dp
Premium,MVM
join:2000-12-08
Greensburg, PA
 ·Verizon Online DSL
| Ad-Aware SE1R126 12.10.2006 False Positives
re: today's update
These 3 reg entries appear to be the same ones that were falsely identified and fixed in a previous update and are showing up again.
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
--
Write your questions down on the back of a $20 dollar bill and send them to me
Microsoft Security MVP |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
Wow, mine don't look much better DP, I get 4 similar to yours, and a Zlob ? Also on trying to copy/paste off the logs, the writing almost shrunk to nothing. I had to save a log to file, then copy/paste off that.
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{fe38753a-44a3-11d1-b5b7-0000c09000c4}
Win32.Trojan.Agent Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\explorer\advanced
Value : Start_ShowRun
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| reply to dp
Name:Win32.Trojandownloader.Zlob
Category:Malware
Object Type:Regkey
Size:43 Bytes
Location:clsid\{fe38753a-44a3-11d1-b5b7-0000c09000c4}\
Last Activity:10-12-2006
Relevance:Low
TAC index:10
Comment:
Description:Win32.Trojandownloader.Zlob installs in stealth, opening backdoors on the computer and downloading other applications such as SpyAxe and other rogue anti-spyware software.
--
DSLR Phishtracker |
|
Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU | reply to dp
Thanks for the heads-up. I will not download today's defs and wait for Lavasoft to fix the FPs.  |
|
Hutch
My Throne is the Dunny
Premium
join:2000-10-14
Out House
| reply to dp
said by dp  :re: today's update These 3 reg entries appear to be the same ones that were falsely identified and fixed in a previous update and are showing up again. I get the same on a freshly installed OS. Definately a FP. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to dp
Thanks for reporting these. Have forwarded this report to the Research Team.
Please do NOT "fix" these at present. |
|
Stoffe
join:2006-02-03
UA | reply to dp
A new release has been done to fix this FP. Thank you all for reporting them. |
|
Normandie
join:2006-09-12
| reply to Hutch
Here's what I got, ran several other scans with other products, they found nothing. Sure hope adaware gets this worked out, they seem to be having a lot of false positives lately.
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{fe38753a-44a3-11d1-b5b7-0000c09000c4}
Waiting for news from Lavasoft,
Normandie |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| reply to Stoffe
said by Stoffe :A new release has been done to fix this FP. Thank you all for reporting them. Thank you !!!
All clear now !
--
DSLR Phishtracker |
|
kcazzie
One Of Jerry's Kids
Premium
join:2000-08-13
Morton Grove, IL
| reply to Stoffe
said by Stoffe :A new release has been done to fix this FP. Thank you all for reporting them. Thanks, looks like new updates are working now...:)... |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH | reply to dp
Thanks just downloaded it,everything is fine again. |
|
dp
Premium,MVM
join:2000-12-08
Greensburg, PA
·Verizon Online DSL
| reply to Stoffe
said by Stoffe :A new release has been done to fix this FP. Thank you all for reporting them. Thanks for the quick turnaround. All good here
--
Write your questions down on the back of a $20 dollar bill and send them to me
Microsoft Security MVP |
|
roddy32
join:2005-12-10
Augusta, KS | reply to dp
All clear here too now, thanks for the quick fix. |
|
norwegian
Premium
join:2005-02-15
Outback | reply to dp
All good, cheers team, that was fast. |
|
Normandie
join:2006-09-12 |  reply to dp
Could not get the update, so went to the Lavasoft site and just downloaded there. All well here after getting over the heart attack 
Have a nice day,
Normandie |
|
Jrb2
Premium
join:2001-08-31
| reply to dp
Here is the info from my system with respect to the second update today:
=====
Definitions File Loaded:
Reference Number : SE1R126 12.10.2006
Internal build : 156
File location : C:\Program Files\Lavasoft\Ad-Aware SE Professional\defs.ref
File size : 782898 Bytes
Total size : 2527469 Bytes
Signature data size : 2478468 Bytes
Reference data size : 48489 Bytes
Signatures total : 68024
CSI Fingerprints total : 3957
CSI data size : 164285 Bytes
Target categories : 15
Target families : 988
MD5 checksum of defs.ref:
MD5 - D6E2FDBB28185853F03FE1C5FC63C123
=====
All is well on my system with this second update.
Thanks Lavasoft for the quick fix
PS:
As has been said many times in the past:
It doesn't matter which version of Ad-Aware (Pro, Personal, etc) you have, the definitions file defs.ref is the same for all. |
|
Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU | reply to dp
You fixed the FPs in no time at all; that was really fast. Thank you. |
|
Finger2208
join:2001-04-07
Lindale, TX | Well, I can't even get the defs to install properly. Actually have had little issues with the last 2 def releases. Today it downloads and acts like it installs, but doesn't :/ Maybe I should wait a couple of days? |
|
onDvine
Don't litter. Spay-neuter.
Premium
join:2005-01-29
So. CA, USA
clubs:
·Verizon Online DSL
| said by Finger2208 :... Actually have had little issues with the last 2 def releases. ... This time displayed oddly in a similar way to last time when there were problems but seemed to install alright, despite that. By oddly, I mean the graphic showing the percentage D/L'd started showing 5% before I clicked to accept the D/L, then began again after I accepted it.
--
The secret of happiness is to admire without desiring. ▪Carl Sandburg |
|
Sr Tech
Premium
join:2003-01-19
New Fairfield, CT
| Could this be a FP as well, I did a search and came up Dry.
WIN32.HACKTOOL.TOOLEVID
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[17]=File : C:\System Volume Information\_restore{9CD42ED6-8BB6-4C28-AE83-834162DBE68B}\RP65\A0004600.exe |
|
