• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
jeanbal

false positive ?

8 posts in this topic

is it a malware ?

win32tr/-/newmedia

hku s-1-5-18/software/1do-bfc9-00aa005b4383

hkus-1-5-2-365139939/-/tions:nobrowseroption

hku:default/software/-/xplorer/toolbar:locked

hku:s-1-5-18/software/-/xplorer/toolbar:locked

Share this post


Link to post
Share on other sites

Hi jeanbal,

 

Thanks for posting the log file. We will investigate further - if this is a false positive, it will be removed from the detection database.

 

Regards,

 

Andy

Lavasoft Research

Share this post


Link to post
Share on other sites

I ran Ad-Aware 2008 regularly. Today I downloaded and ran for the first time the Ad-Aware Anniversary Edition. It found Win32Tr\.\NewMedia (as did the initial poster). (I think it was a "." and not a "-", but I could be wrong). I allowed the program to delete it and am running a full scan of the hard drive with Ad-Aware (so far it's clean). However I have Norton 360 and keep it up to date so I would be surprised if there were a real threat on this hard drive. Anyway, I felt I should report it here. And I don't know if I can send you the file as an attachment because I am already rerunning Ad-Aware; if it is possible I will attempt to do so.

 

I wish to thank all of you at Ad-Aware / Lavasoft for all of the work you do to supply millions of us with a free tool for identifying and removing cookies and malware. That is increasingly rare in our society and world. I just wish to express my appreciation.

Share this post


Link to post
Share on other sites

@RDR - thanks for your report and kind words. We really appreciate it!

 

@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!

 

Regards,

 

Andy

Lavasoft Research

Share this post


Link to post
Share on other sites
@RDR - thanks for your report and kind words. We really appreciate it!

 

@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!

 

Regards,

 

Andy

Lavasoft Research

 

OK, I hit the same false positive and followed the recomenation to quarantine. What's to be done now. Should it be restored or just left alone?

Share this post


Link to post
Share on other sites

I believe this one was resolved in a subsequent update. Moving this topic to the *Resolved* section (read only).

 

If you are still having a problem, please post a new topic so we can take a fresh look at it.

 

For posting about False positives, please use this Guide

http://www.lavasoftsupport.com/index.php?showtopic=18033

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0