adware.roguesuspect FP?

Discussion in 'ewido anti-spyware forum' started by tetonbob, Jun 7, 2007.

Thread Status:
Not open for further replies.
  1. tetonbob

    tetonbob Spyware Fighter

    Joined:
    Dec 1, 2004
    Posts:
    94
    Only other items are cookies. I'm not sure what to make of this....

    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 11:41:23 AM 6/7/2007

    + Scan result:



    HKLM\SYSTEM\CurrentControlSet\Enum\USB\Vid_05e3&Pid_0701\5&2f058105&0&2\\Class -> Adware.RogueSuspect : Ignored.
     
  2. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    This is a false detection. It will be fixed with the next signature Update.
     
  3. tetonbob

    tetonbob Spyware Fighter

    Joined:
    Dec 1, 2004
    Posts:
    94
    Thanks, Karl. Thought as much....good to have it confirmed.
     
  4. mitsd

    mitsd Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    1
    I seem to have the same problem, but it wasn't fixed with the new signature update. Is there a chance it could be something elseo_O
     
  5. Anakin

    Anakin Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5
    I installed the 64bit version of Windows Vista Home Premium. After the install I did a full scan with AVG Internet Secuity, same software made by the people who created Ewido. It found no threats. I ran the Windows Vista update, rebooted my machine ran another system scan and it found the following.

    Adware.IEPlugin, Adware.BonziBuddy Family, Adware.Webhancer, Adware.RogueSusect. These were never picked up until I ran Windows update.

    It does not detect files only registry entries relating to HKLM\Software\WOW6432Node. When quarantined it shows the file as W_item_file_emtpy with no file size. I feel its AVG being to fussy. I even downloaded ErrorDoctor from the official site, after installation I ran the exe file and AVG detected it as being Adware.

    AVG antispyware does not pick these entries up, neither does Windows Defender or Spybot S&D.

    I have the latest updates.

    :eek:
     
  6. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    If you scan again with the AVG Internet Secuity can you please post here a scan log so that we can see which entries have been detected.

    And if you scan with an updated AVG AS, if there are also any detected entries (do not remove) just post here also a Scan Report Log.
     
  7. Anakin

    Anakin Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5
    Everytime I get an AVG update the names change etc.

    "Dialer.Generic Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Microsoft\MediaPlayer\Battery\Presets\Smoke or Water\PreShiftInfo\0\" "19/06/2007 10:31:29" "dbl1" "N/A"

    "Adware.BonziBuddy Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Classes\
    Interface\{6F10711F-729B-41E5-93B8-F21D0F818DF1}\" "19/06/2007 23:12:41" "@VV_Item_File_Empty" "N/A"

    "Adware.WebHancer Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Classes\CLSID\{777BA8E5-2498-4875-933A-3067DE883070}\" "19/06/2007 23:12:41" "@VV_Item_File_Empty" "N/A"

    "Adware.Delfin Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\ahead\Installation\Families\Nero 7\FeatureStates\" "19/06/2007 23:13:03" "IncludeDolbyRelatedFilesDSFilterD60B1DBA3E66CAD60B1DBA" "N/A"

    "Adware.RogueSuspect Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Classes\Interface\
    {9A50588E-FA80-4509-B345-664110225322}\" "19/06/2007 23:13:06" "NumMethods" "N/A"

    "Adware.RogueSuspect Family" "System registry HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\Wow6432Node\
    Wow6432Node\Classes\CLSID\{4b6657e4-b973-46cd-9bb3-6e5ebd82448f}\InprocServer32\" "19/06/2007 23:13:06" "ThreadingModel" "N/A"
     
    Last edited by a moderator: Jun 19, 2007
  8. Anakin

    Anakin Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5
    Im still getting these FP when I scan. Is Grisoft/Ewido going to look into this.
     
  9. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Yes we going to look into this and try to reproduce this detection.
    Do you really use the latest updates for the AVG AS?
    If not, please update and scan again the Registry and check if you still get the Adware.RogueSuspect detections.
     
  10. DHoory

    DHoory Registered Member

    Joined:
    Jun 25, 2007
    Posts:
    1
    I get the exact same results every time i run the complete test on Windows Vista Ultimate 64.
     
  11. Anakin

    Anakin Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5
    Well thank god it aint just me.

    karl.ewido, AVG AS does not pick it up, its when I run a full scan including registry using AVG Internet Security it picks the FP's, Im using the latest sigs.
     
  12. pokjo

    pokjo Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    1
    Location:
    V.A.
    I too am running Vista Ultimate x64 and have the same issue. I cannot wait until some one is able to resolve this.

    I haven't even been able to find any information about how to deal with these possible threats that AVG has found.

    So thank you to every one that may be working on this for us.


    Pokjo
     
  13. scurlockjr

    scurlockjr Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    1
    I too am also receiving the same reports of the various spyware that Anakin listed - BonziBuddy, Webhancer, Generic.Dialer, etc.

    All are located in the registry in the HKLM Wow6432Node.

    Running Vista 64 Business and AVG Antimalware 7.5 - both AVG and Vista updates are current.

    This 1st happened a few weeks back. AVG could detect (after a very lengthy registry scan) the spyware but unable to remove it. Ran a system restore which cleared out the bad entries.

    Reconfigured the login on system to be restricted. Have not logged in w/ admin rights since that time, but lo and behold, ran a scan this morning and found the same registry keys reporting infected again.

    Does anyone have an update on when/if Grisoft will address the issue?

    Thanks,
    Daniel
     
  14. zappb

    zappb Registered Member

    Joined:
    Aug 6, 2007
    Posts:
    1
    same problem here

    Avg found 4 different malwares


    These are found when scanning the Registry (a very long scan as well ( like an hour or so) ).

    Adware.IEPlugin
    Adware.Bonzibuddy
    Adware.WebHancer
    Dialer.generic

    There are in the x64bit section of the registry...

    no idea what to do, AVG can't repair it or move it to the vault.
     
  15. Anakin

    Anakin Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5
    Guys

    Looks like this has now been sorted. I did a complete scan using the latest AVG Internet Security updates and it no longer comes up
     
Thread Status:
Not open for further replies.