38 special

Threats detected by Ad-Aware SE

30 posts in this topic

Hello,

 

I just performed a full system scan using ad-aware with latest definitions released today and it found the following: (also see .jpg attachment)

 

---------------------------------------------------------------

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Win32.Trojan.Downloader Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

 

Win32.Trojan.Downloader Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

 

Win32.Trojan.Downloader Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

 

Adware.AdMedia Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Adware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

 

BargainBuddy Object Recognized!

Type : Regkey

Data :

TAC Rating : 8

Category : Malware

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

 

Win32.Trojan.Agent Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Virus

Comment :

Rootkey : HKEY_USERS

Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 6

----------------------------------------------------------------

 

As you can see, four items are rated as 'malware' and other one as 'virus'. After these findings I didn't deleted anything but I close ad-aware and started a full system scan with KAV 6.0.0.303 and its latest virus databases. KAV didn't detect anything!

 

Six days back I performed full scans with both ad-aware&KAV and my system was clean (btw I'm very cautious about sites I visit).

 

I know that spyware/adware are not really the business for KAV but..

 

Should it be a reason to concern about?

 

Thanks for reading

Share this post


Link to post
Share on other sites

Well they don't exactly seem to be false positives,I think Lavasoft still has to research on these findings.

Share this post


Link to post
Share on other sites
Well they don't exactly seem to be false positives,I think Lavasoft still has to research on these findings.

Many people in the GRC NGs are reporting FPs with the latest Ad-Aware definitions. If you update Ad-Aware, don't let it delete anything for the time being.

 

Ron :)

Share this post


Link to post
Share on other sites
Many people in the GRC NGs are reporting FPs with the latest Ad-Aware definitions. If you update Ad-Aware, don't let it delete anything for the time being.

And from the a.p.s NG, more info:

 

http://www.dslreports.com/forum/remark,16887509~mode=flat

 

Ed. Note: It's getting late, I just noticed your link, mem.

 

Ron :)

Edited by Piston Ron

Share this post


Link to post
Share on other sites

If these are FPs then it would be the first ones I see from Lavasoft...

 

I don't think they release updated definitions without deep research though :blink:

Share this post


Link to post
Share on other sites

Here happens the same with the above mentioned Ad-Aware Removals.

I want to say that if you run F-Secure they found "BACK WEB" as an ad-aware.

And the same happens with Spy Bot and Spy Sweeper.

P.S. Back Web is a COMPONENT of F-Secure.

Share this post


Link to post
Share on other sites
If these are FPs then it would be the first ones I see from Lavasoft...

 

I don't think they release updated definitions without deep research though :blink:

Actually, it happens quite often, but that doesn't mean you will see them, but this one is an FP, you can restore files the way CalamityJane recommends in this thread:http://www.dslreports.com/forum/remark,16887509~mode=flat.

Share this post


Link to post
Share on other sites

Also, registry keys alone arnt threats.... their corresponding files are threats. seeing as no files have been detected, there's nothing to wory about and kaspersky doesnt scan the registry for threats because there's no real need

Share this post


Link to post
Share on other sites

I got the same ones, and I know I don't have them. And why would everyone suddenly get the same trojans in the registry.

Share this post


Link to post
Share on other sites

SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

 

============================================

Definition file Notification - Lavasoft News

============================================

SE1R123 13.09.2006

 

This fixes a False Positive in Adware.AdMedia.

This fixes a False Positive in TrojanBackdoor.Serv-U.

This fixes a False Positive in BargainBuddy.

This fixes a False Positive in Win32.Trojan.Agent.

This fixes a False Positive in Win32.Trojan.Downloader.

 

The MD5 checksum for the defs.ref file is 536bea2c1749341b09b2589bf3cc0143

Share this post


Link to post
Share on other sites

Hey All,

 

Do you need to restore these entries if we deleted them without backing them up?

 

Cnon

Share this post


Link to post
Share on other sites

If you have deleted them, you have deleted perfectly valid keys, and something might not work properly without them.

Share this post


Link to post
Share on other sites

Thanks King,

 

Guess I'll use the Win XP Home system restore and restore those keys.

 

Cnon

Share this post


Link to post
Share on other sites

Those specific keys might also be for services you may never need, but who knows? Difficult to say beforehand, especially when the registry looks like alphabet soup. :P These keys had something to do with file transfers, if I remember correctly.

Share this post


Link to post
Share on other sites
Those specific keys might also be for services you may never need, but who knows? Difficult to say beforehand, especially when the registry looks like alphabet soup. :P These keys had something to do with file transfers, if I remember correctly.

 

Well, it isn't affecting my computer so far. Thank Goodness. I have turned on the quar. feature of LS just to be on the safe side though.

 

PS. Does anyone know if Super Antispyware has had a history of FPS?

 

Cnon

Share this post


Link to post
Share on other sites
PS. Does anyone know if Super Antispyware has had a history of FPS?

 

Cnon

They all have them from time to time, AV/AT/AS.... doesn't matter which, they all have a few during the year, you should look more at how quickly they are fixed in the updates instead, but SAS have not had one in the couple of months i've used the free version.

Share this post


Link to post
Share on other sites
SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

 

============================================

Definition file Notification - Lavasoft News

============================================

SE1R123 13.09.2006

 

This fixes a False Positive in Adware.AdMedia.

This fixes a False Positive in TrojanBackdoor.Serv-U.

This fixes a False Positive in BargainBuddy.

This fixes a False Positive in Win32.Trojan.Agent.

This fixes a False Positive in Win32.Trojan.Downloader.

 

The MD5 checksum for the defs.ref file is 536bea2c1749341b09b2589bf3cc0143

I just read this on lavasoft forum.

 

Sorry for starting an off KAV thread but I was really concerned about these findings.

 

Thanks All :)

Share this post


Link to post
Share on other sites

Personally, I have never found AdAware to be very useful. I think I will remove it again, and trust KAV, Ewido, and SAS.

 

Jerry

Share this post


Link to post
Share on other sites
Personally, I have never found AdAware to be very useful. I think I will remove it again, and trust KAV, Ewido, and SAS.

 

Jerry

 

Good choice, I never scan with ad-aware anymore, I only use SAS and kis as scanners.

 

And then of course I use IE-Spyad Spywareblaster plus Spybots Immunizer.

Share this post


Link to post
Share on other sites
Personally, I have never found AdAware to be very useful. I think I will remove it again, and trust KAV, Ewido, and SAS.

 

Jerry

 

My combination too B) .

Share this post


Link to post
Share on other sites
Well, it isn't affecting my computer so far. Thank Goodness. I have turned on the quar. feature of LS just to be on the safe side though.

 

PS. Does anyone know if Super Antispyware has had a history of FPS?

 

Cnon

 

This just goes to show the IMPORTANCE of setting anti-spyware, anti-trojan, anti-virus to keep a backup copy of anything you decide to let the application delete.

 

I'm sure you have KAV set to keep a backup copy also?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now