Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wajam false positive detection


  • Please log in to reply
10 replies to this topic

#1 alain-wajam

alain-wajam

    Authorized Wajam Rep


  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 28 January 2013 - 10:04 AM

Hi,

I'd like to chime in about a browser extension that has been receiving false positive detections on some AntiVirus programs. The Wajam social search enhancer is an application allowing users to get recommendations from friends on Facebook, Twitter and Google+ whenever they search. Wajam may be offered as an add-on as part of a software download, but in every case, you have the opportunity to opt-out of the download. The extension is never secretly added or forced upon the user.

If installed by mistake, follow these quick steps to remove Wajam: http://wajam.com/howto/uninstall/

If you experience a bug, or would like help in the uninstall process, feel free to reach out to [email protected]

Thanks,
Alain

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

    Retired


  • Members
  • 9,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:02:36 PM

Posted 28 January 2013 - 05:01 PM

you have the opportunity to opt-out of the download. The extension is never secretly added or forced upon the user.

Hello -
Are you willing to list some of the downloads that do include your program ?? If you are not, then will you please tell us why not !!

No reply to this request should then be taken as the fact that you are not willing to be very open about this program, and you wish to keep its locations hidden !!
Only people that conduct honest and open business are not afraid to include these details, otherwise it must be treated like Adware / Foistware or Spyware that is secretly installed on your computer. If the writers of Adware / Spyware programs know more about your program, it may called honest and not a sneaky add-on ...............

Often we have requests to remove these "un-asked for add-ons" that are secretly included with other legally downloaded programs.
If we know of these programs then we are able to tell people that there is an add-on included, and to Refuse it or Not include it if they wish to not have this program -

Are your add-ons Pre-ticked, and must be manually unticked / refused, or are they available for people to personally select, only if they wish to install freely ??

Thank You if you do Read and Answer -

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 1,080 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 AM

Posted 29 January 2013 - 08:03 AM

I'd like to chime in about a browser extension that has been receiving false positive detections on some AntiVirus programs.


You're wrong, it is not a false positive, it is a true positive. VIPRE has a signature to detect wajam.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2014 Consumer Security
MVP_Horizontal_BlueOnly.png


#4 noknojon

noknojon

    Retired


  • Members
  • 9,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:02:36 PM

Posted 29 January 2013 - 02:38 PM

You're wrong, it is not a false positive, it is a true positive. VIPRE has a signature to detect wajam.

I tend to agree that many BHOs that are "Force loaded" or "Hidden downloads" seem to be detected by at least some Antivirus programs.
There may be others, but I am still looking for them ...........

A lack of a reply to my questions seem to reinforce the idea that this is a "Not Requested Item", and should be treated as such -

Another one for thisisu to add to JRT program .................

#5 alain-wajam

alain-wajam

    Authorized Wajam Rep

  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 30 January 2013 - 05:51 PM


I'd like to chime in about a browser extension that has been receiving false positive detections on some AntiVirus programs.


You're wrong, it is not a false positive, it is a true positive. VIPRE has a signature to detect wajam.


We've filed a false positive report with VIPRE.

#6 alain-wajam

alain-wajam

    Authorized Wajam Rep

  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 30 January 2013 - 05:54 PM

you have the opportunity to opt-out of the download. The extension is never secretly added or forced upon the user.


Often we have requests to remove these "un-asked for add-ons" that are secretly included with other legally downloaded programs.
If we know of these programs then we are able to tell people that there is an add-on included, and to Refuse it or Not include it if they wish to not have this program -

Are your add-ons Pre-ticked, and must be manually unticked / refused, or are they available for people to personally select, only if they wish to install freely ??

Thank You if you do Read and Answer -


Thanks for the questions.

Our browser extension has been audited and certified by TRUSTe, Norton and McAfee, and we always ask for consent before installing.

For people asking to remove the add-on, you can direct them to our official uninstall tutorial at http://wajam.com/howto/uninstall

One issue that may lead to confusion is that the add-on is installed on more than one browser, so if a user only removes Wajam from one browser, they may be surprised to find it again somewhere else. That's why we've created official uninstall steps and videos.

As for where you can find Wajam, here are some examples: Chrome store, CNET, Softonic.

Edited by alain-wajam, 30 January 2013 - 06:23 PM.


#7 noknojon

noknojon

    Retired


  • Members
  • 9,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:02:36 PM

Posted 30 January 2013 - 09:44 PM

certified by TRUSTe, Norton and McAfee

Currently they do not certify your program - I have asked and the answer was NO -
CNET, Softonic. < < I would not be surprised as these 2 are the most involved in redirection / add-on problems -

The main problem is that your program is installed by stealth means, and as such is known as a Browser Hijacker ...........

The actual question was regarding the Software that it is bundled with, and that, naturally, is the question you refuse to answer
< < the downloads that do include your program ?? > > < < Are your add-ons Pre-ticked, and must be manually unticked / refused > >

We never expected to reply to these questions in an honest way, so we will continue to treat it as an infection.
Read your own forum and see the problems that people are having trying to remove this infection, or even Microsoft forums -

wajam virus - About 22,000 results (0.22 seconds) - Direct from Google -

Also after reading your own forum, I noted that you do admit that there are parts of the program NOT removed by using your uninstall method, and that some registry items are still remaining on the computer -

Adds further to being an infection, not just an Add-on, as you say -

Edited by noknojon, 31 January 2013 - 03:01 AM.


#8 noknojon

noknojon

    Retired


  • Members
  • 9,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:02:36 PM

Posted 30 January 2013 - 10:49 PM

McAfee Product Certification is designed for candidates who administrate a specific McAfee product

This is only a test for McAfee technicians to complete and not a Validation of any site -

Note: You must purchase a Symantec SSL Certificate or Symantec Safe Site before installing the Norton Secured Seal.

Simply register today to receive your free personalized certification!

From Norton - This is a Product seal that is sold to any company that wishes to pay for it -

A direct quote from Anvisoft AdWare remover pages Re: Wajam Inc.

This browser add-on may also lead to privacy violations, unwanted software installation and malware infections. We highly recommend you to uninstall it from your computer once found


A direct quote from TRUSTe site company pages - It is certified as a "Tracking Application" only.

Wajam 1.0 - This software is owned by Wajam Inc. and certified by the TRUSTe as a Tracking Application



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 1,080 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 AM

Posted 31 January 2013 - 02:48 AM

We've filed a false positive report with VIPRE.

You don't seem to understand what a false positive is.

If VIPRE would detect the wajam installation program as the Stuxnet worm (for example), then this would be a false positive. It's a positive because VIPRE detects it, but it's false because the wajam installation program is not the Stuxnet worm.
But VIPRE detects the wajam installation program as wajam (fs), and this is a true positive. It's a positive because VIPRE detects it, and it's true because the wajam installation program is wajam.
Here is VIPRE's entry for wajam: http://www.sunbeltsecurity.com/ThreatDisplay.aspx?name=Wajam&tid=4753062&cs=480C327DD6304C20131627C4BD016275

What you want is a true negative: that VIPRE does not detect wajam, hence that they remove the wajam entry from their signature database.
Filing a false positive report is not the appropriate way.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2014 Consumer Security
MVP_Horizontal_BlueOnly.png


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 52,423 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:36 AM

Posted 31 January 2013 - 07:59 AM

Many vendors have a separate category for Potentially Unwanted Programs (PUPs, different vendors use different indicators). PUPs aren't malicious, but there usually is an issue with the way they are installed or the purpose of the program.

In case of download wrappers the former is the case. It is perfectly okay that free software comes with a sponsor, however many consider that this has to be done in an ethical way (clear opt-out checkbox and links to EULA/privacy policy) to avoid that users end up with applications they don't want and can't remember installing. If said application can't be removed completely with the included uninstaller, this is an additional problem.

Its for a good reason that on forums we often use tools like AdwCleaner and Junkware Removal Tool; if every sponsor app would have an adequate uninstaller this wouldn't be necessary. See also this article for a few examples/screenshots.

This does not mean that the sponsor apps are malicious (will redirect searches to malicious sites, will track your browsing/private data and so on). Some sponsor apps may exhibit malicious behavior, but most of them not.

Lets please keep all this in mind when discussing the subject and keep this civilized.

====================

The download wrapper containing Wajam I looked at had an opt-out checkbox and links to privacy policy/EULA, plus a working uninstaller, however not every download wrapper uses the same options.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Layback Bear

Layback Bear

  • Members
  • 1,878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:11:36 PM

Posted 13 February 2013 - 12:16 AM

I have never tired this program but I have noticed these little add on things are some time hidden in the EULA/privacy policy of the good product you are wanting to download. If you agree to the EULA/privacy policy of the product you want you automaticly agree to the sneaky program. Problem is most people don't read the EULA/privacy policy. Then they get this little goodie and have no idea where it came from. I have had Babylon install when checked or unchecked; didn't matter. So I'm saying is this. When someone has a quilit product and you want people to give it a try no sneaky trick. The members here will discover them and it won't be long the whole world will know.

   In my mind anything that gets into my computer that some how snuck by me and my security programs is a infection. What ever other name one wants to call it. Here is a little test I did on another one of my favoret Forums choosing one site and one quality product. The web sit was chosen because of its well known name for a long time and the program was chose because I believe it to be quality. This is exmple of the kind of things I don't like. I don't want to recommend a quality product to another member here and have them run into such things following my recommendation.

 

Okay I tested a Cnet download (results)
Just to be checking I did this.

Went to Cnet and checked download HWMonitor Pro.

Read the agreement and their is a lot of new unwanted goodies in the
agreement. I don't know whethrer Cnet put them there or HWMonitor put
them there. I checked except and went on with the download and install.
Then up jumped Microsoft Security Estentials and stopped something. (Win/Price Gong) Then I removed it.

Next was Malwarebytes Anti Malware Pro and it found 7 (PuP.Inof Atoms) I removed them all.

Next was Super Anti Spyware, the free one and it found 6 tracking cookies and I removed them.

I noticed I have a new browser search bare in all my browsers.
MJXI DJ Toolbar. What a little sweet heart.

I run AdwCleaner and it removed all the entries.and their was a gazillion of them.

I'm I done; no way.

I installed and ran Eset Online Scanner after updating. Just on the C
drive. I will do the other drives later. Eset Online Scanner found two (Win32/Downloader Admin.G Apps) I removed them.

I will be doing scans on my other drives next.

-----------------

Now folks my computer did not have all these things until the download
from Cnet of HWMonitor Pro. I haven't even installed HWMonitor Pro yet. I
have right clicked and scanned it with MSE and MAM Pro and it comes up
clean. Makes me think all the little unwanted goodies came from Cnet.

-----------------

I did this test because Britton 30 had mentioned a few time in other
post that the new method of getting junk from download was coming from
USER AGREEMENT when down loading. It seem like Cnet knows that most
don't read all that stuff and stuck some unwanted goodies in the
agreement.

Thank you Britton 30. The warning was spot on.

My System Specsarrow_down.gif


Edited by Layback Bear, 13 February 2013 - 12:23 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users