|
|
#1
September 23rd, 2009, 11:36 AM
|
||||
|
||||
'Exact Audio Copy' detected as- variant of Win32/Adware.ADON
Why does NOD32 detect the installer (eac-0.99pb5.exe; MD5:b20c5add30b64f09fffacf010c4d3f15) of the latest version of 'Exact Audio Copy' (V0.99 prebeta 5) as a variant of Win32/Adware.ADON?
Snip: Link to adware removed. Marcos
__________________
Comodo Internet Security – Free Security Last edited by Marcos : September 23rd, 2009 at 11:50 AM. |
|
#2
September 23rd, 2009, 11:52 AM
|
|||
|
|||
Re: 'Exact Audio Copy' detected as- variant of Win32/Adware.ADON
The package contains the file ebayshortcuts.exe which is currently classified as adware but actually has a more trojan-like behavior as it doesn't inform the user about redirection to ebay through a 3rd party site.
|
|
#3
September 23rd, 2009, 12:58 PM
|
||||
|
||||
|
Re: 'Exact Audio Copy' detected as- variant of Win32/Adware.ADON
Thanks Marcos.
__________________
Comodo Internet Security – Free Security Last edited by Anonymous696 : September 23rd, 2009 at 03:25 PM. Reason: Removed misinformation; read my next post. |
|
#4
September 23rd, 2009, 03:15 PM
|
||||
|
||||
|
Re: 'Exact Audio Copy' detected as- variant of Win32/Adware.ADON
Me again.
After finding out the installer for EAC(Exact Audio Copy) 0.99 prebeta 4 is also detected by NOD32 as a variant of Win32/Adware.ADON, I did some testing (using Sandboxie and CIS(COMODO Internet Security)'s D+). [EAC 0.99 prebeta 4] During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\AD ON Multimedia\eBay Shortcuts\". [EAC 0.99 prebeta 5] During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\Desktopicon\". In conclusion, if the user un-checks the option box for 'eBay Icon' during installation, eBayShortcuts.exe isn't installed. PS. I also tested EAC 0.99 prebeta 3's installer, and found it not to have this 'eBay Icon' (eBayShortcuts.exe). NOD32 (correctly) doesn't detect EAC 0.99 prebeta 3's installer as a positive.
__________________
Comodo Internet Security – Free Security |
|
#6
September 23rd, 2009, 03:35 PM
|
||||
|
||||
|
Re: 'Exact Audio Copy' detected as- variant of Win32/Adware.ADON
Thanks again, Marcos.
Quote:
This part isn't needed, if... Quote:
__________________
Comodo Internet Security – Free Security |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
