IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Threats detected by Ad-Aware SE, KAV 6.0.0.303 failed to detect them?
38 special
post 13.09.2006 04:29
Post #1


Advanced Member II
****

Group: Members
Posts: 338
Joined: 18.08.2005




Hello,

I just performed a full system scan using ad-aware with latest definitions released today and it found the following: (also see .jpg attachment)

---------------------------------------------------------------
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
----------------------------------------------------------------

As you can see, four items are rated as 'malware' and other one as 'virus'. After these findings I didn't deleted anything but I close ad-aware and started a full system scan with KAV 6.0.0.303 and its latest virus databases. KAV didn't detect anything!

Six days back I performed full scans with both ad-aware&KAV and my system was clean (btw I'm very cautious about sites I visit).

I know that spyware/adware are not really the business for KAV but..

Should it be a reason to concern about?

Thanks for reading
Go to the top of the page
 
+Quote Post
Mem
post 13.09.2006 04:43
Post #2


Advanced Member III
*****

Group: Members
Posts: 632
Joined: 14.04.2005
From: USA




Looks to be a false positive:
http://www.dslreports.com/forum/remark,16887509
Go to the top of the page
 
+Quote Post
38 special
post 13.09.2006 05:09
Post #3


Advanced Member II
****

Group: Members
Posts: 338
Joined: 18.08.2005




QUOTE(Mem @ 12.09.2006 19:43)

Thanks for the link smile.gif
Go to the top of the page
 
+Quote Post
zack_21
post 13.09.2006 07:46
Post #4


Advanced Member I
***

Group: Members
Posts: 69
Joined: 26.02.2006




Well they don't exactly seem to be false positives,I think Lavasoft still has to research on these findings.
Go to the top of the page
 
+Quote Post
Piston Ron
post 13.09.2006 08:49
Post #5


Kaspersky Fan I
********

Group: Members
Posts: 1479
Joined: 25.04.2005
From: Lebanon, Ohio




QUOTE(zack_21 @ 12.09.2006 23:46)
Well they don't exactly seem to be false positives,I think Lavasoft still has to research on these findings.
*

Many people in the GRC NGs are reporting FPs with the latest Ad-Aware definitions. If you update Ad-Aware, don't let it delete anything for the time being.

Ron smile.gif
Go to the top of the page
 
+Quote Post
Piston Ron
post 13.09.2006 09:09
Post #6


Kaspersky Fan I
********

Group: Members
Posts: 1479
Joined: 25.04.2005
From: Lebanon, Ohio




QUOTE(Piston Ron @ 13.09.2006 00:49)
Many people in the GRC NGs are reporting FPs with the latest Ad-Aware definitions. If you update Ad-Aware, don't let it delete anything for the time being.
*

And from the a.p.s NG, more info:

http://www.dslreports.com/forum/remark,16887509~mode=flat

Ed. Note: It's getting late, I just noticed your link, mem.

Ron smile.gif

This post has been edited by Piston Ron: 13.09.2006 09:11
Go to the top of the page
 
+Quote Post
38 special
post 13.09.2006 09:26
Post #7


Advanced Member II
****

Group: Members
Posts: 338
Joined: 18.08.2005




If these are FPs then it would be the first ones I see from Lavasoft...

I don't think they release updated definitions without deep research though blink.gif
Go to the top of the page
 
+Quote Post
ibok
post 13.09.2006 10:43
Post #8


Kaspersky Fan II
*********

Group: Members
Posts: 2178
Joined: 7.08.2005
From: Dark Side of the Moon-Athens Hellas (Greece)




Here happens the same with the above mentioned Ad-Aware Removals.
I want to say that if you run F-Secure they found "BACK WEB" as an ad-aware.
And the same happens with Spy Bot and Spy Sweeper.
P.S. Back Web is a COMPONENT of F-Secure.


--------------------
“Kill a man, and you are a murderer. Kill millions of men, and you are a conqueror. Kill everyone, and you are a god.”
Jean Rostand (1894 - 1977)
Go to the top of the page
 
+Quote Post
Don Pelotas
post 13.09.2006 11:04
Post #9


Global Moderator
****************

Group: Global moderators

Posts: 28886
Joined: 7.04.2005




QUOTE(38 special @ 13.09.2006 07:26)
If these are FPs then it would be the first ones I see from Lavasoft...

I don't think they release updated definitions without deep research though blink.gif
*

Actually, it happens quite often, but that doesn't mean you will see them, but this one is an FP, you can restore files the way CalamityJane recommends in this thread:http://www.dslreports.com/forum/remark,16887509~mode=flat.


--------------------
Go to the top of the page
 
+Quote Post
dawgg
post 13.09.2006 11:35
Post #10


Forum Elite
**************

Group: Moderators
Posts: 9305
Joined: 6.04.2006
From: London




Also, registry keys alone arnt threats.... their corresponding files are threats. seeing as no files have been detected, there's nothing to wory about and kaspersky doesnt scan the registry for threats because there's no real need
Go to the top of the page
 
+Quote Post
King Grub
post 13.09.2006 12:25
Post #11


Kaspersky Fan I
********

Group: Members
Posts: 1585
Joined: 4.04.2006
From: Sweden




I got the same ones, and I know I don't have them. And why would everyone suddenly get the same trojans in the registry.
Go to the top of the page
 
+Quote Post
Mem
post 13.09.2006 13:32
Post #12


Advanced Member III
*****

Group: Members
Posts: 632
Joined: 14.04.2005
From: USA




SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R123 13.09.2006

This fixes a False Positive in Adware.AdMedia.
This fixes a False Positive in TrojanBackdoor.Serv-U.
This fixes a False Positive in BargainBuddy.
This fixes a False Positive in Win32.Trojan.Agent.
This fixes a False Positive in Win32.Trojan.Downloader.

The MD5 checksum for the defs.ref file is 536bea2c1749341b09b2589bf3cc0143
Go to the top of the page
 
+Quote Post
Cnon
post 13.09.2006 13:37
Post #13


Advanced Member II
****

Group: Members
Posts: 464
Joined: 17.04.2006




Hey All,

Do you need to restore these entries if we deleted them without backing them up?

Cnon
Go to the top of the page
 
+Quote Post
King Grub
post 13.09.2006 15:14
Post #14


Kaspersky Fan I
********

Group: Members
Posts: 1585
Joined: 4.04.2006
From: Sweden




If you have deleted them, you have deleted perfectly valid keys, and something might not work properly without them.
Go to the top of the page
 
+Quote Post
King Grub
post 13.09.2006 15:17
Post #15


Kaspersky Fan I
********

Group: Members
Posts: 1585
Joined: 4.04.2006
From: Sweden




The new definition file contains other new false positives, according to DSLReports. I tested it and got one, too, same as the ones reported there:

http://www.dslreports.com/forum/remark,16887509~start=40#end
Go to the top of the page
 
+Quote Post
Cnon
post 13.09.2006 17:59
Post #16


Advanced Member II
****

Group: Members
Posts: 464
Joined: 17.04.2006




Thanks King,

Guess I'll use the Win XP Home system restore and restore those keys.

Cnon
Go to the top of the page
 
+Quote Post
King Grub
post 13.09.2006 18:05
Post #17


Kaspersky Fan I
********

Group: Members
Posts: 1585
Joined: 4.04.2006
From: Sweden




Those specific keys might also be for services you may never need, but who knows? Difficult to say beforehand, especially when the registry looks like alphabet soup. tongue.gif These keys had something to do with file transfers, if I remember correctly.
Go to the top of the page
 
+Quote Post
Cnon
post 13.09.2006 18:36
Post #18


Advanced Member II
****

Group: Members
Posts: 464
Joined: 17.04.2006




QUOTE(King Grub @ 13.09.2006 08:05)
Those specific keys might also be for services you may never need, but who knows? Difficult to say beforehand, especially when the registry looks like alphabet soup. tongue.gif These keys had something to do with file transfers, if I remember correctly.
*


Well, it isn't affecting my computer so far. Thank Goodness. I have turned on the quar. feature of LS just to be on the safe side though.

PS. Does anyone know if Super Antispyware has had a history of FPS?

Cnon
Go to the top of the page
 
+Quote Post
Don Pelotas
post 13.09.2006 18:50
Post #19


Global Moderator
****************

Group: Global moderators

Posts: 28886
Joined: 7.04.2005




QUOTE(Cnon @ 13.09.2006 16:36)
PS. Does anyone know if Super Antispyware has had a history of FPS?

Cnon
*

They all have them from time to time, AV/AT/AS.... doesn't matter which, they all have a few during the year, you should look more at how quickly they are fixed in the updates instead, but SAS have not had one in the couple of months i've used the free version.


--------------------
Go to the top of the page
 
+Quote Post
38 special
post 13.09.2006 21:40
Post #20


Advanced Member II
****

Group: Members
Posts: 338
Joined: 18.08.2005




QUOTE(Mem @ 13.09.2006 04:32)
SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R123 13.09.2006

This fixes a False Positive in Adware.AdMedia.
This fixes a False Positive in TrojanBackdoor.Serv-U.
This fixes a False Positive in BargainBuddy.
This fixes a False Positive in Win32.Trojan.Agent.
This fixes a False Positive in Win32.Trojan.Downloader.

The MD5 checksum for the defs.ref file is 536bea2c1749341b09b2589bf3cc0143
*

I just read this on lavasoft forum.

Sorry for starting an off KAV thread but I was really concerned about these findings.

Thanks All smile.gif
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 18.12.2014 06:25