Sign in to follow this  
soilentgreen

explanation about detection by EIS

Recommended Posts

This is the source:

C:\Users\VEGAN\AppData\Local\Mozilla\Firefox\Profiles\azlr6in0.default\cache2\entries\0216AE769E2CAE055107BF2FAAEB6A49A6D32194

And the detection:

Exploit.CVE-2011-2140.Gen (B)

I've been surfing  Facebook , Youtube and suddenly EIS detected it.

1) What is Exploit.CVE-2011-2140.Gen (B)?

2) EIS quarantined it. Do I need to do something except scanning my computer?

My Adobe Flash Player is up to date, and it supposed to solve the secure problem: " This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-2140). " .

From  adobe web.

Thanks.

Share this post


Link to post
Share on other sites

According to Microsoft it is malware that attempts to exploit a vulnerability in Adobe Flash Player. The vulnerability in question is CVE-2011-2140, and the .Gen on the end of the name means it is a "generic" (or "heuristic") detection. Only Adobe Flash Player version 10.3.181.36 (and older) is effected, and if you have the latest version of the Adobe Flash Player installed then everything is fine. You can get the latest version of Adobe Flash Player from this link (be sure to uncheck any optional offers), although it should automatically update itself.

The file in question was in the Firefox cache, and was more than likely some sort of embeded content on a malicious website you visited, or in a malicious advertisement on an otherwise legitimate website. The odds are that nothing else needs to be done, however it will depend on the results of the scan and whether or not anything seems different about your computer.

Share this post


Link to post
Share on other sites

Thank you for your explanation, Arthur.

It weird because my Adobe Flash Player was up to date and even though this malicious malware succeeded to attack.

The scan was fine, but can you suggest me any tool (like the one the employees of Emsisoft suggest in case of infection) to approve anything is fine?

Thank you.

Share this post


Link to post
Share on other sites

It didn't actually succeed in its attack, it was just a file in your browser's cache. Everything that appears on a website gets temporarily saved in your web browser's cache, and in the cache it is harmless.

 

9 hours ago, soilentgreen said:

The scan was fine, but can you suggest me any tool (like the one the employees of Emsisoft suggest in case of infection) to approve anything is fine?

Sure. 

Lets get a log from FRST, and see what it shows. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your Downloads folder, so in those cases please move the download to your desktop):

For 32-bit (x86) editions of Windows:

For 64-bit (x64) editions of Windows:

Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version.

  1. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select Run as administrator).
  2. When the tool opens click Yes for the disclaimer in order to continue using FRST.
  3. Press the Scan button.
  4. When the scan is done, it will save a log as a Text Document named FRST in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there).
  5. Please attach the FRST log file to a reply using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  6. The first time the FRST tool is run it saves another log (a Text Document named Addition - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply.

Share this post


Link to post
Share on other sites
15 hours ago, GT500 said:

It didn't actually succeed in its attack, it was just a file in your browser's cache. Everything that appears on a website gets temporarily saved in your web browser's cache, and in the cache it is harmless.

I meant that although I used the latest version  of Adobe Flash Player, my computer was attacked and without High quality of anti malware like EIS, the attack probably would have succeeded.

15 hours ago, GT500 said:

Please attach the FRST log file

Thank you.

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites
10 hours ago, soilentgreen said:

I meant that although I used the latest version  of Adobe Flash Player, my computer was attacked and without High quality of anti malware like EIS, the attack probably would have succeeded.

It is common for computers to be attacked on the Internet. The detected file would not have been able to do any harm to a computer with the latest version of Adobe Flash Player installed. Note that there is a very big difference between a malicious file being saved somewhere on your computer's hard drive (since your web browser caches everything it loads in webpages automatically this is going to happen), and the computer actually being infected.

 

From the logs, your system looks clean. I don't think there's anything to worry about. ;)

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.