'Exact Audio Copy' detected as- variant of Win32/Adware.ADON

Discussion in 'ESET NOD32 Antivirus' started by Anonymous696, Sep 23, 2009.

Thread Status:
Not open for further replies.
  1. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Why does NOD32 detect the installer (eac-0.99pb5.exe; MD5:b20c5add30b64f09fffacf010c4d3f15) of the latest version of 'Exact Audio Copy' (V0.99 prebeta 5) as a variant of Win32/Adware.ADON?

    Snip: Link to adware removed. Marcos
     
    Last edited by a moderator: Sep 23, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The package contains the file ebayshortcuts.exe which is currently classified as adware but actually has a more trojan-like behavior as it doesn't inform the user about redirection to ebay through a 3rd party site.
     
  3. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Thanks Marcos.
     
    Last edited: Sep 23, 2009
  4. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Me again.

    After finding out the installer for EAC(Exact Audio Copy) 0.99 prebeta 4 is also detected by NOD32 as a variant of Win32/Adware.ADON, I did some testing (using Sandboxie and CIS(COMODO Internet Security)'s D+).

    [EAC 0.99 prebeta 4]
    During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\AD ON Multimedia\eBay Shortcuts\".

    [EAC 0.99 prebeta 5]
    During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\Desktopicon\".

    In conclusion, if the user un-checks the option box for 'eBay Icon' during installation, eBayShortcuts.exe isn't installed.

    PS. I also tested EAC 0.99 prebeta 3's installer, and found it not to have this 'eBay Icon' (eBayShortcuts.exe). NOD32 (correctly) doesn't detect EAC 0.99 prebeta 3's installer as a positive.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, you can disable protection for a while, install the program and evenually delete ebayshortcuts.exe after installation.
     
  6. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Thanks again, Marcos.

    This part isn't needed, if...

     
Thread Status:
Not open for further replies.