LS.Andy

Root Admin
  • Content Count

    1,331
  • Joined

  • Last visited

  • Days Won

    43

Everything posted by LS.Andy

  1. Hi Elan, This was an FP and has been removed from detection. Please update Ad-Aware to get the latest definitons, Thanks for your report! Andy
  2. Hi Elan, Thanks for the info. We'll have it checked and report back here. Andy Lavasoft Malware Lab
  3. Hi, The detection is a false positive and will be removed from detection as of an update to be published today. Thanks for your report! Andy Lavasoft Malware Labs
  4. Hi th3y, Thanks for your report. We'll check this out and report the results here. Regards, Andy Lavasoft Malware Lab
  5. Hi myasko, This is a false positive and will be removed from detection as of an update to be published later today. Thanks for letting us know about this. Regards, Andy Lavasoft Malware Lab
  6. Hi all, Got the file - I'll have it checked out and will report back here. Andy Lavasoft Malware Lab
  7. Hi, This is a false positive – it will be fixed in an update later today. Thanks for your report! Regards, Andy Lavasoft Malware Lab
  8. @ msalt0, The file contains code that is consistent with the Win32.Expiro.BK virus family. According to the log file there are several files detected with the same name - it appears that quite a few legitimate files on your machine have been infected by the virus. The detection of the file you uploaded (BTW, thank you - it made investigation much easier) is not a false positive. Hope this helps. Regards, Andy Lavsoft Malware Lab
  9. Hi poepouri, Same question to you - can you upload the detected files here? Andy
  10. Hi msalt0, Thanks for uploading the file. At first glance the fixdamage.exe detection looks like an FP, but I'll investigate further. Would it be possible to upload the other detected files also? Regards, Andy Lavasoft Malware Lab
  11. I think you're being somewhat harsh here. The FP was resolved. Post #10 was very ’stream of consciousness’ and was difficult to see what you wished to say. I responded to it in post #11. Post #12 contained the database I requested with post #13 being my post-investigation response. No additional files/folders were detected in my many tests, nor was there any evidence of any detection, beyond some cookies, in the SQLite database. Post #14 appeared to be 'thinking out loud' - I must have missed what you intended to communicate. I would really appreciate if you could be concise and provide details about the problem. I'm sure you understand that I need to be able to reproduce this to be able to help you. It is helpful if you format it like: Description of problem: <concise decription> Steps to Reproduce 1. Install program 2. Update Ad-Adware 3. Etc Any supporting info you can think of would be useful. The false positive report was solved. The detected file that was identified and subsequently removed from detection. The file is no longer being detected. Nothing that I interpreted as a request or question was ignored. Again, this is a bit harsh, no? No-one said the programs were pirated or not owned by you. I am not disputing the FP occurred. I was able to recreate it. If you can demonstrate the additional items that were detected and removed, I will investigate. With respect, thus far, I have no facts to go on - just your feeling that Ad-Aware did something. When you say ‘they were deleted by your software’, kindly identify the files being detected and I will investigate. Nothing is being ignored and no-one said you were making anything up. The FP was resolved. I double checked the files installed by the installer and found no detection - the report was considered closed. If there is something else being flagged, please provide the relevant information and I will investigate. Andy
  12. Hi, The databases did not contain any information about the detections you mentioned; just some cookie detections: I rescanned the files installed by the application, including the unpacked ISO/WIM files - nothing was detected. I think we can consider this false positive report closed. Thanks for all the information you provided. Andy
  13. No, Ad-Aware does not hide anything - just deletes & quarantines. If Ad-Aware is uninstalled I believe all program data is uninstalled with it. In any case, historical detection info is stored in an SQLite database. Can you zip, password protect and upload the Scanner.db file located in C:\ProgramData\Lavasoft\Ad-Aware 11\History? Andy
  14. Correct. Can you zip/password protect the detected files and upload here please? The file looked suspicious (was packed with Armadillo and has some anti-debug capabilties) but did not exhibit malicious behaviour. Yes. The installer was not a PK file, so the next easiest way to extract the files from it was to install the application. The file in question was contained within bootdisk.iso which was unpacked and scanned. The FP was found in the contents of the unpacked bootdisk.iso file. Andy
  15. Hi, It turns out that the file being detected is actually a file contained deep inside the installer (autorun.exe, md5: 44ea31a350f662ad597c092a7bee2575), not the installer itself. The file will be removed from detection in an upcoming update. I'm also going to submit a bug report to the development team. The log file did not give any information that an 'InnerObject' was the cause of detection - it looked like the installer was being detected, which is not correct. Thanks for the report! Andy Lavasoft Malware Lab
  16. Hi Kruk, I've been trying to recreate the problems you're seeing but without any luck so far. I haven't come across problems with Kaspersky Internet Securty 2014 and Ad-Aware 11 Free in 'non-compatible mode'. It doesn't mean that there aren't problems, just that I can't reproduce yours yet. It would be helpful if you could give me some more details: I'm assuming you installed Ad-Aware 11 Free. Is that correct? Because I haven't come across any problems, more info about these issues will be very helpful. I also want to reproduce your actions when you experienced the issues to try to get the same problems to occur on my machine. Can you describe the issues you're seeing, like error messages, crashes or anything else that will help me recognise on my systems what you're experiencing? Were you doing anything that might have generated the issue, like running a scan? Same issues? Something else? Similar additional info as described above would be helpful. Which order? Ad-Aware 11 first (which mode - express or compatible?), then KIS? What were the issues? Can you describe what was happening prior to the issue occurring? Thanks, Andy Lavasoft Malware Lab
  17. Hi Djay, Users have several options available - add the file to the ignore list, use an alternative compression application such as 7-zip, use an anti-malware application that does not flag the file (see here to see which vendors do not detect it) or allow Ad-Aware to detect it. This is not considered a false positive and will remain in detection. Regards, Andy Lavasoft Malware Lab
  18. Got it I was using the pin code as the password. Thanks for clarifying! Andy
  19. Hi Djay, The file will remain in detection but it is possible to add it to the ignore list. You can find the ignore list interface by clicking on 'Scan' (just below where it says 'Options' at the very top right of the GUI), then clicking 'Ignore List' on the menu at the left. Andy
  20. Hi, I downloaded the file from the link above but was unable to extract it using the pin code in your PM. Can you resend the pin code? Thanks. Andy
  21. Hi Djay, This is not a false positive - the application is adware. Click the "Learn More" link on http://softzipper.com There are a few companies that also block the link and detect this application, including Malwarebytes: https://www.virustotal.com/en/file/148d97c31ce04b37dd3e32efdacefea22c21690dafa9f4c1d5a594415e09aeca/analysis/1382092270/ The application seems to be built using 7zip - I'd suggest installing 7zip instead: http://www.7-zip.org/ Hope this helps! Andy Lavasoft Malware Labs
  22. Hi Djay, Sorry for the delay in responding. I'll check ths out and report back here. Andy Lavasoft Malware Lab
  23. Hi all, We're planning to stop supporting Ad-Aware 9.x in the near future, so you really should upgrade to version 11 as soon as possible, like, now. Can I ask why you are still using 9.x? It's really old and AA 11 is much better (faster, better detection rates etc etc). Thanks for any and all feedback! Andy Lavasoft Malware Lab
  24. Hi again, Like CeciliaB, I was able to visit those sites in the initial post, the sites in post # 4 and random forums in forum.index.hu without being blocked. Ad-Aware had the most recent threat definition version (22398) when I tested. Could you ask your user share some of the exact URLs being blocked? Thanks, Andy
  25. hargitanandor, We haven't been able to recreate this block. Can you provide exact URLs that are being blocked? It will help me investigate further. Thanks. Andy