Volunteer Security Advisor
  • Content Count

  • Joined

  • Last visited

Everything posted by Oldfrog

  1. If aawservice is not running, then nobody logged onto the system as a regular user will be able to open and use AAW2007. I have tested this so know it to be true. I am still not sure why so many folks object to this. Unless AAW is open the service uses no CPU and pages most of its RAM out to the swap file so other programs can use the on-chip memory. XP and Vista are far different architecturally than Win9x and require more advanced techniques to clean and protect. The service running under System permissions is the most obvious sign of this advancement.
  2. Doubleclick is definitely a cookie, so cookie detection may have been all that caused the difference.
  3. I am not familiar with the e-trust product so can't comment on it. Windows Defender does not scan for cookies while both AAW versions do. If AAW is detecting tracking cookies on your system this would explain it. There are also differences in the threats detected among virtually all products. To really give a detailed explanation would require knowing exactly what AAW has detected on your system.
  4. Do you remember loading hosts file entries? If so, which list did you use and how did you load it? If not, do you use either Spybot S&D or HostsMan?
  5. I haven't found that option in AAW2007 either, Peter. That was a feature that I found very useful in SE and used frequently.
  6. That is a hard question to answer without knowing The version of AAW that you are using The critical objects that can't be removed The detected items for the critical objects Other protective software that you may have installed Most of this information will be included in your scan log. Could you post that as a response to this topic?
  7. You are using a blocking HOSTS file to prevent access to certain domains. The entry shown is not a threat as it simply prevents traffic to fastclick.net. I would suggest setting that detection to always ignore. I am not sure why Ad-Aware is unable to remove this as I reconstructed it and AAW2007 handled it easily. It may be that you set a lock on the HOSTS file at the time that you loaded it using whatever program you used to add the entries. Bottom line: You are not infected and the detection is not a real threat.
  8. Yes, 1.06r1 is the latest, and last, version which will run on either 98 or ME. The definitions for Ad-AwareSE are still being updated.
  9. This appears to be a false positive which will be corrected in the next definition release. In this case I don't believe that you will have any problem. In the future, I suggest that you always quarantine detected items rather than immediately removing them. That way, if there is a problem you have a way to go back. BTW, do you use either SpywareBlaster or the immunize feature in Spybot?
  10. Please open Notepad and copy/paste the text in the code box below into a new text file. Save the file to your desktop as regcs.bat. regedit /e regcs.txt "HKEY_ClASSES_ROOT\CLSID\{a6acae64-f-ad86-bd3fb32038db}" start notepad.exe regcs.txt exit Double click on regcs.bat. A new Notepad window will open. Copy/paste the contents of that window into a reply. This will allow us to see the contents of the detected registry key.
  11. The Adware.CDN false positives are discussed in http://www.lavasoftsupport.com/index.php?showtopic=11208
  12. This may be a false positive. See http://www.lavasoftsupport.com/index.php?showtopic=11208
  13. Hi, Chong. Can you post the relevant part of your Ad-Aware log showing the detection of Adware.CDN?
  14. Yes, they are still around and adding/changing names quite frequently. You will find most of them included on the Rogue List.
  15. I looked at both those URLs using a browsing tool that displays code instead of rendering the page(s). The intermediate appears to be a rather normal "This page has moved" message with a redirection address. The second appears to be a subscription ring tones site. Neither appeared to have any embedded malware/adware although I can certainly not vouch for any ring tones that you might install. Given that this only occurs on your free NetZero account and that NetZero (Juno too) is known for both banner ads and pop-ups, I have to wonder if this is really adware or the normal functioning of NetZero free.
  16. I am sure that we will continue to see new definition files released for Ad-AwareSE for a period of time but exactly what that period will be is open to question. I doubt that even Lavasoft can say for sure at this point. After the release of Ad-AwareSE definitions continued to be available for the previous version for quite some time and the end of support was announced well in advance. I would expect that to be true in this case as well. The fact is that it is no longer 1999, Windows is no longer a GUI that runs over DOS, and Microsoft dropped support for any of the Win9x versions some time ago. A modern antispyware capable of protecting XP and Vista would likely not even run on those older versions.
  17. I posted this on another forum in a similar topic about half an hour ago:
  18. Yes, those are beta defs for testing before release to the public and the login is required as testers have to agree to Tems and Conditions before being allowed access. Hopefully sooner than later. Sorry, I haven't found anything detailing what has been changed/fixed between versions. It would be nice to know that.
  19. Does anyone ever read the Stickies, the Announcements, or even the Table of Contents? In the Announcement section at the very top of the forum index: Here is the link: http://www.lavasoftsupport.com/index.php?showforum=46 I certainly apologize if the forum doesn't meet your expectations. Most of us assisting here are volunteers and, hey, what can you expect with free help?
  20. Guten Tag, Stony! Enshultige mich, bitte, denn mein Deutsch ist nicht so gut also. Ich hoffe dass ich ihre Frage verstehen habe. Ich denke dass Sie fur die Ad-Aware2007 fur Vista32 bis August (vielleicht) aufwarten mussen. Denn Sie Windows Vista64 haben, mussen Sie bis spater, vielleicht November?, aufwarten. Vielen Gluck!
  21. False: Administrators may be able to do that. AAW2007 uses the Windows Installer to install. If you check the file permissions for the installer you will see that only Administers and System have any permissions whatsoever. If an LU can't run the installer he/she can't install it anywhere.
  22. Limited Users do not have write permission to \Program Files\ so can't install software of any variety. More to the point, though, is that if AAW is run under LU ownership it will be ineffective at cleaning anything other than what is in the \Documents and Settings\{uname}\ folder since that is the only area to which an LU has write permissions. With the service starting at boot and running under System ownership a LU can open the GUI and use it to relay instructions to the service.
  23. The program has no rights whatsoever, but inherits permissions from the owner of the process. Yes, as a member of the Administrators group a user can start, stop, and install programs/processes. However, if the service is not previously running a Limited User will be unable to start the service meaning that they can't perform a scan. They would likewise be unable to stop the service after scanning.
  24. Anytime, bugbatter. A really interesting question is: "What effect does changing the startup mode of the service have on scanning in safe mode, if any?" I have heard that since a² went to the GUI/service model that their service starts even in safe mode and that you can then use the tool with the GUI in safe mode. I see that as a real advantage. The question is whether AAW2007 behaves similarly.
  25. I saw the announcement about 0004.0000 being available briefly but then it disappeared. I believe that it was posted in error and then withdrawn as there was no corresponding announcement for an update to the SE definitions. You can normally get the latest definition file as a download at the Research Center (upper RH sidebar). At this point only the latest SE definition file is available so I presume that they have not yet integrated the 2007 defs in that page. Just out of curiosity, what is the difference in your case between downloading through the program and downloading from a link? There have been a couple of posts about this. The service is at while the GUI is still at