LS.Andy

Root Admin
  • Content Count

    1,331
  • Joined

  • Last visited

  • Days Won

    43

Everything posted by LS.Andy

  1. Hi matmat, Thanks for providing so much detail. The detection is a false positive and will be removed within the next few updates/within a few hours. LS Andy
  2. Hi igornn, If you're reporting a false positive, can I ask you to read the guide for reporting false positives here and upload the requested info please? Thanks, LS Andy Lavasoft Malware Lab
  3. No need to worry abut your passwords, although, this might be a good opportunity to consider setting different passwords for all your online accounts and setting up 2 Factor Authentiction on any of your accounts that provide it, if you haven't done so already. This site lists services that support 2 Factor Authentication, so if you use any of these services, it's recommended to enable it: https://twofactorauth.org/ I use KeePassX as my password manager and Authy to keep track of 2 Factor Authentication tokens. KeePassx: https://www.keepassx.org/ Authy: https://authy.com/
  4. Hi PEllis, Thanks for uploading the file. This appears to include a cryptocurency miner script (multiple references to CryptoNight, typically used when mining Monero) that runs when visiting the web page. These pages usually run the script without the user's consent, which is why it is included in the detection database. As an aside, it looks like, more AVs have started to detect it: https://www.virustotal.com/#/file/576dbb37512721bd5eb744ee1a9049a09648f4099bc082cd87b78c78b402068f/detection
  5. Can you upload the file to this thread please?
  6. Thanks for your report, kres0345. The file is no longer being detected. Regards, Andy Adaware Malware Lab
  7. Hi sayatoosoft, Thanks for your report. The file SayaSub2.exe (md5: f7ef21ea45882fff513cdb5c96fe2c13) is no longer being flagged by Adaware. Regards, Andy Adaware Malware Lab
  8. Hi mcoueron, Sorry for the late reply. We've just migrated to a new version of the forum software and we're having some unexpected issues with settings that didn't migrate properly, like file uploads not being permitted and email alerts on new posts not being sent. In the meantime, can you post a link to the file that's being blocked so I can download and check it out? Thanks, Andy Lavasoft Malware Lab
  9. Hi olegas22, The detection is a false positive and has been fixed. Thanks for your report. Regards, Andy Lavasoft Malware Lab
  10. Hi rickvoid, Thanks for the additional information. If I've understood correctly, Ad-Aware isn't alerting that it has blocked files, rather, Ad-Aware appears to be conflicting with the Twitch app and stopping it from running: .. and when you kill Ad-Aware, Twitch runs: I was able to recreate this and I've notified the development team about this for investigation. Thanks for letting us know. Regards, Andy Lavasoft Malware Lab
  11. Hi olegas22, Thanks for letting us know. We'll re-investigate and report back here. Regards, Andy Lavasoft Malware Lab
  12. Hi, In order to recreate the problem, I need to first install the application that Ad-Aware is interfering with. Can you provide an exact link where I can download the application, or upload the installer here please? Thanks, Andy Lavasoft Malware Lab
  13. Hi synchtw, Thanks for your report. I haven’t been able to recreate the problem. When I visit curse.com it invites me to download the Twitch Desktop app, which, when I install, installs without any problems or alerts from Ad-Aware. Can you describe the steps I need to take to recreate the problem? Thanks, Andy Lavasoft Malware Lab
  14. Hi Homeschooled, The detection of the file is a false positive and has been removed from detection. Regards, Andy Lavasoft Malware Lab
  15. Please compress the file with Winzip/Winrar/7zip or similar before uploading.
  16. Hi Homeschooled, You can remove the file from quarantine by: clicking Scan Computer on the icon list on the left side of the GUI scrolling down to Quarantined Files clicking View selecting the file you want to restore and hit Restore You can add the file to the exclusion list by going into Manage Exclusions, just above Quarantined Files. When you've restored the file, can you upload it here so I can check it out? Thanks, Andy Lavasoft Malware Lab
  17. Using the installer, I was able to recreate the detection on IETabDriver.exe. The md5 for that file was different from the original one that we tested with (md5: 0f0ec27159eda4c9bad814d28bda0e59). This is an FP and will be removed from detection. I wasn't able to recreate the detection on whale.exe. The md5 of the file installed using the installer is d574b68650c68f8941dbc16f86d56a2f, which is also different from the file we originally tested. Can you upload the version of whale.exe that is being detected please? Andy
  18. Yes, I can see the detection in the screenshot/xml file, but I can't recreate it with the files you uploaded. Maybe we're looking at different files. Can you check the md5's of the detected files you're testing with and compare them with the files below? Are they the same, or different? File: IETabDriver.exe MD5: c103a08d9f2f9e2d18eedab0e376b481 File: whale.exe MD5: 9969650dab84c15ab0d8a69b7a827e9f Thanks, Andy
  19. Hi, Thanks for the additional information, but can you provide more detailed steps, like: 1. Install <application> from <URL> 2. Launch <application> 3. Ad-Aware detects file <upload file to this post> etc? Thanks, Andy Lavasoft Malware Lab
  20. Hi jee soo lee, Thanks for your report. To confirm, the files we checked are: File: IETabDriver.exe MD5: c103a08d9f2f9e2d18eedab0e376b481 File: whale.exe MD5: 9969650dab84c15ab0d8a69b7a827e9f These two files are not currently detected. Regards, Andy Lavasoft Malware Lab
  21. Hi Macias223, I wasn't able to recreate the detection - is that the actual file that is being detected? If not, can you provide the file, or if so, can you give me some information about how to reproduce the detection? Thanks, Andy Lavasoft Malware Lab
  22. The detection of the file will be removed. Thanks for your report. Regards, Andy Lavasoft Malware Labs
  23. Hi msplata, Thanks for letting us know. We'll check it out and report back here. Regards, Andy Lavasoft Malware Labs
  24. Hi Josh, Thanks for your report. The file in the VT report is no longer being detected. Regards, Andy Lavasoft Malware Lab
  25. Hi Bodgan Fixer, Thanks for your report. I sent you a PM - plese read for information on how to proceed. Regards, Andy Lavasoft Malware Lab