cancel
Showing results for 
Search instead for 
Did you mean: 
tuenge
Level 7
Report Inappropriate Content
Message 11 of 20

but can Backweb be removed?...

Melboy had already stated that these are Backweb programs... The question is, can they be removed without ill effect? As we go round and round, it seems to me my only choice is to cross my fingers, trust the program so I can zip it and submit for analysis, and then remove it later if it proves malicious. Any other input before I proceed?
melboy
Level 7
Report Inappropriate Content
Message 12 of 20

RE: but can Backweb be removed?...

I don't think the file in itself is malicious. I think it gets flagged as a pup because it has the potential to be used maliciously, should your Pc ever become compromised.
tuenge
Level 7
Report Inappropriate Content
Message 13 of 20

understood

I really appreciate all your help, Melboy -- but that part was already clear.

Backweb doesn't seem to be listed anywhere, neither in "Add or Remove Programs" nor in McAfee's firewall. So I'm not sure there's anything that could be removed, aside from Terminator...
tuenge
Level 7
Report Inappropriate Content
Message 14 of 20

virus total

Paullotion, for what it's worth, the file must still be blocked/locked because Virus Total gave me this error message: "0 bytes size received / Se ha recibido un archivo vacio."
melboy
Level 7
Report Inappropriate Content
Message 15 of 20

RE: virus total

It may be called something other than Backweb.
HP Connections Client??

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&dlc=en&cc=us&docname=c00061410
tuenge
Level 7
Report Inappropriate Content
Message 16 of 20

current status

Well, I opted to trust the file and was immediately presented with a File Change Detected warning from McAfee:

"McAfee has detected a potentially unauthorized file change to your computer.

About this File Change
SystemGuards: Windows Win.ini File
Program: Windows® installer
Location: C:\WINDOWS\system32\msiexec.exe

Spyware, adware, and other potentially unwanted programs can make changes to the Win.ini file, allowing suspect programs to run when you start your computer."

Thoughts?...

And to address your last post, Melboy, I had already removed all HP programs that were shown in the Add or Remove Programs list...

Thanks again for your patience...
tuenge
Level 7
Report Inappropriate Content
Message 17 of 20

avert labs response

Here's the response from Avert Labs:

"Analysis ID: 4877199
Name Findings Detection Type Extra
terminator.exe current detection generic pup.x Application no

current detection [ terminator.exe ]
Our analysis detected a potentially unwanted program or joke program with our current DAT files and engine. It is recommended that you update your DAT and engine files and scan your computer again.
If you are not seeing this with the product you are using, please speak with technical support so that they can help you determine the cause of this discrepancy."
tuenge
Level 7
Report Inappropriate Content
Message 18 of 20

virus total response

...and here's the Virus Total summary:

"File Terminator.exe received on 10.11.2008 01:38:25 (CET)
Current status: finished
Result: 15/36 (41.67%)"

...so what's next?
Highlighted
melboy
Level 7
Report Inappropriate Content
Message 19 of 20

RE: virus total response

Quote Matt Gerras: "It is only used by installer programs when you re-install a piece of software, using the Application Recovery feature. It can be used to close one program and that's how the installer uses it. For example, if you want to re-install WinDVD, the installer might first call Terminator, asking it to close WinDvd (if it is running), before trying to re-install it."

That would probably explain the association with the SystemGuard warning about Windows® installer (C:\WINDOWS\system32\msiexec.exe) upon restoring that file.



Did you know exactly what it was you were removing? Is there a possibility you have already removed the program that contained/used terminator.exe, whilst it was in Mcafee's quarantine, therefore the file upon restoration doesn't have the program it is associated with?
Never delete or remove anything, unless your 100% sure of what it is your deleting/removing. 😉

If you want a second opinon to relieve any fears you might have about your system being infected in any way, try running this and this
melboy
Level 7
Report Inappropriate Content
Message 20 of 20

RE: I get nervous when things don't behave as expected...

This has had detections in the past by different security app's such as "Potentially unwanted tool/program", "Hack.tool", "Risk.tool" etc.

Mcafee: This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

After considering any information you have to hand, ultimately it will be you and you only that can make the decision on whether or not to have this on your system.

Google it for more info, if required.