Posts Tagged ‘CbEvtSvc.exe’
Download Spyware Doctor To Remove Exploit AdobeReader
Here another interesting yet dangerous infection: Exploit AdobeReader.
Exploit.AdobeReader includes malicious code that permits remote execution of random code on the target computer system. As the host computer's logged-in user, the executed commands will run using those privileges.
Here were a few things I noticed about this remote exploit.
First, it creates a new process called CbEvtSvc.exe. According to threat and exploit authorities the process has a 92% identification rate. Threat Experts declared that in 92% of the cases this process is an infection of your computer system.
Second, it starts itself as a service under the COM+ Event System and its looks to run as a non-svcshost process.
Two steps need to be taken: First remove the exploit using Spyware Doctor Download so that the process and its registry entries are removed. Second read the following bulletin snippet from Adobe:
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Adobe has released the Adobe Reader 9.1 and Acrobat 9.To resolve this issue, you need 1 product update. Upgrade to Adobe Reader 9 if you currently use Adobe Reader and Acrobat 9 - Adobe Recommends.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.
Release date: February 19, 2009
Last Updated: March 24, 2009
Vulnerability identifier: APSA09-01
CVE number: CVE-2009-0658
Platform: All platforms
Summary
This critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.