soilentgreen 1 Posted April 17, 2017 Report Share Posted April 17, 2017 This is the source: C:\Users\VEGAN\AppData\Local\Mozilla\Firefox\Profiles\azlr6in0.default\cache2\entries\0216AE769E2CAE055107BF2FAAEB6A49A6D32194 And the detection: Exploit.CVE-2011-2140.Gen (B) I've been surfing Facebook , Youtube and suddenly EIS detected it. 1) What is Exploit.CVE-2011-2140.Gen (B)? 2) EIS quarantined it. Do I need to do something except scanning my computer? My Adobe Flash Player is up to date, and it supposed to solve the secure problem: " This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2140). " . From adobe web. Thanks. Quote Link to post Share on other sites
GT500 884 Posted April 18, 2017 Report Share Posted April 18, 2017 According to Microsoft it is malware that attempts to exploit a vulnerability in Adobe Flash Player. The vulnerability in question is CVE-2011-2140, and the .Gen on the end of the name means it is a "generic" (or "heuristic") detection. Only Adobe Flash Player version 10.3.181.36 (and older) is effected, and if you have the latest version of the Adobe Flash Player installed then everything is fine. You can get the latest version of Adobe Flash Player from this link (be sure to uncheck any optional offers), although it should automatically update itself. The file in question was in the Firefox cache, and was more than likely some sort of embeded content on a malicious website you visited, or in a malicious advertisement on an otherwise legitimate website. The odds are that nothing else needs to be done, however it will depend on the results of the scan and whether or not anything seems different about your computer. Quote Link to post Share on other sites
soilentgreen 1 Posted April 18, 2017 Author Report Share Posted April 18, 2017 Thank you for your explanation, Arthur. It weird because my Adobe Flash Player was up to date and even though this malicious malware succeeded to attack. The scan was fine, but can you suggest me any tool (like the one the employees of Emsisoft suggest in case of infection) to approve anything is fine? Thank you. Quote Link to post Share on other sites
GT500 884 Posted April 19, 2017 Report Share Posted April 19, 2017 It didn't actually succeed in its attack, it was just a file in your browser's cache. Everything that appears on a website gets temporarily saved in your web browser's cache, and in the cache it is harmless. 9 hours ago, soilentgreen said: The scan was fine, but can you suggest me any tool (like the one the employees of Emsisoft suggest in case of infection) to approve anything is fine? Sure. Lets get a log from FRST, and see what it shows. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop): For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator). When the tool opens click Yes for the disclaimer in order to continue using FRST. Press the Scan button. When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there). Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls. The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply. Quote Link to post Share on other sites
soilentgreen 1 Posted April 19, 2017 Author Report Share Posted April 19, 2017 15 hours ago, GT500 said: It didn't actually succeed in its attack, it was just a file in your browser's cache. Everything that appears on a website gets temporarily saved in your web browser's cache, and in the cache it is harmless. I meant that although I used the latest version of Adobe Flash Player, my computer was attacked and without High quality of anti malware like EIS, the attack probably would have succeeded. 15 hours ago, GT500 said: Please attach the FRST log file Thank you. Addition.txt FRST.txt Quote Link to post Share on other sites
GT500 884 Posted April 20, 2017 Report Share Posted April 20, 2017 10 hours ago, soilentgreen said: I meant that although I used the latest version of Adobe Flash Player, my computer was attacked and without High quality of anti malware like EIS, the attack probably would have succeeded. It is common for computers to be attacked on the Internet. The detected file would not have been able to do any harm to a computer with the latest version of Adobe Flash Player installed. Note that there is a very big difference between a malicious file being saved somewhere on your computer's hard drive (since your web browser caches everything it loads in webpages automatically this is going to happen), and the computer actually being infected. From the logs, your system looks clean. I don't think there's anything to worry about. 1 Quote Link to post Share on other sites
soilentgreen 1 Posted April 26, 2017 Author Report Share Posted April 26, 2017 Thank you very much for your help. Quote Link to post Share on other sites
GT500 884 Posted April 26, 2017 Report Share Posted April 26, 2017 You're welcome. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.