Oldfrog

Volunteer Security Advisor
  • Content Count

    121
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Oldfrog

  • Rank
    Advanced Member
  • Birthday 08/15/1945

Contact Methods

  • Website URL
    http://www.deckertechnology.net
  • ICQ
    0

Profile Information

  • Location
    Central Texas, USA
  • Interests
    Antique Radio, woodworking, hunting/fishing
  1. If aawservice is not running, then nobody logged onto the system as a regular user will be able to open and use AAW2007. I have tested this so know it to be true. I am still not sure why so many folks object to this. Unless AAW is open the service uses no CPU and pages most of its RAM out to the swap file so other programs can use the on-chip memory. XP and Vista are far different architecturally than Win9x and require more advanced techniques to clean and protect. The service running under System permissions is the most obvious sign of this advancement.
  2. Doubleclick is definitely a cookie, so cookie detection may have been all that caused the difference.
  3. I am not familiar with the e-trust product so can't comment on it. Windows Defender does not scan for cookies while both AAW versions do. If AAW is detecting tracking cookies on your system this would explain it. There are also differences in the threats detected among virtually all products. To really give a detailed explanation would require knowing exactly what AAW has detected on your system.
  4. Do you remember loading hosts file entries? If so, which list did you use and how did you load it? If not, do you use either Spybot S&D or HostsMan?
  5. I haven't found that option in AAW2007 either, Peter. That was a feature that I found very useful in SE and used frequently.
  6. That is a hard question to answer without knowing The version of AAW that you are using The critical objects that can't be removed The detected items for the critical objects Other protective software that you may have installed Most of this information will be included in your scan log. Could you post that as a response to this topic?
  7. You are using a blocking HOSTS file to prevent access to certain domains. The entry shown is not a threat as it simply prevents traffic to fastclick.net. I would suggest setting that detection to always ignore. I am not sure why Ad-Aware is unable to remove this as I reconstructed it and AAW2007 handled it easily. It may be that you set a lock on the HOSTS file at the time that you loaded it using whatever program you used to add the entries. Bottom line: You are not infected and the detection is not a real threat.
  8. Yes, 1.06r1 is the latest, and last, version which will run on either 98 or ME. The definitions for Ad-AwareSE are still being updated.
  9. This appears to be a false positive which will be corrected in the next definition release. In this case I don't believe that you will have any problem. In the future, I suggest that you always quarantine detected items rather than immediately removing them. That way, if there is a problem you have a way to go back. BTW, do you use either SpywareBlaster or the immunize feature in Spybot?
  10. Please open Notepad and copy/paste the text in the code box below into a new text file. Save the file to your desktop as regcs.bat. regedit /e regcs.txt "HKEY_ClASSES_ROOT\CLSID\{a6acae64-f-ad86-bd3fb32038db}" start notepad.exe regcs.txt exit Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.
  11. The Adware.CDN false positives are discussed in http://www.lavasoftsupport.com/index.php?showtopic=11208
  12. This may be a false positive. See http://www.lavasoftsupport.com/index.php?showtopic=11208
  13. Hi, Chong. Can you post the relevant part of your Ad-Aware log showing the detection of Adware.CDN?
  14. Yes, they are still around and adding/changing names quite frequently. You will find most of them included on the Rogue List.
  15. I looked at both those URLs using a browsing tool that displays code instead of rendering the page(s). The intermediate appears to be a rather normal "This page has moved" message with a redirection address. The second appears to be a subscription ring tones site. Neither appeared to have any embedded malware/adware although I can certainly not vouch for any ring tones that you might install. Given that this only occurs on your free NetZero account and that NetZero (Juno too) is known for both banner ads and pop-ups, I have to wonder if this is really adware or the normal functioning of NetZero free.