LS.Andy

Root Admin
  • Content Count

    1,331
  • Joined

  • Last visited

  • Days Won

    43

Everything posted by LS.Andy

  1. Hi Solaze, Thanks for your report - we're currently looking into this. Regards, Andy Lavasoft Research
  2. Hi JanusB, We have carried out analysis of the transfz.exe process detection : it will not be detected as of today's update. Thanks for taking the time to report this, and again, thanks for the detailed report and links. This makes for much more accurate analysis of false positive reports! Regards, Andy Lavasoft Research
  3. Hi JanusB, Thanks for the extra information - would it be possible for you to upload a log file of one of the scans from your test? Thanks in advance! Regards, Andy Lavasoft Research
  4. Hi JanusB! Thanks for the report. I will investigate further and if found to be a false positive, transfz.exe will be removed from detection as of the next release. Regards, Andy Lavasoft Research
  5. Thank you to everyone who contributed information and details of their scans. This was an aggressive detection that was implemented to remove genuine malware from the Win32.TrojanDropper family. Upon re-analysis it was noted that a false positive was generated when running a scan. An updated definition file was released on Monday to counter this. You can find details of the changes made to the definition file in the Definitions Updates forum. Please be sure to update Ad-Aware with the newest definition file. Thanks for your help! Regards, Andy Lavasoft Research
  6. Hi Joakim, After some investigation I can confirm that the foobar2000.org cookie detection is an issue with Ad-Aware 2007 Beta rather than a false positive generated by Ad-Aware 1.06r1. I will pass the foobar2000 cookie issue to the Ad-Aware 2007 development team. I would like to thank you for bringing this Beta version bug to light - reports like this are extremely helpful! If you come across any other anomalies, please be sure to report them in the Ad-Aware 2007 forum at http://www.lavasoftsupport.com/index.php?showforum=55 . Thanks for your input! Regards, Andy Lavasoft Research
  7. Hi Joakim, Thanks for uploading the log file - these things are invaluable! I will investigate further and post my conclusions. Regards, Andy Lavasoft Research
  8. Hi Joakim! Thanks for the update! I ran a scan having visited foobar2000.org and made sure there was a corresponding cookie on my machine. Ad-Aware didn't pick up the foobar2000.org cookie... Could I ask you to post the log file of the scan that picked up the cookie so I can investigate further? Thanks again for your report! Regards Andy Lavasoft Research
  9. Hi bkmtech! Thanks for your post! It would be interesting to look at the log file for that scan - could I ask you to post it? I'm not sure I have any useful advice for you regarding Spybot's results, however, regarding your redirected host query, make a cup of tea, take a deep breath and settle in! If you open your hosts file in Notepad (Windows NT/2000/XP/Vista: %SystemRoot%\system32\drivers\etc\) you'll notice an IP address and the word 'localhost'. If, for example, on a line below the localhost entry, I was to type the IP address for www.newswebsite.test (eg 123.45.67.890) and the host name for a sports website on a new line eg: 123.45.67.890 www.sportwebsite.test When I type www.sportwebsite.test into my browser I would be redirected to www.newswebsite.test. The hosts file is very useful if you want to block a particular site but it is also vulnerable to hijacking, in that when you type in a host name for a targeted site, you are redirected to the hosts file hijacker's specified site. I hope that helps to explain the circumstances in which a redirected hosts file could be considered a threat i.e. if you have not altered the hosts file yourself or given consent to a third party to alter it. Regards, Andy Lavasoft Research
  10. Hi Joakim! Thanks for your report! The cookies you mentioned will be removed from detection as of the next update. Regards, Andy Lavasoft Research
  11. Hi anubus777! Thanks for your report! According to the log that was posted, Ad-Aware has discovered a missing string value within the registry. Where the string should have contained the value "regedit.exe" "%1", it was actually blank. However, Ad-Aware recognised this and replaced the missing value. Nothing to worry about here - in fact, what was identified as a general windows security issue has been resolved by the scan that was carried out! Regards, Andy Lavasoft Research
  12. Hi, el_diablo! Thanks for sending the report. The particular Win32.Trojan.Downloader object that was detected has been taken out of detection as of the next release. The Adware.Pop objects are in detection legitimately. If you would prefer Ad-Aware not to remove them, you can add them to your 'ignore list'. To do this: 1. Scan your PC as normal 2. When the scan has finished, click 'Next' to view the scanning results. 3. Click on the 'Critical Objects' tab within the scanning results screen. 4. Check the box beside any elements you'd like to be ignored. 5. Right click somewhere inside the Critical Objects window and select 'Add Selected To Ignore List' 6. Click OK to continue and follow the prompts. Thanks for your input! Andy Lavasoft Research