riskware found and deleted or is it?

Discussion in 'Malware Help (A Specialist Will Reply)' started by Grumbles, Sep 1, 2007.

  1. Grumbles

    Grumbles Bamboozled Geek

    Hi
    Yesterday as I was running my weekly scans with A-squared free, a threat appeared at the end of the scan :Riskware.downloader.win32.popcap.dll
    At the prompt, I deleted this file. I used the search facility in windows XP to see if there were any traces left and there are 5 different files, though none are .exe files. Today I scanned the PC with A-squared free, AVG free and AVG anti-spyware and their are no threats.
    My question is: As it looks like I have removed the threat, how do I remove all the similarly named files that I found?

    My wife has been downloading scrapbooking graphics from free sites and I reckon that this is where the above named file has come from :(
    She won't be doing this anymore :)

    Please can somebody help in answering this? :)
     
    Grumbles, Sep 1, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    popcap type DLL's are often seen from online gaming and I'm sure other sites use them too. As the message you received indicates, most people do not truly consider them malware. They fit the riskware category which means we don't recommend them as you could be putting yourself at risk by using this or accessing sites using them....etc. Much like P2P programs are not malware (all though some bundle malware) but they are still riskware.

    You will even see Popcap loaders in online MSN games. The may look similar to the below in a HijackThis log
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/p...aploader_v6.cab

    And other sites may look like:
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab

    What file names are you referring to and where are they located? You did not give us any precise information.
     
    chaslang, Sep 1, 2007
    #2
  3. Grumbles

    Grumbles Bamboozled Geek

    Thanks Chas for your prompt reply.
    The following are where the files are:
    Name and folder:
    Popcap C:\Documents and Settings\All users\Application data
    PopcapLoader C:\Documents and Settings\ All users\Application data\Popcap
    popcap title C:\Documents and Settings\ All users\Application data\Popcap\PopcapLoader\zone\rocketmania\images\ActiveX

    PopcapLoaderCtrl Class C:\WINDOWS\downloaded program files
    PopcapLoader Object C:\WINDOWS\downloaded program files

    5 items in total.

    thank you :)
     
    Last edited: Sep 1, 2007
    Grumbles, Sep 1, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The file names are incomplete. Are you showing file extentions or are you hiding them? I assume some are all DLLs. The first and second items are really part of the same folder.

    C:\Documents and Settings\All users\Application data\Popcap

    which is the proper way to show this. And the below is part of the above folder

    C:\Documents and Settings\ All users\Application data\Popcap\PopcapLoader

    So in reality it was three items.

    However as you can see from that list they are related to online downloading and games. Someone must have played RocketMania.
     
    chaslang, Sep 1, 2007
    #4
  5. Grumbles

    Grumbles Bamboozled Geek

    I have the show Hidden Files box checked in Folder options. This is through the Help and Search option in WinXP. Is there another way to search so that the full extension appears?

    Can I just delete them manually, ie Right-click and Remove?

    I have just done another search and only 2 files appear - they are in C:\WINDOWS\Downloaded Program Files. No idea where the others are! maybe CCleaner has removed them!
    Thanks :)
     
    Grumbles, Sep 2, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are more options in step 2 then just that. You need to enable viewing of file extensions.

    Yes and no! You will not really locate the problem files in the Downloaded Program Files folder since Windows cannot really show what is in that folder. What you were seeing in search is not what is really in the folder. Also Search has nothing to do with step 2 of the READ ME. It only enables the hidden files/folders and file extension for use within Windows Explorer windows. It does not program where search will look.

    To properly see file in C:\WINDOWS\Downloaded Program Files you must either use the command prompt or a better alternative to Windows Explorer is: ExplorerXP

    By the way the below explains have to configure Windows's search function to properly search:

    Searching for Hidden Files on WinXP
     
    chaslang, Sep 2, 2007
    #6
  7. Grumbles

    Grumbles Bamboozled Geek

    Okay i have downloaded ExplorerXP and found 2 files - one file pertaining to popcap:at C:\WINDOWS\Downloaded Program files.
    popcaploader.inf 242 bytes and a INF file dated 18/04/05.
    The other one I located is C:\Documents and Settings\ All users\Application data\Popcap\PopcapLoader which is 17.9mb and is connected to games played via MSN Zone. Can I now delete these files from ExplorerXP ?

    Also I have done another Search which includes * Search system folders
    * Search hidden files and folders* Search subfolders and most are shortcuts,saved search or photoshop under Type of File.

    There are other files relating to MSN Gamezone there; so I can delete them permanently with ExploreXP too?
    I was too busy putting the blame on my wife and her Graphics downloads, while all along it was from my previous gaming days on MSN :eek:
    Thanks for your patience :)
     
    Last edited: Sep 3, 2007
    Grumbles, Sep 3, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Anything you don't need can be deleted but always first look for uninstall options first to see if they are installed.
     
    chaslang, Sep 3, 2007
    #8
  9. Grumbles

    Grumbles Bamboozled Geek

    Thanks Chaslang :)
    As always your advice is priceless :)
    Much appreciated
    Steve
     
    Grumbles, Sep 4, 2007
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Sep 4, 2007
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds