'Exact Audio Copy' detected as- variant of Win32/Adware.ADON

Discussion in 'ESET NOD32 Antivirus' started by Anonymous696, Sep 23, 2009.

Thread Status:
Not open for further replies.
  1. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Why does NOD32 detect the installer (eac-0.99pb5.exe; MD5:b20c5add30b64f09fffacf010c4d3f15) of the latest version of 'Exact Audio Copy' (V0.99 prebeta 5) as a variant of Win32/Adware.ADON?

    Snip: Link to adware removed. Marcos
     
    Last edited by a moderator: Sep 23, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    The package contains the file ebayshortcuts.exe which is currently classified as adware but actually has a more trojan-like behavior as it doesn't inform the user about redirection to ebay through a 3rd party site.
     
  3. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Thanks Marcos.
     
    Last edited: Sep 23, 2009
  4. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Me again.

    After finding out the installer for EAC(Exact Audio Copy) 0.99 prebeta 4 is also detected by NOD32 as a variant of Win32/Adware.ADON, I did some testing (using Sandboxie and CIS(COMODO Internet Security)'s D+).

    [EAC 0.99 prebeta 4]
    During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\AD ON Multimedia\eBay Shortcuts\".

    [EAC 0.99 prebeta 5]
    During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\Desktopicon\".

    In conclusion, if the user un-checks the option box for 'eBay Icon' during installation, eBayShortcuts.exe isn't installed.

    PS. I also tested EAC 0.99 prebeta 3's installer, and found it not to have this 'eBay Icon' (eBayShortcuts.exe). NOD32 (correctly) doesn't detect EAC 0.99 prebeta 3's installer as a positive.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Yes, you can disable protection for a while, install the program and evenually delete ebayshortcuts.exe after installation.
     
  6. Anonymous696

    Anonymous696 Registered Member

    Joined:
    May 28, 2009
    Posts:
    16
    Thanks again, Marcos.

    This part isn't needed, if...

     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.