False/Positive?

Can anyone tell me if this is a False/Positive.?

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:03:50 PM 6/3/2007

+ Scan result:



HKLM\SOFTWARE\Classes\AppID\{FD452F78-C495-40A1-B5BD-D8A586CA7F23} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{17BB6D1C-BCD3-4667-B56D-ABBBD2230042} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{856D8ADB-99C3-4AEA-B294-E3FBDBC198CF} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF1AECC7-0C21-4B5F-BD3F-8D5B0BF042D9} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{157BF1E5-C86C-48E7-ADCC-2890C45B63CE} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{1A5D27ED-D7EC-4ED3-A631-64CAA8482D27} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{C5B002C9-E508-4723-AB34-2AC6B5E3DC0E} -> Adware.RogueSuspect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{D89D48EF-8915-4729-954E-69F3C6C3F19E} -> Adware.RogueSuspect : Cleaned with backup (quarantined).


::Report end

 

Please verify if you are using the latest version 7.5.1.36 of the AVG Anti-Spyware (see our download website), if you are using the latest Version then please restore these quarantined Registry keys.

Please send us exported *.reg files of these detected Registry keys:
http://www.ewido.net/en/malware/
Use for that the Windows Registry Editor (regedit.exe).

In the Windows Start menu click on 'Run' enter now regedit.exe and press OK.

Now search or go to the detected keys (they look like folders in the Windows Explorer).

Now select only this detected key, right click and choose in the context menu the Option 'Export..', now choose your desktop and a good filename.

NOTE: Choose only the detected key for the export at the bottom of the 'Save as' dialog and not(!) ALL, this would export the whole Registry in huge files.

 

I'm using Version 7.5.0.50 FREE (Not Version 7.5.1.36) Should I restore these quaranteened registry keys.?

 

I restored the files then deleted Version 7.5.0.50 and downloaded the updated Version 7.5.1.36. I will post again if I encounter the same problem.

 

I downloaded the updated version 7.5.1.36. I ran 2 scans back to back. The first scan detected the same adware so I restored it as you recommendened above. I then ran the second scan and it detected the same Adware again so this time I selected Add to my Ignored List. Is this the correct thing to do.?

 

Please read again my first posting in this thread, we need the exported registry (file extension *.reg) of the detected keys.
Restore with the new AVG AS Version all quarantined Registry entries, also remove the ignore/exception list entry and scan again, then after the scan do nothing, just ignore the result (but do not(!) add these entries to the exception list), save the Scan report log to the desktop and close the AVG AS.
Now use the regedit.exe, locate the detected keys (see scan report log for the exact name an path). See again in the previous posting for details.

And you do not need to use everytime for your replys the quote function

 

I followed your instructions exactly as you indicated and sent the Adware.RogueSuspect files for analizes(sp). Please get back to me as soon as possible with the results and to let me know how I can stop AVG AntiSpyware from constantly detecting this Adware.

 

Hi I encountered exactly the same problem. Followed your directions and sent you the file. Would really like to know if I can ignore this and when can we expect a fix if indeed it's a false positive..Thanks...Frank

 

In your post you mention you sent me a file. What file is that.? I never received it. I agree it would be nice if they can figure this out ASP. Otherwise every time we run a scan it's going to continue to detect the same Adware over and over.!! I guess the only thing we can do is always restore it or don't run any more scans and wait until we hear from them. I guess that's what their saying we should do for now.

 

@ KSFINN: Please check here your inbox for your private messages because i sent you some minutes ago a question.

 

How about it Karl can I ignore these files as FP, it's still picking it up as follows:

HKLM\SOFTWARE\Classes\AppID\{FD452F78-C495-40A1-B5BD-D8A586CA7F23} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{17BB6D1C-BCD3-4667-B56D-ABBBD2230042} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{856D8ADB-99C3-4AEA-B294-E3FBDBC198CF} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{FF1AECC7-0C21-4B5F-BD3F-8D5B0BF042D9} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\Interface\{157BF1E5-C86C-48E7-ADCC-2890C45B63CE} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\Interface\{1A5D27ED-D7EC-4ED3-A631-64CAA8482D27} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\Interface\{C5B002C9-E508-4723-AB34-2AC6B5E3DC0E} -> Adware.RogueSuspect : Ignored.
HKLM\SOFTWARE\Classes\TypeLib\{D89D48EF-8915-4729-954E-69F3C6C3F19E} -> Adware.RogueSuspect : Ignored.
HKU\S-1-5-21-823518204-308236825-839522115-1003\Software\Ascentive -> Adware.RogueSuspect : Ignored.

Thanks...Frank

 

Sorry but i cannot send you a PM to ask for your email address so that i can try to find your email with the submitted registry file.
Please activate the PM function and then i can send you a pm with my request.

 

I'm also still having the same problem. I cannot get this issue resolved. I wonder whats up with this anyway. If you find anything out and how to fix this problem please contact me OK? Thanks KSFINN

 

I have received now the requested informations from another Support team member, so the detection of these entries will be removed with the next Signature Update.

 

Re: False/Positive? karl.ewido

Karl. Why was I unable to find these registry keys.? I followed your instructions as you indicated but when I went to regedit registry I could not find these registry keys you were asking for. I typed in regedit search option (20070605-113432) and it came back as does not exist plus I also manually searched for at least 1 hour or more. I found False/Positive registry keys from another anti-spyware program I have. Just don't understand why I couldn't find them for ewido AVG and was wondering if you can let me know what you think I might have been doing wrong. I would like to know in case I may need to do this again in the future. I'm very glad that to hear that someone else got you the information that you needed and that it's going to be fixed with the next update. THANKS!!

 

It is possible that you may use the wrong search strings and numbers so the Search function of the Registry Editor was not able to find these keys.
But this false detection is fixed with one of the last Updates, so please update your AVG Anti-Spyware.

 

Most of the FP have been corrected but I still get this one on every scan..any ideas:

HKU\S-1-5-21-823518204-308236825-839522115-1003\Software\Ascentive

Signature 838,956

 

The last detection Software\Ascentive will be fixed today with the first Signature Update.