Search Relevancy

[Trish]

Yesterday WD detected 'Search Relevancy which I removed. After my scheduled
scan today, it detected the same thing again. I ran Spybot, but that found
nothing. Any suggestions please. Thank you in advance.

 

[Guest]

Yesterday WD detected 'Search Relevancy which I removed. After my scheduled
scan today, it detected the same thing again. I ran Spybot, but that found
nothing. Any suggestions please. Thank you in advance.

Try this link. You will see what Norton recommends.

http://www.symantec.com/security_response/writeup.jsp?docid=2004-121111-2155-99&tabid=3

 

[Trish]

Try this link. You will see what Norton recommends.

http://www.symantec.com/security_response/writeup.jsp?docid=2004-121111-2155-99&tabid=3

Thank you for your help. Norton actually suggests that Search Relevancy is
removed from the Add/Remove programmes, but there is nothing in my
Add/Remove Programmes relating to it. Also I notice that WD lists it as
'Medium' risk, while Norton lists it as 'high'.

 

[Guest]

Hello Trish,

You can go to the System Event log:

Start, Run, eventvwr.msc <enter>

Click on the System event log

Go to View, choose Filter, and choose "windefend" in the source control.

Look for yellow triangle entries that give the precise path and location of
what was detected, and use the button provided to paste the content of the
detection back to a message here.

 

[Trish]

Hi Engle,

Thanks for your help. I have got to "windefend" & the yellow triangles, but
cannot find the 'button provided' that you mention, to paste the content of
detection back to message here. Can you help please.

 

[Guest]

Top right hand side, third button down, looks like 2 "notepad" icons.

?
Tim

 

[Trish]

I must be doing something wrong. I am in 'Event Viewer' for Windefend. There
are no buttons at the top right hand side & nothing that resembles 2
"notepad" icons.

 

[Dave M]

Right click to highlight a specific event you wish to examine and select
properties to show the full Description. Or you can use a free for
personal use third party event viewer here to bypass the archaic Microsoft
viewer:

http://www.eventlogxp.com/

 

[Trish]

Thanks Dave, done it at last.

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 17/02/2007
Time: 10:07:59
User: N/A
Computer: SN037535820319
Description:
Windows Defender scan has detected spyware or other potentially unwanted
software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SearchRelevancy&threatid=15157
Scan ID: {A76C318B-390F-46E7-A00A-904907E33AAF}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\NETWORK SERVICE
Name: SearchRelevancy
ID: 15157
Severity: Medium
Category: Adware
Path Found:
regkey:HKLM\Software\SearchRelevancy;regkey:HKLM\Software\microsoft\windows\currentversion\uninstall\Search
Relevancy;uninstall:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search
Relevancy;file:C:\Program Files\SearchRelevant\uninstall.exe;file:C:\Program
Files\SearchRelevant\uninstall(2).exe;file:C:\temp\SearchRelevancy.exe->(nsis-3-SearchRelevancy.xml);containerfile:C:\temp\SearchRelevancy.exe
Detection Type: Concrete

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.



Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 1006
Date: 18/02/2007
Time: 10:31:41
User: N/A
Computer: SN037535820319
Description:
Windows Defender scan has detected spyware or other potentially unwanted
software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=SearchRelevancy&threatid=15157
Scan ID: {F336E847-A8A3-4B37-84A3-296CAD4BC176}
Scan Type: AntiSpyware
Scan Parameters: Full Scan
User: NT AUTHORITY\NETWORK SERVICE
Name: SearchRelevancy
ID: 15157
Severity: Medium
Category: Adware
Path Found: file:C:\System Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP1020\A0116721.exe;file:C:\System
Volume
Information\_restore{98E46F0A-9DA1-4258-92C4-7CCAE5D21E6E}\RP1020\A0116722.exe
Detection Type: Concrete

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

 

[Guest]

Dave is correct, you must have the event in question "opened".
You can also "double click" to open it [I didn't even know about right click
:-( ]

TimClark

 

[Guest]

The detections are in an archive file (zip type compressed file) which
Defender doesn't remove, since such files could contain other wanted/needed
information, they are in a Restore folder which also isn't touched by
Defender, or they are in a quarantine fºlder.
All occurrences are harmless in that state but could cause a problem if
uncompressed or restºred.

Trish, try this:
• To delete all but the latest restore point on your machine by using the
disk cleanup utility: Go to 'Start > All Programs > Accessories > System
Tools > Disk Cleanup'. Click on Disk Cleanup and click the more options tab
and then click 'Clean up' in the System Restore box.

Restart, and run a scan. Let me know if the detected file show.
-

I hope this post is helpful, but we would highly appreciate it if you could
rate the pºst, so we can keep the community informed and saves somebody
else the hours of trawling through the web trying to find a solution.
-

 

[Trish]

Thank you so much for your help. It's very much appreciated. I have deleted
all but the latest restore points. My scheduled scan is set for tomorrow
morning, so I will let you know how it goes. Thanks again.

 

[Trish]

Hi Engel,

I ran a full scheduled scan this morning & found no problems. Thank you so
much for your help. Much appreciated.

 

[Guest]

Hi Trish,

Thanks for letting us know.
--

Hi Engel,

I ran a full scheduled scan this morning & found no problems. Thank you so
much for your help. Much appreciated.