A-Squared Fishy Positives...

Happy New Year !

I now have serious reservations concerning A-Squared Free in view of the following facts:

I have used Emisoft A-Squared Free on and off for years with only minor glitches.

Recently, Emisoft started posting reminders to purchase their paid A-Squared Anti-Malware at the start of each scan.

Since November, at the start of a full scan, Emisoft's A Squared Free instantly reported a malware warning labelled "Trace.Registry.180searchAssistant!A2"

At the end of the scan, A-Squared Free would neither quarantine nor delete this reported malware although I ran the full scan twice.

When I went to Emisoft's support venue to find a solution, Emisoft instructed me to download and install their A-Squared Anti-Malware ($40.00 if purchased) and to run that program's full scan.

After having performed a full scan, A-Squared Anti-Malware failed to report finding the "Trace.Registry.180searchAssistant!A2" malware or any other malware and, instead, gave my computer a clean bill of health.

I then reinstalled A Square Free and immediately got the "Trace.Registry.180searchAssistant!A2" warning at the very beginning of the full scan.

I then ran full scans of my computer using SUPERAntiSpyware and Malwarebytes Anti-Malware both of which found no malware.

I also ran full scans with Microsoft's Security Essentials which also found no malware.

I formatted all partitions of my first hard drive and reinstalled Windows 7 64 after having fully scanned my second drive which was reported clean.

I find it most curious that neither my most reliable Avast Pro, nor Microsoft Security Essentials nor SuperAntiSpyware nor Malwarebytes or even A-Squared Anti-Malware ITSELF reported finding the "Trace.Registry.180searchAssistant!A2" malware while only A Squared Free found that item, refused to quarantine or delete it and, instead, sent me to Emisoft's paid version for remedy ....

I have completely removed all entries for A Squared (Free and Paid) from my computers.

Would anyone care to offer an appreciation of these facts?

Thank You.

 

It's disconcerting. That looks like rogue behaviour.

In the past, when A2 didn't have the Ikarus AV engine, the free online scan did sometimes detect cookies. If three (?) or more 'threats' were found I was urged to install A2, I don't know whether it was a free version or not.

Of course, this may not be what it looks like.

Maybe it's an innocent false positive.

A quick check for '180searchassistant', and I found a reference (http://en.wikipedia.org/wiki/180SearchAssistant) to Zango.

Do you perhaps have any toolbars, in particular the ASK toolbar/search assistent ? Perhaps the free version includes an ASK toolbar, which the paid version doesn't detect ? Maybe the paid version installs a toolbar but doesn't detect it ?

Btw, have you downloaded both the free and the paid version from the vendor's website ? Programs on third-party websites can be rogue or infected.

Just some suggestions.

 

Thank you Fly for taking time to reply.

Yes, I installed and fully scanned my computers with both A-Squared Free and A-Squared Anti-Malware.

Only A-Squared Free reports the presence of "Trace.Registry.180searchAssistant!A2".

A-Squared Free keeps reporting the "Trace.Registry.180searchAssistant!A2"
even when scanning after I have just completed a full A-Squared Anti-Malware scan which reported no malware.

I am also puzzled by the fact that the suffix after the exclamation mark is "A2" whereas nearly all ""Trace.Registry.180searchAssistant!" searches in the web are suffixed, as you state, with "Zango".

By the way, I never install toolbars as I like to maximize available screen area.

I am therefore inclined to assume that the trace malware is put there by Emisoft itself.

Please let me have your opinion on this.

Thank You.

 

Can you copy the detected registry entry here?

It might help, as I doubt that Emsi would be intentionally introducing bogus registry entries. More than likely it's a false positive.

Note I am not asking for hijackthis logs or such, just that you copy that specific registry entry here?

And you should contact them yourself, since their products can not agree on detections

Free and full version should have same detections.

 

Greetings Lordpake,

A search of the registry through regedit produced no entry for anything like "Trace.Registry.180searchAssistant!A2".

The only reference provided by Emisoft's A-Squared Free scanner is the one inserted in the list of detected items and is exactly as quoted earlier namely ""Trace.Registry.180searchAssistant!A2" without any other information.

I did submit the problem to Emisoft and was directed to intall
their A-Squared Anti-Malware paid software as a remedy.

As detailed earlier, that did not work either as A-Squared Anti-Malware did not even find the malware reported by A-Squared Free.

Furthermore, Emisoft support did not answer my question directly but rather posted instructions to submit logs without providing any usable answers to the general public on their fora.

I was hoping that someone else could help determine what is going on with A-Squared as I had got used to the vaunted reliability of that software....

Thanks for providing additional info.

 

I run A2AM on this PC so I ran scans with that and the USB version of A2 free and didn't get anything flagged up.

Since the 2 products use the same signatures the only theory I can come up with is that,in your case,the detection from the free version is a FP which isn't replicated in A2AM due to the Mamutu component giving it a clean bill of health.

 

Without A2 installed, A2 free installed, A2 paid installed.
Can you run Hijackthis for those three ? Don't post the log, it would get this thread closed !

Do you see any toolbar, and if so, which ones ?
Do you see anything else that's odd ?
If you want, you can PM me a Hijackthis log, but I can't guarantee I'll have the time to analyze it.

Another, simpler, suggestion: install free A2, and run the free trial version of Counterspy. I haven't used it for a while, but it used to be good at cleaning up spyware and adware.

 

To Fly...

I will follow-up on all three of your suggestions starting with re-installing A2Free and running Counterspy.

Will report the results with my thanks for your knowledgeable help.

Alain.

 

Well he just reformatted and reinstalled, then what good is running counterspy?

 

He wants to find out something about A2 ?

 

Oh ok, well I am kind of curious to hear if there ever was a final solution/answer to this whole weird issue.