Avast WEBforum
Other => Viruses and worms => Topic started by: Misuzu on June 22, 2010, 01:05:16 PM
-
I have a new process I once again don't remember:
consent.exe
I did a up-to-date MBAM quick scan and it found nothing.
I couldn't find it on this website: http://www.what-is-exe.com/
This is just a quick question
Thanks.
EDIT: Okay I clicked on the process and picked "Preform Administrative Task" (Or something similar) and it came up with another "Task Manager List" of Processes and it said it was created on early Junuary 2008 and it was some sort of SYSTEM file, so I'd imagine it's safe.
But can anyone confirm?
EDIT: Okay I researched it and apparently consent.exe has a malware-version of it. Though I don't know what consent.exe really does (Normal version and Malware version). But my cursor did show the "loading" icon for a longer period of time than normal... I don't know, maybe I'm just paranoid.
Okay I found where it is: C:\Windows\System32
I added a picture of it below.
P.S. I only can "Preform Administrative Task" on it in the Task Manager. (After I do "Preform Administrative Task" however, it lets me do other things with it)
-
Check the file at virustotal.com
asyn
-
Here's what I got:
http://www.virustotal.com/reanalisis.html?a77dd8a8d8a562b54321c60812c7c77387e88cacbfa4e8911f1f7e010410a1be-1277208001
http://www.virustotal.com/analisis/a77dd8a8d8a562b54321c60812c7c77387e88cacbfa4e8911f1f7e010410a1be-1276800400
What does this mean?
Anyway, consent.exe is gone now after restarting the computer...
-
1. What does this mean?
2. Anyway, consent.exe is gone now after restarting the computer...
1. Be happy. It seems clean..! ;)
2. Good news for you, I guess..!??
asyn
-
http://lmgtfy.com/?q=consent.exe
there is also some malware using the name, as seen in the search above....
http://spywarefiles.prevx.com/RRHJID405482/CONSENT.EXE.html
-
AGAIN
Sorry for being off topic, but Avast! just detected "mbamswissarmy.sys" as a rootkit again. ::)
This is a FP right? I just chose to "Ignore" it. But I thought I added it to exclusions. (Check my last topic here (http://forum.avast.com/index.php?topic=60919.0).)
@Pondus:
Are you saying the consent.exe I have is malware? Or are you just posting information about it?
Thanks for the replies.
-
Sorry for being off topic, but Avast! just detected "mbamswissarmy.sys" as a rootkit again. ::)
This is a FP right?
Yes, afaik..!
asyn
-
Are you saying the consent.exe I have is malware?
you just scanned your version at virustotal, and it came out clean.....
Or are you just posting information about it?
yes
-
clicking rescan i get this
VirusTotal - consent.exe - 0/41
http://www.virustotal.com/analisis/a77dd8a8d8a562b54321c60812c7c77387e88cacbfa4e8911f1f7e010410a1be-1277208001
if you scroll down to the end you find this
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Consent UI for administrative applications
original name: consent.exe
internal name: consent
file version.: 6.0.6001.18000 (longhorn_rtm.080118-1840)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
if it was malware i dont think you will find that there.....
-
Hi Misuzu,
Just consider these info
http://spywarefiles.prevx.com/RRHJID405482/CONSENT.EXE.html
http://www.technologyquestions.com/technology/windows-vista/132192-consent-exe.html
There is a MalWare version of Consent.exe
Right Click ALL of the ones you find and look for
Microsoft details in Properties
Comment found: "ten consent.exe skanowałem też poleconym prevx i jest ok tzn czysto. Wobec tego zezwolic na dostęp do sieci bo zapora co uruchomienie peceta to komunikuje ,że zablokowała dostęp do sieci consent.exe"
translated: "this consent.exe scanned through Prevx and it is ok, that means clean. Therefore allow access to the network because the firewall at the PC to run it communicates that it has blocked access to the network for consent.exe",
polonus
-
Okay thanks guys. :)
Hi Misuzu,
Just consider these info
http://spywarefiles.prevx.com/RRHJID405482/CONSENT.EXE.html
http://www.technologyquestions.com/technology/windows-vista/132192-consent-exe.html
There is a MalWare version of Consent.exe
Right Click ALL of the ones you find and look for
Microsoft details in Properties
Comment found: "ten consent.exe skanowałem też poleconym prevx i jest ok tzn czysto. Wobec tego zezwolic na dostęp do sieci bo zapora co uruchomienie peceta to komunikuje ,że zablokowała dostęp do sieci consent.exe"
translated: "this consent.exe scanned through Prevx and it is ok, that means clean. Therefore allow access to the network because the firewall at the PC to run it communicates that it has blocked access to the network for consent.exe",
polonus
Are there several consent.exe on the computer? Or shouldn't there be?
I know I checked the new Windows 7 computer and it had two consent.exe on it, as well as something called consent.mui but that's another story. :P
If I find more consent.exe, should I scan them with my programs (Avast!/MBAM) or with Virustotal?
However,
From what I can understand (Sorry, my malware knowledge is limited) I have no malware and my consent.exe is totally safe.
Thanks for the help again guys. :)
-
1. If I find more consent.exe, should I scan them with my programs (Avast!/MBAM) or with Virustotal?
2. From what I can understand (Sorry, my malware knowledge is limited) I have no malware and my consent.exe is totally safe.
3. Thanks for the help again guys. :)
1. If you fear an infection, you can do so...
2. Yes. At least the one you scanned on VT...
3. You're welcome..!
asyn
-
No malware or anything, but I just got the warning about rootkits again and it's the same old file, mbamswissarmy.sys. I added it to the exclusions but I guess I didn't do it right.
Has Avast! not fixed this FP yet?
-
Did you add it to both exclusion lists?
One is in main settings and another in the file system shield expert settings.
edit: nvm, I see you went through that part already
-
Sorry for reviving the thread, but it happened again. :P
I just picked "Do not tell me about this rootkit in the future".
Obviously Avast! hasn't fixed this issue yet?
-
Sorry for reviving the thread, but it happened again. :P
I just picked "Do not tell me about this rootkit in the future".
Obviously Avast! hasn't fixed this issue yet?
Then follow the Essexboy guide and attach all the log`s to your next reply
http://forum.avast.com/index.php?topic=53253.0
-
Sorry for reviving the thread, but it happened again. :P
I just picked "Do not tell me about this rootkit in the future".
Obviously Avast! hasn't fixed this issue yet?
Then follow the Essexboy guide and attach all the log`s to your next reply
http://forum.avast.com/index.php?topic=53253.0
Thanks for the reply, but I'm pretty sure it's a FP right?
It's just the mbamswissarmy.sys file it keeps detecting. I have scanned several times recently (As in around every day/3 days) with both Avast! and MBAM and both find nothing. My Windows Defender and BitDefender Quick Scan also does not find anything.
I think it's just a FP? What do you guys think?
Don't worry, I won't go into a "deep discussion" about this, because I'm ALMOST 100% sure this is a FP.
-
I think it's just a FP? What do you guys think?
See reply #6... ;)
asyn
-
I think it's just a FP? What do you guys think?
See reply #6... ;)
asyn
Oh yes, sorry. :P
All right, I think I've posted to much in this thread and I'm having no malware trouble or anything right now.
So yeah, I won't be posting in this topic anymore.
Thanks for all your help guys! :)
-
Oh yes, sorry. :P
All right, I think I've posted to much in this thread and I'm having no malware trouble or anything right now.
So yeah, I won't be posting in this topic anymore.
Thanks for all your help guys! :)
No problem..! ;)
asyn