Ad-Aware SE False Positives - July 7 Defs

Discussion in 'other anti-malware software' started by FanJ, Jul 7, 2005.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Hi,

    The Ad-Aware SE July 7 Defs might give you some False Positives.
    In particular on W98 - ME.

    Lavasoft is looking at it.

    The FP's on W98SE:

    ===
    Name:Dialer
    Category:Dialer
    Object Type:RegValue
    Size:1 Bytes
    Location:.DEFAULT\software\microsoft\windows\currentversion\run ""
    Last Activity:7-7-05
    Relevance:Low
    TAC index:5
    Comment:""
    Description:Generic dialer, installed unsolicited.

    Name:Dialer
    Category:Dialer
    Object Type:RegValue
    Size:1 Bytes
    Location:software\microsoft\windows\currentversion\run ""
    Last Activity:7-7-05
    Relevance:Low
    TAC index:5
    Comment:""
    Description:Generic dialer, installed unsolicited.

    ===

    Thread at DSLR:
    http://www.dslreports.com/forum/remark,13833729
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Thanks Jan for the heads up :p ;)
     
  3. FanJ

    FanJ Guest

  4. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    I've found that those two false positives, if corrected, result in un-doing 3 Spybot S&D immunizations.

    The false positives are only showing up in the computer with Win98; seems not to be the same in XP Home.
     
    Last edited: Jul 7, 2005
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Do you know which three entries it un-did....and are you sure you are not seeing the known WinMe\98 issue ?

    I am on a Win98 workstation....and after an Adaware scan....the two false positive removals only deleted the associated Run keys as seen with RegMon....no Spybot Immunization(ActiveX, Restricted Sites or Cookie) entries were removed.
     
  6. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Spybot doesn't tell you which immunizations need to be re-done; it only gives you the quantity.

    I didn't see the positives in scans prior to today's update, and that machine gets scanned a couple of times every week. I was able to toggle it back and forth between fixing it in Ad-Aware and re-immunizing it in Spybot a few times. I stopped testing when there seemed no point to checking further. There were no times when it didn't change as I described.

    It's interesting that fixing the two false positives in Ad-Aware un-does three immunizations rather than two. I can't doubt the correlation, unless you can explain it some other way.

    The false positive are dialers.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Very aware of that fact....but on occasions such as this....one has to go that extra step to check the pertinent reg keys to qualify a statement.
    If you take Adaware completely out of the equation and toggle Spybot back and forth....you should see the known Spybot 3 additional products possible immunization problem....as mentioned in the above post.

    That's where we will have to agree to disagree....because the only reg keys removed in regards to Adaware false positives with the 7-7-2005 update are the Local_Machine and .DEFAULT run keys....as seen with Sysinternals RegMon.

    Instead of an explanation....all I can offer is the fact that no ActiveX, Restricted Sites or Cookie entries are removed due to Adaware run key false positives. That fact was obtained by an exportation\comparison of the relevant registry keys of a before and after Adaware fix.

    Unless you can offer further explanation or facts....our mileage simply varies.
     
    Last edited: Jul 7, 2005
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In any case....it's all inmaterial now.

    Re: Ad-Aware SE False Positives - July 7 Defs
     
  9. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    You're the one with the technical expertise. I commented on how things appeared to be, using words like "seemed." I wasn't stating anything beyond what I observed.

    Figured someone would mention it if I misinterpreted, and I appreciate the fact that you did. I don't know which are "the pertinent reg keys," or how to get to them. If I did, I would have checked.

    Spybot keeps losing 3 immunizations without the Ad-Aware scans using the latest definitions, like you said it would. So as it now stands: 1) Ad-Aware has 2 false positives for Win98, 2) Spybot won't hold onto 3 of its immunizations in Win98, and 3) neither instance is cause for me to be concerned. :D
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Same here....and the kewl thing about it is....Lavasoft was made aware of the False positive and fixed it all in the same day :eek:

    Cheers :cool:
     
  11. jayzzz

    jayzzz Registered Member

    Joined:
    Mar 23, 2003
    Posts:
    367
    Location:
    California
    Same day fixes are always good! I just got the update.

    Thanks, again, Bubba. :)
     
Loading...
Thread Status:
Not open for further replies.