Threats detected by Ad-Aware SE, KAV 6.0.0.303 failed to detect them? Options

[38 special]

Hello,

I just performed a full system scan using ad-aware with latest definitions released today and it found the following: (also see .jpg attachment)

---------------------------------------------------------------
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
----------------------------------------------------------------

As you can see, four items are rated as 'malware' and other one as 'virus'. After these findings I didn't deleted anything but I close ad-aware and started a full system scan with KAV 6.0.0.303 and its latest virus databases. KAV didn't detect anything!

Six days back I performed full scans with both ad-aware&KAV and my system was clean (btw I'm very cautious about sites I visit).

I know that spyware/adware are not really the business for KAV but..

Should it be a reason to concern about?

Thanks for reading

[Mem]

Looks to be a false positive:
http://www.dslreports.com/forum/remark,16887509

[38 special]

Looks to be a false positive:
http://www.dslreports.com/forum/remark,16887509

Thanks for the link

[zack_21]

Well they don't exactly seem to be false positives,I think Lavasoft still has to research on these findings.

[Piston Ron]

Well they don't exactly seem to be false positives,I think Lavasoft still has to research on these findings.

Many people in the GRC NGs are reporting FPs with the latest Ad-Aware definitions. If you update Ad-Aware, don't let it delete anything for the time being.

Ron

[Piston Ron]

Many people in the GRC NGs are reporting FPs with the latest Ad-Aware definitions. If you update Ad-Aware, don't let it delete anything for the time being.

And from the a.p.s NG, more info:

http://www.dslreports.com/forum/remark,16887509~mode=flat

Ed. Note: It's getting late, I just noticed your link, mem.

Ron

This post has been edited by Piston Ron: 13.09.2006 09:11

[38 special]

If these are FPs then it would be the first ones I see from Lavasoft...

I don't think they release updated definitions without deep research though

[ibok]

Here happens the same with the above mentioned Ad-Aware Removals.
I want to say that if you run F-Secure they found "BACK WEB" as an ad-aware.
And the same happens with Spy Bot and Spy Sweeper.
P.S. Back Web is a COMPONENT of F-Secure.

[Don Pelotas]

If these are FPs then it would be the first ones I see from Lavasoft...

I don't think they release updated definitions without deep research though

Actually, it happens quite often, but that doesn't mean you will see them, but this one is an FP, you can restore files the way CalamityJane recommends in this thread:http://www.dslreports.com/forum/remark,16887509~mode=flat.

[dawgg]

Also, registry keys alone arnt threats.... their corresponding files are threats. seeing as no files have been detected, there's nothing to wory about and kaspersky doesnt scan the registry for threats because there's no real need

[King Grub]

I got the same ones, and I know I don't have them. And why would everyone suddenly get the same trojans in the registry.

[Mem]

SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R123 13.09.2006

This fixes a False Positive in Adware.AdMedia.
This fixes a False Positive in TrojanBackdoor.Serv-U.
This fixes a False Positive in BargainBuddy.
This fixes a False Positive in Win32.Trojan.Agent.
This fixes a False Positive in Win32.Trojan.Downloader.

The MD5 checksum for the defs.ref file is 536bea2c1749341b09b2589bf3cc0143

[Cnon]

Hey All,

Do you need to restore these entries if we deleted them without backing them up?

Cnon

[King Grub]

If you have deleted them, you have deleted perfectly valid keys, and something might not work properly without them.

[King Grub]

The new definition file contains other new false positives, according to DSLReports. I tested it and got one, too, same as the ones reported there:

http://www.dslreports.com/forum/remark,16887509~start=40#end

[Cnon]

Thanks King,

Guess I'll use the Win XP Home system restore and restore those keys.

Cnon

[King Grub]

Those specific keys might also be for services you may never need, but who knows? Difficult to say beforehand, especially when the registry looks like alphabet soup. These keys had something to do with file transfers, if I remember correctly.

[Cnon]

Those specific keys might also be for services you may never need, but who knows? Difficult to say beforehand, especially when the registry looks like alphabet soup. These keys had something to do with file transfers, if I remember correctly.

Well, it isn't affecting my computer so far. Thank Goodness. I have turned on the quar. feature of LS just to be on the safe side though.

PS. Does anyone know if Super Antispyware has had a history of FPS?

Cnon

[Don Pelotas]

PS. Does anyone know if Super Antispyware has had a history of FPS?

Cnon

They all have them from time to time, AV/AT/AS.... doesn't matter which, they all have a few during the year, you should look more at how quickly they are fixed in the updates instead, but SAS have not had one in the couple of months i've used the free version.

[38 special]

SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R123 13.09.2006

This fixes a False Positive in Adware.AdMedia.
This fixes a False Positive in TrojanBackdoor.Serv-U.
This fixes a False Positive in BargainBuddy.
This fixes a False Positive in Win32.Trojan.Agent.
This fixes a False Positive in Win32.Trojan.Downloader.

The MD5 checksum for the defs.ref file is 536bea2c1749341b09b2589bf3cc0143

I just read this on lavasoft forum.

Sorry for starting an off KAV thread but I was really concerned about these findings.

Thanks All