• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
PlatinumCS

Two False Positives?

Recommended Posts

Ok, I think I have two false positives here.

 

The two programs are:

 

1) PCPal

2) IconArt

 

 

Thanks for any assistance,

 

 

Here is my log file:

 

--------------------------------------------------------------------------------------------------------------------

Ad-Aware 2007 Build

Log File Created on: 2007-08-01 11:36:27

 

System information

===========================

Number of processors: 1

 

Ad-Aware 2007 Settings

===========================

Skipping files larger than 1048576 kB

Ignoring infections with lower TAI than: 3

 

 

Extended Ad-Aware 2007 Settings

===========================

Unloading known modules during scan

Ignoring spanned files when scanning cab archives

Reanalyzing results after scanning before displaying results

Trying to unload modules prior to removal

Unloading Explorer if necessary during removal

Let Windows remove files currently in use at next reboot

Removing quarantined objects after restore

Deactivating Ad-Watch during scans

Writeprotecting system files after repairs

Include info about ignored objects in log file

Including basic settings in log file

Including advanced settings in log file

Including user and computer name in log file

Notify when Definitions File is outdated

Create and save WebUpdate log file

 

Databaseinfo

===========================

Version number: 12

Build Number: 0

Build Date and Time: 2007/07/31 06:15:42

 

Scan Statistics

===========================

Method: Full

Scan tracking cookies.............................: On

Scan ADS filestreams..............................: Off

 

Item Scanned: 335663

Infections Detected: 7

Infections Ignored: 0

 

Scan detailed statistics

===========================

Type Critical Total

Process Scan....: 0 0

Registry Scan...: 0 0

Registry PE Scan: 0 0

Hosts File Scan.: 0 0

File Scan.......: 0 0

Folder Scan.....: 0 0

LSP Scan........: 0 0

ADS Scan........: 0 0

Cookie Scan.....: 0 0

File Hash Scan..: 4 4

 

Infections Found

===========================

Family Id: 541 Name: Possible Browser Hijack attempt Category: Malware TAI:3

Item Id: 800000725 Value: Browser: Internet Explorer Favorite URL: URL=http://free.aol.com/tryaolfree/index.adp?205493

Item Id: 800000725 Value: Browser: Internet Explorer Favorite URL: URL=http://free.aol.com/tryaolfree/index.adp?205493

Family Id: 229 Name: BroadCastPC Category: DataMiner TAI:7

Item Id: 42157 Value: File: C:\.......................................\IconArt\ia_install.exe

Item Id: 42157 Value: File: C:\...............................\PCPal\pcpal_setup.exe

Item Id: 42157 Value: File: D:\...................................................\IconArt\ia_install.exe

Item Id: 42157 Value: File: D:\...........................................\PCPal\pcpal_setup.exe

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\............................\Recent Count: 5

 

Items Ignored During Scan

===========================

--------------------------------------------------------------------------------------------------------------------

Share this post


Link to post
Share on other sites

Hi PlatinumCS,

 

Thanks for posting your log - I'll check into this to see what's going on.

 

Regards,

 

Andy

Lavasoft Research

Share this post


Link to post
Share on other sites

Hi PlatinumCS,

 

I recreated the Possible Browser Hijack objects (http://free.aol.com/tryaolfree/index.adp?205493) detection which is being identified as a possible problematic URL. That particular site does not pose any threat - in the meantime, I would suggest adding it to the ignore list. We will look at removing it from detection. I also recreated the detection of ia_install.exe - this file does not pose a threat and will be removed from detection.

 

At the time of writing I've been unable to recreate the detection of pcpal_setup.exe - this is because I haven't been able to acquire a sample of the exact same file that was detected on your PC. Would it be possible to email the file to [email protected]? Before mailing it, could I ask you zip the file and password protect it with the password infected? Put 'FAO Andy' in the subject heading too. Thanks!

 

Regards,

 

Andy

Lavasoft Research

Share this post


Link to post
Share on other sites

Hi again,

 

Thanks for sending the file in! All your results have been recreated - the IconArt and PCPal .exe files are not in the detection database. At first glance these appear to regular installer files - in actual fact they are archives, like .zip or .rar files. To illustrate, if you rename the exe files to zip, you can extract them like a zipped file.

 

Within the two installer/archive files was a dll file that was detected by Ad-Aware (Ad-Aware can be configured to scan inside archive files). This dll file is the same as one that is dropped by a BroadcastPC program. Having checked out the dll file further, on its own or when included with legitimate programs, it does not pose a threat to your PC. To be on the safe side, it will be taken out of detection as of the next update.

 

Regarding the detection of the AOL favourite - again, this object is not in the detection database. The reason for it being flagged is due to the pop up that occurs when you go to that particular site rather than the site/favourite being specifically targetted. If you would rather Ad-Aware did not flag this object, as mentioned previously, after you have scanned your PC, you have the choice to put that favourite into your ignore list, unless you would like to remove it.

 

Hope this clears everything up for you!

 

Regards,

 

Andy

Lavasoft Research

Share this post


Link to post
Share on other sites

Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)

 

If you should have any further issues, please feel free to post a new topic.

Share this post


Link to post
Share on other sites
Sign in to follow this