adware.roguesuspect FP?

Only other items are cookies. I'm not sure what to make of this....

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:41:23 AM 6/7/2007

+ Scan result:



HKLM\SYSTEM\CurrentControlSet\Enum\USB\Vid_05e3&Pid_0701\5&2f058105&0&2\\Class -> Adware.RogueSuspect : Ignored.

 

This is a false detection. It will be fixed with the next signature Update.

 

Thanks, Karl. Thought as much....good to have it confirmed.

 

I seem to have the same problem, but it wasn't fixed with the new signature update. Is there a chance it could be something else

 

I installed the 64bit version of Windows Vista Home Premium. After the install I did a full scan with AVG Internet Secuity, same software made by the people who created Ewido. It found no threats. I ran the Windows Vista update, rebooted my machine ran another system scan and it found the following.

Adware.IEPlugin, Adware.BonziBuddy Family, Adware.Webhancer, Adware.RogueSusect. These were never picked up until I ran Windows update.

It does not detect files only registry entries relating to HKLM\Software\WOW6432Node. When quarantined it shows the file as W_item_file_emtpy with no file size. I feel its AVG being to fussy. I even downloaded ErrorDoctor from the official site, after installation I ran the exe file and AVG detected it as being Adware.

AVG antispyware does not pick these entries up, neither does Windows Defender or Spybot S&D.

I have the latest updates.

 

If you scan again with the AVG Internet Secuity can you please post here a scan log so that we can see which entries have been detected.

And if you scan with an updated AVG AS, if there are also any detected entries (do not remove) just post here also a Scan Report Log.

 

Everytime I get an AVG update the names change etc.

"Dialer.Generic Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Microsoft\MediaPlayer\Battery\Presets\Smoke or Water\PreShiftInfo\0\" "19/06/2007 10:31:29" "dbl1" "N/A"

"Adware.BonziBuddy Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Classes\
Interface\{6F10711F-729B-41E5-93B8-F21D0F818DF1}\" "19/06/2007 23:12:41" "@VV_Item_File_Empty" "N/A"

"Adware.WebHancer Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Classes\CLSID\{777BA8E5-2498-4875-933A-3067DE883070}\" "19/06/2007 23:12:41" "@VV_Item_File_Empty" "N/A"

"Adware.Delfin Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\ahead\Installation\Families\Nero 7\FeatureStates\" "19/06/2007 23:13:03" "IncludeDolbyRelatedFilesDSFilterD60B1DBA3E66CAD60B1DBA" "N/A"

"Adware.RogueSuspect Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Classes\Interface\
{9A50588E-FA80-4509-B345-664110225322}\" "19/06/2007 23:13:06" "NumMethods" "N/A"

"Adware.RogueSuspect Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
Wow6432Node\Classes\CLSID\{4b6657e4-b973-46cd-9bb3-6e5ebd82448f}\InprocServer32\" "19/06/2007 23:13:06" "ThreadingModel" "N/A"

 

Im still getting these FP when I scan. Is Grisoft/Ewido going to look into this.

 

Yes we going to look into this and try to reproduce this detection.
Do you really use the latest updates for the AVG AS?
If not, please update and scan again the Registry and check if you still get the Adware.RogueSuspect detections.

 

I get the exact same results every time i run the complete test on Windows Vista Ultimate 64.

 

Well thank god it aint just me.

karl.ewido, AVG AS does not pick it up, its when I run a full scan including registry using AVG Internet Security it picks the FP's, Im using the latest sigs.

 

I too am running Vista Ultimate x64 and have the same issue. I cannot wait until some one is able to resolve this.

I haven't even been able to find any information about how to deal with these possible threats that AVG has found.

So thank you to every one that may be working on this for us.


Pokjo

 

I too am also receiving the same reports of the various spyware that Anakin listed - BonziBuddy, Webhancer, Generic.Dialer, etc.

All are located in the registry in the HKLM Wow6432Node.

Running Vista 64 Business and AVG Antimalware 7.5 - both AVG and Vista updates are current.

This 1st happened a few weeks back. AVG could detect (after a very lengthy registry scan) the spyware but unable to remove it. Ran a system restore which cleared out the bad entries.

Reconfigured the login on system to be restricted. Have not logged in w/ admin rights since that time, but lo and behold, ran a scan this morning and found the same registry keys reporting infected again.

Does anyone have an update on when/if Grisoft will address the issue?

Thanks,
Daniel

 

same problem here

Avg found 4 different malwares


These are found when scanning the Registry (a very long scan as well ( like an hour or so) ).

Adware.IEPlugin
Adware.Bonzibuddy
Adware.WebHancer
Dialer.generic

There are in the x64bit section of the registry...

no idea what to do, AVG can't repair it or move it to the vault.

 

Guys

Looks like this has now been sorted. I did a complete scan using the latest AVG Internet Security updates and it no longer comes up