PSI is telling U & me. I have just reinstalled PSI.

I,like U, only use IE8 on Windows 7 64 Bit which by default uses IE in the 32 Bit mode.

Firstly, Windows Explorer.

If U navigate to here C:\Windows\system32\Macromed\Flash there should not be a folder. If there is it can be safely deleted - I have just completed this action as a result of BETA testing Flash 32 & 64 bit versions with IE9 where it left that dross behind.

C:\Windows\sysWOW64\Macromed\Flash has four files all dated November 2010.

Flash10L.ocx
Flash Install
FlashUtil10L_ActiveX.dll
FlashUtil10L_Active X

I believe we agree that we both have the same?

PSI RESULTS

Under Scan Results is one entry. That entry is C:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx, version 10.1.102.64 (ActiveX)

When U click the open folder it takes U direct to that entry & exposes the four files already mentioned.

I think U are indicating yours behaves differently?

Under the Secure Browsing tab there is two IE entries. IE8 & IE8(64 Bit)

Both browsers show they have Flash "attached" which are patched.

By double clicking on both those entries U get exactly the same result reguarding the install location of the Flash files which is:

C:\Windows\SysWOW64\Macromed\Flash\Flash10l.ocx

Adobe Shockwave also has a Flash element - as U rightly suggest this might not be getting in the way of a resolution.


Interesting to hear what differences we have.











--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
nimrod63 RE: Ghost System32 Flash Player
Member 10th Nov, 2010 02:15
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi,
This is interesting. Where we differ is as follows:-
Under Scan results I have two entries .
(1) C:\Windows\SysWOW64\Macromedia\Flash 10l.ocx
(2) C:\Windows\ System32\Macromedia\Flash 10l.ocx
Under Secure Browsing I have no indication of Flash attached to the 64 bit version but I have the above two entries attached to the 32 bit version.
I have looked at the System32 file and there is no Macromedia folder there.
What I find strange is that if I manually delete the SysWOW64 Macromedia folder,
Both of the Flash entries disappear.
Brian.

--
Brian
Was this reply relevant?
+0
-0
ddmarshall RE: Ghost System32 Flash Player
Dedicated Contributor 10th Nov, 2010 02:31
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 10th Nov, 2010 02:34
So one of you has Macromed and the other has Macromedia in the filename?

Looks like something going on with a junction point or symlink.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 10th Nov, 2010 09:04
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
Which version of PSI are U using? Might be good idea to upgrade to the latest here:

http://secunia.com/community/forum/thread/show/630...

If U have not used the BETA yet the layout/features are explained from the DASHBOARD>LEARN MORE>SECUNIA PSI MANUAL(PDF)

Perfectly stable - the BETA bit is mainly concentrated on auto update that U can switch off.

Try a new scan - has that corrected it.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
nimrod63 RE: Ghost System32 Flash Player
Member 10th Nov, 2010 13:15
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi,
This was a typing error on my part, Thanks for pointing it out. I have Macromed also
Brian

--
Brian
Was this reply relevant?
+0
-0
nimrod63 RE: Ghost System32 Flash Player
Member 10th Nov, 2010 13:24
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi Maurice,
I have version 1.5.0.2
I could try the beta version.
I have a question for you. Why on earth are you showing a Flash entry in the 64 bit browser, this should not be unless you made some kind modification.
You also said you had been using the 64 bit version with no problems but you could not have been viewing Flash content because the 64 bit versiuo was not available.
Could you explain please.
Brian.


--
Brian
Was this reply relevant?
+0
-0
Maurice Joyce RE: Ghost System32 Flash Player
Handling Contributor 10th Nov, 2010 18:05
Score: 11626
Posts: 8,916
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Brian,
Flash in 32 & 64 Bit mode has been available in BETA for some time.

It was created to support IE9 that I also tested for about a fortnight. Now all uninstalled. (As a side issue it will be superb once finalised in early 2011 - at the moment too much "missing" to be on a working platform)A bit of detail here:

http://kb2.adobe.com/cps/000/6b3af6c9.html

I believe PSI sees the 32 Bit Flash in the 32 & (64 Bit Notional) in the Secure Browser section because the 32 Bit element is loaded into the 64 Bit WOW folder by default.

Do not worry about Macromed or Macromedia - same thing just a typo by both of us.

I would give the BETA a try to see if that improves your results. If that does not work I will ask Secunia to look in & comment - I am now just as interested as U!



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Anthony Wells RE: Ghost System32 Flash Player
Expert Contributor 10th Nov, 2010 18:52
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello ,

Excuse my interruption , but this has arisen a few times in the past :-

http://secunia.com/community/forum/thread/show/518...

http://secunia.com/community/forum/thread/show/332...

I still cannot locate another thread I mentioned in the first link when a rather gifted poster was able to explain the situation in more detail .

Hope this is of some use .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
ddmarshall RE: Ghost System32 Flash Player
Dedicated Contributor 10th Nov, 2010 19:30
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Would this be what you were thinking off, Anthony?
http://secunia.com/community/forum/thread/show/325...

I'm not sure how valid this explanation is. It doesn't explain why everybody doesn't experience this. Perhaps interaction with another program is to blame.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Anthony Wells RE: Ghost System32 Flash Player
Expert Contributor 10th Nov, 2010 20:27
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 10th Nov, 2010 20:48
Hi ddm ,

Great minds think alike and fools drink together . Cheers:))

After several searches of the threads , I have just (several minutes ago) found the thread myself and was about to post it .

After reading it several times , I am equally unsure how it really explains the situation ; there are several other threads which refer to the empty folder and in one Maurice refers to a node system which might explain something to someone (too technical for me :()

That's me done , take care all .

Anthony

From the MSDN blog referenced in the thread :-

Also, in addition to the System32 folder, there is a SysWOW64 folder. Contrary to what the names may suggest, 64-bit operating system components and shared libraries go into the System32 folder, while 32-bit operating system components and shared libraries go into the SysWOW64 folder. (There are no typographical errors in this paragraph: 64-bit entities go into the System32 folder, and 32-bit entities go into the SysWOW64 folder.)

As there isn't a 64 bit flash (outside of the Beta) then there is nothing to go in the System 32 folder anyway !??

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 11th Nov, 2010 01:27
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi Anthony,
Your post and references were very interesting. It seems as if this problem has been addressed in the past. I don't understand the comments on the posts you referenced but maybe other people can help on this.
Brian

--
Brian
Was this reply relevant?
+0
-0
nimrod63 RE: Ghost System32 Flash Player
Member 11th Nov, 2010 15:57
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi,
I have installed Beta 1.9.0.5004 and I am more confused now.
The scan shows I have 52 programs patched instead of 71 with yhe previous version. 3 of the missing references are the System 32 Flash and Shockwave entries, so that is good. I do not know what the others are, were they all incorrectly listed?
The Secure browsing shows 13 entries for both 32 and 64 bit versions.
Two of the entries are Adobe Flash and Sun Java and I do not have 64 bit versions of these so that is definitely wrong, I do not know if the other listed items have 32 and 64 bit versions installed.
It looks as if something is in the SysWOW64 file PSI cannot distinguish if it is 32 or 64 bit. Anyway, I am going to reinstall the previous version of PSI. I am used to its quirks. PSI should look into these problems as no one has a solution.
Brian

--
Brian
Was this reply relevant?
+0
-0
Anthony Wells RE: Ghost System32 Flash Player
Expert Contributor 12th Nov, 2010 16:09
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th Nov, 2010 16:13
Hello Brian ,

Nothing to add re the 32/64 Bit problem and Secunia seem not be replying to the threads atm . Probably they'll pick ip again next week .

Re the 1.9.0.5004 Beta , there are probably more programmes detected than ever ; but on the "Results" page , the same programme with more than one entry has all the entries grouped into one display and only "counts" as one . Clicking the [+] sign to the lhs of any entry will expand the entry to display all detected instances . Adding up the #'s should show you pretty close to the 1.5.x totals . The system will show the latest entry and "zombies" which are older files/folders which are "probably" technically insecure but "probably" not available to the bad guys . "End of life" or "Insecure" programmes are moved to the top of the results page display . This is to help the less experienced to not panic by listing the "zombies" as a unique "insecure" entry .

The "overview" tab is now known as the Dashboard and under "learn more" on the lhs is a link to the Secunia PSI Manual (PDF) which is more or less up to date and most useful .

As you use W764 bit , you will find that the latest Beta allows you to view the PSI display as a non-Admin user .

I would suggest you give it a proper try and then come back with a new list of System 32 problem entries . This would help Secunia , you and others to maybe solve the problem . As I said , above , Secunia have not answered many threads this week , but the may pick up again next week .

As it stands , it would be useful to see what the Beta shows and whether it implies a
"security/vulnerabilty" detection risk as such or is merely annoying .

Take care

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 12th Nov, 2010 18:02
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi,
I have now gone back to the previous version but I looked further at the patched programs and found you are correct about how they are grouped together now. I do not like that much. My previous comments about the 64 bit browser stand. It is just wrong.
Only SysWOW64 listings are shown for Flash Player and Shockwave are shown in the patched program list now.
I do not like the way you cannot exit the program from the icon. How on earth do you exit the program.
I do not like the way when I click the icon to show the dashboard an Admin window pops up requiring my permission and then I have to wait for the internet connection to complete, all annoying things.
That is why I have gone back to the previous version. I hope some of these things are changed before the final release.
Brian.

--
Brian
Was this reply relevant?
+0
-0
Anthony Wells RE: Ghost System32 Flash Player
Expert Contributor 12th Nov, 2010 19:16
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th Nov, 2010 19:17
Brian ,

Are you saying that the Ghost System32 non-existent entries have now (correctly) disappeared - if you understand what I mean - and you just have the correct SysWOW64 display ??

The grouping of programme installations grows on you and becomes a [+]ive :))

"Exiting" using the "Close Tray Icon" in the tray icon pop up menu closes the psi.exe process and so shuts down the display and you need to reload from All Programmes (or whatever passes for that in W7) ; but leaves the psia.exe and the sua.exe processes running and showing in Task Manager (or whatever).

If I am correct , then the PSI will launch to the tray for any user and the PSI icon mouseover lets any user see whether there are updates at a glance . Non-launch of the PSI without Admin log-in has been raised as a security black-mark by some/many users . As/when you need access to the Operational bits of the PSI which still need Admin then you get the loading splash screen . I get it as well on my XP SP3 and I'm already logged_in (so to speak) and it is consummately annoying and I now need to remember to minimise to the tray rather than the icon if i wish to avoid constant pain and anguish . I do believe this is an easier process (probably/maybe) for Vista and 7 users regards security . Having said that there does appear to be a bug between the Dashboard % and the Icon mouseover displays for some people which is a major security snafu .

Still it's only a Beta :))

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
nimrod63 RE: Ghost System32 Flash Player
Member 13th Nov, 2010 01:50
Score: 0
Posts: 19
User Since: 16th May 2009
System Score: 100%
Location: UK
Hi Anthony,
Yes, the System 32 entries for Flash Player and Shockwave are now not showing in the patched program list which is as it should be. The 64 bit browser entries are all wrong so it's six of one and half a dozen of the other. There is no exit option offered in the beta version when the icon is right clicked. When the icon is right clicked in 1.5.0.2. the exit option stops the program. There is no obvious way to stop the program running in the beta version which is why I have gone back to the the previous version.
Brian.

--
Brian
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability