Panda Security Forum

Hi,
I downloaded Farbar Recovery Scan Tool FRST64.exe and CKScanner.exe .
FRST64.exe has been declared a trojan and was deleted, CKScanner.exe quarantained.

Do these scanners produce false positives ?

Then, I get a series of malware attacks from URL: http://b.voicefive.com which are all blocked. Good.
I don't understand what the reasons of these attacks are. I don't think ever to have visited this site.

Another attack comes with Phishing and Fraud attempts from URL: http://p.liadm.com/imp?s=66139&t=newsle ... 2.02.01.22
I don't see which newsletter I could have subscribed to that comes from this address.
There are no processes with URLs linked to this address.

The process monitor shows no processes with medium or high threat levels and no blocked processes, since months.

Can any of these attacks be responsible for the slowing down of my pc ?

Thanks in advance
- ftr

To eliminate any malware threat which might slow down the pc - and it got slow - I ran Panda Cloud Cleaner.

The results are first: Panda Cloud Cleaner did not find any malware threats. Great.
Second, looking into the results in detail, several points to puzzle:

- suspicious policies
How can I know which of the policies should be cleaned ? In particular, because you can't which entries are suspect because the addresses are longer than the window showing it.

- unknown autorun elements:
PCC found THPSRV.exe , but this is a false positive: this is the Toshiba HDD protection device. So, this should not be shown as something suspicious

- Send file to Panda (in the advanced tools):
How to select a file to send to panda when there is no information on the whereabouts of the log file and on its name (as you need to search for it) ?? It would be helpful to have these informations already prefilled as Panda knows best where the file to be send it located.

- Cleaning
If I understand well the current options are : clean nothing, or clean everything.
Right ?
But I need to retain HPSRV.EXE, the Toshiba HDD protection service.
So, how can I deleted only parts ?

TIA
-ftr

ftr wrote:- suspicious policies
How can I know which of the policies should be cleaned ? In particular, because you can't which entries are suspect because the addresses are longer than the window showing it.

If you click the policy, you can see the full path at the bottom

ftr wrote:- unknown autorun elements:
PCC found THPSRV.exe , but this is a false positive: this is the Toshiba HDD protection device. So, this should not be shown as something suspicious

It doesn't necessarily mean that it is malware, it is a file that is unknown to our knowledge
If you know that its safe because it belogs to Toshiba software, you can uncheck it from the list of elements to be cleaned

ftr wrote:- Send file to Panda (in the advanced tools):
How to select a file to send to panda when there is no information on the whereabouts of the log file and on its name (as you need to search for it) ?? It would be helpful to have these informations already prefilled as Panda knows best where the file to be send it located.

This option is designed to send suspicious files to our laboratory, not the scan logs

ftr wrote:- Cleaning
If I understand well the current options are : clean nothing, or clean everything.
Right ?
But I need to retain HPSRV.EXE, the Toshiba HDD protection service.
So, how can I deleted only parts ?

When the scan is fisnished click on one o the options to show the full list of detected elememts
There you can decide what to clean or not, just check check it or not



About the URLs mentioned:
http://p.liadm.com is related to Amazon
http://b.voicefive.com is related to scorecardresearch, check if you have any related software installed

Closed due to lack of response
TOPIC CLOSED