LS Jonas

Members
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

0 Neutral

About LS Jonas

  • Rank
    Former Lavasoft Staff
  1. Dear Gandalf! Thank you for your report! An error occured with the server for our definition file updates which resulted in an internal release. This has been corrected. Sorry for the inconvenience! Regards Jonas Research Analyst Lavasoft
  2. What version of the definition file are you using? This issue should be solved in the relesea from 06.02.2007. Regards Jonas Research Analyst Lavasoft
  3. Dear Landabaran! Thank you for your report! Please look at http://www.lavasoftsupport.com/index.php?s...amp;#entry32742 for more information. Regards Jonas Research Analyst Lavasoft
  4. Dear victor2232! Thank you for your report! I don't see where the problem originates based on the information you sent. It would be useful to see more of the logfile - could you post the full results of the scan? Regards Jonas Research Analyst Lavasoft
  5. Dear mogojohn! Based on the information found on internet and our research on AOSMTP.FastSender, this application could be used maliciously. However, AOSMTP.FastSender can be used in many applications. We have removed AOSMTP.FastSender from detection from release 150 (SE1R150 06.02.2007) but this issue has been flagged and will be put in detection if new information comes to light. Again, thank you for bringing this to our attention! Regards Jonas Research Analyst Lavasoft
  6. Dear jojojo! Based on the information in the post we are unable to identify where the problem orginates. We installed Tune Up Utility 2007 and were unable recreate the issue you described. It would be useful to see more of the logfile - could you post the full results of the scan? Also, if it's possible could you zip and e-mail a sample of the IEControl.bpl file? The address is [email protected] In Subject write 'FAO Jonas IEControl.bpl'. Regards Jonas Research Analyst Lavasoft
  7. Dear LouScannon! Thank you for your report. This is not a F/P, however this program is associated with the Hacktool family. The program acquires serial keys for registered applications that are installed on the PC. In certain circumstances this could be done remotely and without the victim's knowledge. Regards Jonas Research Analyst Lavasoft
  8. Mogojohn - Thank you for your report. All of the class ids listed are suspect, and my analysis of the last item in your logfile, aosmtp.fastsender, is associated with several suspect e-mail sending programs. I see some relationship between other programs using ansmtp that are legit, but nothing that I'm led to for aosmtp.fastsender appears straight forward. You mentioned a few programs that did not catch these items, but I checked on some others and McAfee and Symantec also flag these class ids and the conditional value (aosmtp.fastsender). I'll keep my eye on this to make sure I'm not missing anything. Thanks. Jonas Research Analyst Lavasoft
  9. Dear Savansown! In our experience with Alexa we haven't seen that it is directly inherent with Windows ME or Windows XP, however is there other 'bonus' software bundled with your installation pack offered with your hardware. Because spyware would not be detected after a pure re-installation unless they were bundled in the software that you installed. Please look at http://www.lavasoftsupport.com/index.php?showtopic=6323 as a reference on this topic. This ClassID is usually connected with Alexa. We have Alexa classified as TAC 5 value in our detectin database. It may not be the most malicious in an extreme sense, but by definition it is installing on your system without your knowledge or behaving in other ways. It can serve to enhance in some way but that would need to be determined by the user. My recommendation is that you look at your installation pack to see if there are 'bonus' programs included as it may be a part of those. You can let us know know if you see something there so we can continue the discussion. Thanks. Jonas Research Analyst Lavasoft
  10. Dear JC12! Thank you for letting us know about this but, I couldn't see anything that indicates it is a false positive. To help you as much as possible I would like you to send the full log file. Regards, Jonas Research Analyst Lavasoft
  11. Hi Malou - I found this link at Microsoft that may be helpful for you. Looking through this information, I don't consider this an F/P as they recommend a delete if the Homepage value exists in the key. http://support.microsoft.com/kb/320159 8. In Registry Editor, locate the following subkey, if it exists: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel 9. If the ResetWebSettings value or the HomePage value exists in this key, right-click the values, and then click Delete. Let me know if this helps or if we need to analyze further. Cheers. Jonas Research Analyst Lavasoft
  12. Dear Wilfred! Thank you for letting us know about this. We have identified the item that causing this. We'll wrap the solution to this issue with next release SE1R146. There is no need for you or anybody else that is using your program to remove this. This key is common to certain adware. Thanks again. Jonas Lavasoft Research
  13. Dear laitcru! Thank you for letting us know about this. There is no need to remove it from your computer. We'll wrap this issue with a few other nasties we just identified in the next release that is coming just around the corner. Thanks again. Jonas Lavasoft Research
  14. Gatticus, please post the log file. I would like to see it. As far as I can see this flags as a BPS SpywareRemover. Do you get the same result? If Matrixgames doesn't use this file any more can you tell me how it was downloaded? Thank you. Regards, Jonas Lavasoft Research
  15. Hi Roy! It was a small update of tracking cookies added to todays defintion file. That's the reason to all cookie hits is because they are all coming from the same domain. Regards Jonas Lavasoft Research