 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | Ad-Aware SE1R126 12.10.2006 False Positives re: today's update
These 3 reg entries appear to be the same ones that were falsely identified and fixed in a previous update and are showing up again.
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
--
Write your questions down on the back of a $20 dollar bill and send them to me
Microsoft Security MVP |
|
|
|
Reviews:
 ·WestNet Broadband
|
Wow, mine don't look much better DP, I get 4 similar to yours, and a Zlob ? Also on trying to copy/paste off the logs, the writing almost shrunk to nothing. I had to save a log to file, then copy/paste off that.
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{fe38753a-44a3-11d1-b5b7-0000c09000c4}
Win32.Trojan.Agent Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\explorer\advanced
Value : Start_ShowRun
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
|
|
 amysheehanPremium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
 ·RoadRunner Cable
| reply to dp
Name:Win32.Trojandownloader.Zlob
Category:Malware
Object Type:Regkey
Size:43 Bytes
Location:clsid\{fe38753a-44a3-11d1-b5b7-0000c09000c4}\
Last Activity:10-12-2006
Relevance:Low
TAC index:10
Comment:
Description:Win32.Trojandownloader.Zlob installs in stealth, opening backdoors on the computer and downloading other applications such as SpyAxe and other rogue anti-spyware software.
--
DSLR Phishtracker |
|
 BuddelIf it ain't broke, don't fix it.Premium
join:2004-03-06
EU
kudos:3 | reply to dp
Thanks for the heads-up. I will not download today's defs and wait for Lavasoft to fix the FPs.  |
|
 HutchMy Throne is the DunnyPremium
join:2000-10-14
Out House | reply to dp
said by dp:re: today's update These 3 reg entries appear to be the same ones that were falsely identified and fixed in a previous update and are showing up again. I get the same on a freshly installed OS. Definately a FP. |
|
| reply to dp
Thanks for reporting these. Have forwarded this report to the Research Team.
Please do NOT "fix" these at present. |
|
| reply to dp
A new release has been done to fix this FP. Thank you all for reporting them. |
|
| reply to Hutch
Here's what I got, ran several other scans with other products, they found nothing. Sure hope adaware gets this worked out, they seem to be having a lot of false positives lately.
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{fe38753a-44a3-11d1-b5b7-0000c09000c4}
Waiting for news from Lavasoft,
Normandie |
|
amysheehanPremium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9 Reviews:
·RoadRunner Cable
| reply to Stoffe
said by Stoffe:A new release has been done to fix this FP. Thank you all for reporting them. Thank you !!!
All clear now !
--
DSLR Phishtracker |
|
 kcazzieOne Of Jerry's KidsPremium
join:2000-08-13
Morton Grove, IL | reply to Stoffe
said by Stoffe:A new release has been done to fix this FP. Thank you all for reporting them. Thanks, looks like new updates are working now...:)... |
|
 MagManLife is simpler when you tell the truth.Premium
join:2003-10-01
Westlake, OH | reply to dp
Thanks just downloaded it,everything is fine again. |
|
dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | reply to Stoffe
said by Stoffe:A new release has been done to fix this FP. Thank you all for reporting them. Thanks for the quick turnaround. All good here
--
Write your questions down on the back of a $20 dollar bill and send them to me
Microsoft Security MVP |
|
roddy32
join:2005-12-10
Augusta, KS
kudos:1 | reply to dp
All clear here too now, thanks for the quick fix. |
|
| reply to dp
All good, cheers team, that was fast. |
|
| reply to dp
Could not get the update, so went to the Lavasoft site and just downloaded there. All well here after getting over the heart attack 
Have a nice day,
Normandie |
|
Jrb2Premium
join:2001-08-31
kudos:3 | reply to dp
Here is the info from my system with respect to the second update today:
=====
Definitions File Loaded:
Reference Number : SE1R126 12.10.2006
Internal build : 156
File location : C:\Program Files\Lavasoft\Ad-Aware SE Professional\defs.ref
File size : 782898 Bytes
Total size : 2527469 Bytes
Signature data size : 2478468 Bytes
Reference data size : 48489 Bytes
Signatures total : 68024
CSI Fingerprints total : 3957
CSI data size : 164285 Bytes
Target categories : 15
Target families : 988
MD5 checksum of defs.ref:
MD5 - D6E2FDBB28185853F03FE1C5FC63C123
=====
All is well on my system with this second update.
Thanks Lavasoft for the quick fix
PS:
As has been said many times in the past:
It doesn't matter which version of Ad-Aware (Pro, Personal, etc) you have, the definitions file defs.ref is the same for all. |
|
BuddelIf it ain't broke, don't fix it.Premium
join:2004-03-06
EU
kudos:3 | reply to dp
You fixed the FPs in no time at all; that was really fast. Thank you. |
|
| Well, I can't even get the defs to install properly. Actually have had little issues with the last 2 def releases. Today it downloads and acts like it installs, but doesn't :/ Maybe I should wait a couple of days? |
|
 onDvineDon't litter. Spay-neuter.Premium
join:2005-01-29
So. CA, USA
kudos:7
·Verizon Online DSL
| said by Finger2208:... Actually have had little issues with the last 2 def releases. ... This time displayed oddly in a similar way to last time when there were problems but seemed to install alright, despite that. By oddly, I mean the graphic showing the percentage D/L'd started showing 5% before I clicked to accept the D/L, then began again after I accepted it.
--
The secret of happiness is to admire without desiring. ▪Carl Sandburg |
|
 Sr TechPremium
join:2003-01-19
New Fairfield, CT
 ·PHONE POWER
| Could this be a FP as well, I did a search and came up Dry.
WIN32.HACKTOOL.TOOLEVID
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[17]=File : C:\System Volume Information\_restore{9CD42ED6-8BB6-4C28-AE83-834162DBE68B}\RP65\A0004600.exe |
|
