Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner infected, Possible False Positive


  • Please log in to reply
17 replies to this topic

#1 pribon

pribon

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:52 AM

Posted 08 July 2013 - 04:47 AM

Capture_A.png
Kingsoft antivirus shows me that AdwCleaner infected. Attachment files.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal


Edited by hamluis, 09 July 2013 - 07:59 AM.
Modified topic tiele - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:52 AM

Posted 08 July 2013 - 06:50 AM

Kingsoft may have a non-legit reason for doing that or not. For a more thorough look at

whether any file (up to 64MB) contains malware you can have it scanned for free by 40+ programs.

Use VirusTotal - Free Online Virus and Malware Scan

 

If you downloaded Adware Cleaner from here AdwCleaner Download

then what Kingsoft is reporting is most likely a false positive or an attempt to protect itself.....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 pribon

pribon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:52 AM

Posted 08 July 2013 - 06:59 AM

With the URL I made  AdwCleaner download.



#4 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:52 AM

Posted 08 July 2013 - 07:17 AM

I just scanned the file. Out of 47 programs, the only negative report was from Kingsoft.

 

SHA256: 1890c72593888c37963b922eefb6c8b03e7a970932a747a8f4bd1626d94b978a File name: AdwCleaner.exe Detection ratio: 1 / 47 Analysis date: 2013-07-08 12:10:35 UTC ( 0 minutes ago )
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:52 AM

Posted 08 July 2013 - 07:45 AM

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" which can be confirmed by following buddy215's instructions.

If you are trying to download the file, either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 pribon

pribon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:52 AM

Posted 08 July 2013 - 09:20 AM

Capture_C.png

Capture_D.png

 

On the computer I use two antivirals Kingsoft and EsetNOD 32 antivirus 6. When scanning my Kingsoft  shows that we are on cloud computer is virus while EsetNOD 32 does not confirm this.
Whom to believe  more?

Edited by Queen-Evie, 08 July 2013 - 09:27 AM.
merged separate topic about Combofix into this topic since both relate to Kingsoft


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:52 AM

Posted 08 July 2013 - 09:49 AM

You shouldn't run more than one antivirus program, this can cause false positives and possible file corruption.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:52 AM

Posted 08 July 2013 - 09:58 AM

dc3 is correct. Read the IMPORTANT NOTE in Choosing an Anti-Virus Program
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:52 AM

Posted 08 July 2013 - 02:38 PM

In a brief search for info on Kingsoft I found several users reporting false positives.

 

It's your decision whether to use either of those two programs. But since only Kingsoft

is reporting a problem I would take their reports as unreliable and would have no problem

with using either if I needed to.

 

If you suspect you have adware or other malware you can choose to post your symptoms

in one of BC's help forums designated to assist you in cleaning up your computer.

Suggest you start here: Am I infected? What do I do?

 

               
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 pribon

pribon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:52 AM

Posted 08 July 2013 - 03:38 PM

I have no problems with the work of both antivirals software, they are compatible.
A detailed explanation is given on the website.
 



#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:52 AM

Posted 08 July 2013 - 04:09 PM

I admittedly did a very quick read of the link you provided. Nowhere did I see a specific mention that Kingsoft Anti-Virus is compatible running side by side with other Anti-Virus applications. I also feel that you are dealing with a false positive situation form Kingsoft. Compounded with A-V conflicts.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:52 PM

Posted 08 July 2013 - 05:46 PM

Hello -

Can we gather a bit of information first please - All links are from here, and all are clean -

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open while Reset Firefox is running -
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Please post a snapshot with Speccy for more system details, include Make and Model of computer if known
How to Publish a snapshot with Speccy <<-- Directions Here

 

 

Thank You -



#13 pribon

pribon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:52 AM

Posted 09 July 2013 - 02:19 AM

Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
ESET NOD32 Antivirus 6.0            
Kingsoft Antivirus System Defense   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Privatefirewall 6.1 pfsvc.exe  
 kingsoft kingsoft antivirus kxescore.exe  
 kingsoft kingsoft antivirus kxetray.exe  
 Privacyware Privatefirewall 7.0 PFGUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:52 PM

Posted 09 July 2013 - 04:02 AM

Is this fully compatible with Win7 x64? Meaning all modules running on x64?

No. The system defense module doesn't have same capabilities as on 32bit systems...

Based on this research (so far), you are better just to stay with ESET NOD32 on your 64bit system.

 

Was there any reason to add Privacyware Privatefirewall, or do you just want "another program" ?

 

Note that at most times, more is not always better when you install programs -

A simple routine with decent protection is always the best way to go.

 

This must also be taken in account with All other installed programs and surfing habits.
 

Thank You -



#15 pribon

pribon
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:10:52 AM

Posted 09 July 2013 - 05:18 AM

I have no particular reason to use Privatefirewall.

Thanks for the suggestions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users