Over the last two months when I run scans several of the programs I use detect Systweak as unwanted and potential adware generator. Two of wich are Emistoft and AdvCleaner not sure which others also did.
Those programs both delete the folder in All Users - Applications and two registry keys But it eventually keeps coming back. I have been checking at first after starting every two or three applications and now every couple hours and it is still gone but this has happened 5 - 7 times. I forget about it and then when I run AdvCleaner or one of the anti malware programs there it is again. Not sure what or what site might be doing it.
Is there a program that I can run in the background and let me know when the Systweak folder is generated and the events just prior.
I don’t really know any programs that does it the way you want it to but here is how I would personally go about it with CIS.
[ol]- Using AdvCleaner or other program that detects it I would see what folder is deleted/quarantined and then when it comes back I’d look inside it to see the name of the files.
Get the name of one file and write down the full path including filename and file extension, I’d recommend picking a file that is not necessary for AdvCleaner to detect it, so perhaps if it has a .dll file etc I’d pick that over an .exe file.
Use AdvCleaner or other program to delete/quarantine the folder.
Add the file you wrote down to the Blocked Files list in HIPS.
Scan with AdvCleaner regularly until it detects the infection again.
Check the CIS logs for Defense+ and find the log that says something like X application - Create file - C:\blah\blah\filename.fileextension | You now know what program tried to create it.[/ol]
I’m not sure that helps you but might as well throw it in there in case it does.
Just wanted to clarify something first
Either cross eyed glasses or typo on my part but the software is adwcleaner not adv
Trying to watch closely but it happened again. Last checked two hours ago then went to use the cleaner and it said it needed to be updated. Went to BleepingComputer to download the file and there was Systweaks after the scan.
Instead of All Users - Applications it now was in MyDirectory - Applications Looked inside the Systweak folder and there was an empty folder named PC Cleaner after deleting the folder and 2 registry keys scanned both files and registry keys for both names and nothing.
It was one of the two programs I use to scan my PC to see if any software needs to be updated. I then usually use that programs check for updates or go to the authors site.
The app was Download App (Download.com) powered by C\Net ver. 1.6.2.130 [at]2013 CBS Interactive
After the scan was done checking for software updates the Systweak folder and registry keys were present. Oh the empty folder found inside “PC Cleaner” was one of the two utilities it was trying to promote, When I ran Revo in full uninstall mode it did not touch Systweak.
Both programs I ran to check on software updates had programs that they said needed to be updated but not the authors sites.
The other program I use is File Hippos “Update Checker”.
Several decades back, Cnet had a program called CheckUp which did more and gave you an option to download from the authors site.
Let me know if you have a program or app I can run on this XP desktop.