adware.roguesuspect FP?

tetonbob · #1 June 7th, 2007, 08:19 PM

Only other items are cookies. I'm not sure what to make of this....

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:41:23 AM 6/7/2007

+ Scan result:

HKLM\SYSTEM\CurrentControlSet\Enum\USB\Vid_05e3&Pid_0701\5&2f058105&0&2\\Class -> Adware.RogueSuspect : Ignored.

karl.ewido · #2 June 8th, 2007, 02:55 AM

This is a false detection. It will be fixed with the next signature Update.

tetonbob · #3 June 8th, 2007, 08:52 AM

Thanks, Karl. Thought as much....good to have it confirmed.

mitsd · #4 June 18th, 2007, 03:07 PM

I seem to have the same problem, but it wasn't fixed with the new signature update. Is there a chance it could be something else

Anakin · #5 June 18th, 2007, 08:15 PM

I installed the 64bit version of Windows Vista Home Premium. After the install I did a full scan with AVG Internet Secuity, same software made by the people who created Ewido. It found no threats. I ran the Windows Vista update, rebooted my machine ran another system scan and it found the following.

Adware.IEPlugin, Adware.BonziBuddy Family, Adware.Webhancer, Adware.RogueSusect. These were never picked up until I ran Windows update.

It does not detect files only registry entries relating to HKLM\Software\WOW6432Node. When quarantined it shows the file as W_item_file_emtpy with no file size. I feel its AVG being to fussy. I even downloaded ErrorDoctor from the official site, after installation I ran the exe file and AVG detected it as being Adware.

AVG antispyware does not pick these entries up, neither does Windows Defender or Spybot S&D.

I have the latest updates.

karl.ewido · #6 June 19th, 2007, 02:53 AM

If you scan again with the AVG Internet Secuity can you please post here a scan log so that we can see which entries have been detected.

And if you scan with an updated AVG AS, if there are also any detected entries (do not remove) just post here also a Scan Report Log.

Anakin · #7 June 19th, 2007, 06:36 PM

Everytime I get an AVG update the names change etc.

"Dialer.Generic Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Microsoft\MediaPlayer\Battery\Presets\Smoke or Water\PreShiftInfo\0\" "19/06/2007 10:31:29" "dbl1" "N/A"

"Adware.BonziBuddy Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Classes\
Interface\{6F10711F-729B-41E5-93B8-F21D0F818DF1}\" "19/06/2007 23:12:41" "@VV_Item_File_Empty" "N/A"

"Adware.WebHancer Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Classes\CLSID\{777BA8E5-2498-4875-933A-3067DE883070}\" "19/06/2007 23:12:41" "@VV_Item_File_Empty" "N/A"

"Adware.Delfin Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\ahead\Installation\Families\Nero 7\FeatureStates\" "19/06/2007 23:13:03" "IncludeDolbyRelatedFilesDSFilterD60B1DBA3E66CAD60B1DBA" "N/A"

"Adware.RogueSuspect Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Classes\Interface\
{9A50588E-FA80-4509-B345-664110225322}\" "19/06/2007 23:13:06" "NumMethods" "N/A"

"Adware.RogueSuspect Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Classes\CLSID\{4b6657e4-b973-46cd-9bb3-6e5ebd82448f}\InprocServer32\" "19/06/2007 23:13:06" "ThreadingModel" "N/A"

Anakin · #8 June 25th, 2007, 04:37 AM

Im still getting these FP when I scan. Is Grisoft/Ewido going to look into this.

karl.ewido · #9 June 25th, 2007, 07:13 AM

Yes we going to look into this and try to reproduce this detection.
Do you really use the latest updates for the AVG AS?
If not, please update and scan again the Registry and check if you still get the Adware.RogueSuspect detections.

DHoory · #10 June 25th, 2007, 12:35 PM

I get the exact same results every time i run the complete test on Windows Vista Ultimate 64.

Anakin · #11 June 25th, 2007, 06:17 PM

Quote:

Originally Posted by DHoory

I get the exact same results every time i run the complete test on Windows Vista Ultimate 64.

Well thank god it aint just me.

karl.ewido, AVG AS does not pick it up, its when I run a full scan including registry using AVG Internet Security it picks the FP's, Im using the latest sigs.

pokjo · #12 July 3rd, 2007, 08:06 AM

I too am running Vista Ultimate x64 and have the same issue. I cannot wait until some one is able to resolve this.

I haven't even been able to find any information about how to deal with these possible threats that AVG has found.

So thank you to every one that may be working on this for us.

Pokjo

scurlockjr · #13 July 14th, 2007, 07:57 AM

I too am also receiving the same reports of the various spyware that Anakin listed - BonziBuddy, Webhancer, Generic.Dialer, etc.

All are located in the registry in the HKLM Wow6432Node.

Running Vista 64 Business and AVG Antimalware 7.5 - both AVG and Vista updates are current.

This 1st happened a few weeks back. AVG could detect (after a very lengthy registry scan) the spyware but unable to remove it. Ran a system restore which cleared out the bad entries.

Reconfigured the login on system to be restricted. Have not logged in w/ admin rights since that time, but lo and behold, ran a scan this morning and found the same registry keys reporting infected again.

Does anyone have an update on when/if Grisoft will address the issue?

Thanks,
Daniel

zappb · #14 August 6th, 2007, 12:55 PM

same problem here

Avg found 4 different malwares

These are found when scanning the Registry (a very long scan as well ( like an hour or so) ).

Adware.IEPlugin
Adware.Bonzibuddy
Adware.WebHancer
Dialer.generic

There are in the x64bit section of the registry...

no idea what to do, AVG can't repair it or move it to the vault.

Anakin · #15 August 29th, 2007, 01:31 PM

Guys

Looks like this has now been sorted. I did a complete scan using the latest AVG Internet Security updates and it no longer comes up

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search