False Positive? Adware.Gdown with AOL?

This morning I ran an update and found the following:


c:\program files\common files\AolCoach\en_eng\GTDownAO_106.ocx

Adware.Gdown.


Legit or FP?

 

Good question.

Have you tried to upload it to e.g. Jotti.

Regards
ericfr

 

No i haven't uploaded it. Based on Ewido's response time it would probably be sometime next year until I heard back from them. This type of support is poor.

 

http://virusscan.jotti.org/

 

Thanks for the site-great to bookmark...all found nothing except

Dr.Web Found Adware.Gdown

 

Please send this file to submit@ewido.net so that we can check it and put it on the whitelist.

Thank you.

 

I just did a fresh install of the AOL software and Ewido 4.0 yesterday. The Ewido scan yesterday did not detect this, but today it did.
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:05:54 PM 6/24/2006

+ Scan result:



C:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx -> Adware.Gdown : No action taken.
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/core.cab\GTDOWNAO_106.ocx -> Adware.Gdown : No action taken.


::Report end

I'm laughing because I know AOL uses adware or consumerware. I just don't know if this is the right file to detect as adware. I wonder if the AOL software will work without it

 

BTW, I also have a false positive, can I submit it directly from Ewido 4? how?

 

No, unfortunately it is not possible. But a nice idea. ^^
I'll take a look if we can add such a feature in a later version (some time)



BR

 

6/25/2006 Past couple days need to repeat restores to connect internet:
AVG free does not find virus:

Long ago removed AOL down to pesky remnants; so I wondering if is safe or needed to remove the whole archive where ewido found 4 instances of Gdown and does whole archive imply auto removal of entire C:\ DocumentsandSettings\AllUsers\Application\Data or just the AOL part.

Have not been creating new restore point because, ewido gives this warning: cannot remove embedded in archive: C:\DocumentsandSettings\AllUsers\Application\Data\Aol\Downloads\
aolcom_setupSTUS\comp\coach\aolcinst.exe
Then showed guestion: Do you want to remove the whole archive?

ewido also found and cleaned TrackingCookie.Tacoda: Mzilla.32 in C:\Documentsandsettings\(MyID)\Application\Data\Mozilla\Firefox\Profiles\5ma60635.default\cookies.txt

As before after this mornings restore, AdAware repaired couple of note pad vendibilities:
obj[0]=RegData: regfile\shell\open\command ""
obj[1]=RegData: scrfile\shell\open\command ""

 

Yes The AOL program will work fine. The coach is only required if you want to use their 'computer check-up' program. Hope this helps