BOClean, spysweeper detects adware

Hi, i`ve just done a scan with webroots spysweeper, and it has come upwith a result

Adware detected

Adware- Type-Keenvalue

c:\documents and settings\all users\start menu\programs\boclean\updater.lnk




Description:

Name:
   

KeenValue

Author:
   

EUniverse, Inc.

Category:
   

Adware

Threat Assessment:
   

Low



Description:

KeenValue is an adware program that collects personal information and delivers advertisements to your computer.

Characteristics:

KeenValue displays targeted advertisements on your computer in the form of pop-up windows, pop-up slider windows, embedded advertisements, and Web links in the form of desktop icons and installation files. The adware program also collects personal information including your name, country, zip code, IP address, system settings, what software is on your computer, terms entered into search engines and Web surfing activities. In addition, KeenValue has an auto update feature that allows the program to silently update itself and install other third party software applications.

Method of Infection:

KeenValue is bundled with a cursor-download program from MyFreeCursors.com and the PowerSearch Toolbar by InfoBeat.

Additional Comments:

None.






Now i presume that this must be a false result.

I have also done a scan with adaware and that came up clean.

 

Hi Tony,

Welcome at Wilders.

If you could send a copy of that file to the address in my profile I'd be happy to contact both developers for you.

Regards,

Pieter

 

BOclean was contacted and Nancy read this post when first made if that helps duplication..I know no one at the other vendor spysweeper.

 

Hi John,

I'm sure Nancy can confirm if it is the original file and we would be sure it´s a f/p, but that would not solve the problem. More people might be in for a scare or even take a wrong turn and decide to delete the file.

Regards,

Pieter

 

Greetings, all ... just got in, long night last night ...

A *.LNK file, eh? LNK files are "shortcut" files containing an icon and a pointer to where the actual file is located so that when clicked on, it runs the file. So the first step is amusing in that LNK files are not executables, but rather pointers to a file.

So what I'd suggest is submitting a copy to webroot for evaluation (it'll help them fix their problem) and if you could, send ME a copy of that as well. Since the LNK file will point to a file called BOC4UPD.EXE (BOClean's autoupdater module) in your BOClean folder, might as well send this file along as well. Dunno if Spysweeper resolved the link, but this is the file that link would resolve to.

Pretty sure it's a false positive though since BOClean would be a bit miffed at having one of its files tampered with.

 

Thanks for all of the replies

When i try and attach the file to send via email, outlook tells me that i cannot send a folder ??

If i go straight to the file then it connects to the update.

Mind you i`ve had a few as i finally start my holidays today, so i`m most likely making a complete plonker of myself

Kevin, is it possible for you or anyone else (who`s a bit more computer literate than me)to download the trial version and see if the results are the same as mine.

Thanks, if not, then i`ll try again tomorrow when i`ve a little clearer head.

 

I just ran a trial copy of Spysweeper and did not get the same results.
The only thing it found was some cookies. it does not find all cookies.
Nice looking program though

con

 

Con you are one handy leghorn to have around the chicken coop to clear the Fog.

Don't stand there gawkin' son, speak up.


@ Tony


By chance when you ran this spysweeper (and we know you have BOClean)..do you also have any other real time guards of other types of security programs running also a the same time ?


How about a list of what you do have that might fit that category..I have an idea..but it could just be a brain fart.

 

hey primerose

well ok ,, for my current config i am running XP Pro with all the updates,
KAV Beta, A2 personal Beta and Bo Clean behind an actiontec gateway
with internal firewall set to medium, and Look & Stop firewall.
To run this test I installed the trial of Spysweeper but I had all other real time dissabled.

con

 

When i first scanned i had
BOClean
AMON (NOD32)
Outpost firewall
And Spysweeper of course running.

Later there was an update for Spysweeper, so after downloading the updates i closed all running programs and did a second sweep.
Spysweeper produced the same results.

 

I have now sent the attachment to Kevin and await his results.

Last night however just before shutting down the computer, i quarantined the suspected file to see if Boclean and the updater worked as normal.
This morning a few minutes after booting up, BOClean auto update notified me that an update was available and updated as normal.

I have now restored the file until Kevin advises what to do with it.

 

Hi Tony,

Humor me and turn off your AMON (NOD32) and then do exactly the same you did in the first post of this thread and see if that spyweeper still detects the same.

Then of course I have no idea how you have BOClean set up when you are scanning with the spysweeper.

Is BOClean also then.. at the same time.. checking on action of the spysweeper ?

 

I have the full paid for version of Spy Sweeper. It picks up my BOClean Updater.lnk file as Keen value ad-aware. I think the evaluation copy has fewer than 10,000 signatures, where as the full version with 'all' the updates has over 17,000 signatures. This may be why the evaluation copy didn't pick it up. The signature that flags up the alert is in the extra signatures( calculated guess ). I am 99.99% sure of it being a FP.

Oric

 

I`ve received Kevins reply via email

Thanks Kevin
And thanks for everyones replies

Happy new year.

 

Spy Sweeper has just been updated. Has the FP been resolved now?

muf

 

With the latest update spysweeper reports system all clean