Dr.Web: Real Malware or False Positives

Discussion in 'other anti-virus software' started by RCGuy, Sep 12, 2008.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hello, everyone. I recently ran a Dr.Web scan in safe mode and came up with a ship load of malware( and please excuse my censored, euphemized French ;) ) and would like to know if anyone could tell me if Dr.Web detected real malware of false positives. Also, a lot of the malware came from AOL and some of it came from www.answers.com 's "free downloads and add-ons" which includes their 1-Click Answers.

    http://www.answers.com/main/product_info.jsp

    Below is a screenshot of scan report. Also, any help would be appreciated and I hope that this thread wasn't similar to a HijackThis thread and shouldn't have been posted in this forum.
     

    Attached Files:

    Last edited: Sep 12, 2008
  2. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Additionally, now(after the Dr.Web scan) whenever I boot up or turn off my computer, I get this 1-Click Answers error message.

    P.S. For some reason I couldn't upload my image attachment.
     
    Last edited: Sep 12, 2008
  3. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Try to upload the samples to VirusTotal.com or virusscan.jotti.org
    If most scanners there also flag it as the same malware, you can be sure its a infection. Else its a FP.
     
  4. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I'd say the Adware detection is correct, but you should send those "probably .." and ".origin" detections to Dr.Web and let them correct if they are false positives. Those are detections from the heuristic analyzer.

    You should search for the Dr.Web quarantine folder, tick it to show hidden objects, then pack all objects to either .rar or .zip and upload from here: http://support.drweb.com/sendnew/

    The quarantine folder is probably named as "infected.!!!"
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    lol the dreaded AOL files,

    over the years, some people have had different thoughts about whether they should be detected or not, on the whole id say no, they shouldn't be, however... AOL are able to remotely change and connect to your computer so i sense some kind of backdoor, and obviously AOL collect information from their software about all its users, so there is a little spyware too, nothing malicious just how AOL act, over the years there have been mixed comments on here whether they should be detected or not.

    if in doubt, click the click within the software to send in the samples to drweb for analysis, or vms@drweb.com
     
  6. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Sorry about taking so long to get back to this thread. But anyway, I tried the two applications above and the Dr.Web scan report came up clean.
     
  7. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Anymore, whenever I try to scan with Dr.Web, my computer locks up. Therefore, I am about to uninstall Dr.Web. Also, hopefully I will be able to reverse the changes that Dr.Web did to my computer. Especially on the answers.com add ons.
     
  8. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Re: HELP!!!!

    Does anyone know how to uninstall Dr.Web and to undo it's effects?

    ....I want my answers.com add-ons back! :(
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Re: HELP!!!!

    Without a backup image, I think it's not possible to undo what an antivirus might have modified. If you use 'System Restore' and have set a restore point at the time or previously downloading Dr.Web, you might have a chance to recover a lot of changes.
     
  10. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Re: HELP!!!!

    Thanks. But I'm wondering if a reinstallation of the answers.com add-ons would solve the problem or if the blocking/neutralization of Dr.Web would continue to apply to a reinstallation. Anyone have any thoughts on this?

    P.S. BTW, can Dr.Web be uninstalled?
     
  11. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Re: HELP!!!!

    Well, I finally used System Restore(although, for some reason, twice it wouldn't restore o_O ), but I didn't go back to when I previously downloaded Dr.Web, and also the changes weren't undone. However, I just went ahead and reinstalled the answers.com add-ons.
     
  12. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Re: HELP!!!!

    Do yourself a favor and invest in a disk imaging program which not only will save your files, but it is the ultimate security measure if any malware trashes your system. I had two hard disk failures in 5 years and I simply restored an image to the new hard drive, and everything was as it was before the crash. I believe you are taking big risks if you don't image your drive on a regular basis.
     
  13. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Re: HELP!!!!

    I will look into that. Thanks.
     
Loading...
Thread Status:
Not open for further replies.