Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, a bit of confusion mixed with concern.


  • Please log in to reply
44 replies to this topic

#1 Lehr

Lehr

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 04:08 PM

Hello, gentleman.

 

Once again I come to this beloved website with a problem.

 

 

Below is three logs (Norton, Adwarecleaner, and Malwarebytes).

 

Today, I found out my friend clicked on an imgur. link that apparently was a grotesque pornographic image and apparently Norton went nuts shortly after and blocked an apparent 'Quarantine.exe.' It has blocked this four more times after the initial report, and three of which popped up as I went to use adware cleaner.

 

Should I be concerned? I have little to no information on what these may be, albeit I do assume they are not healthy for ones computer.

 

Anyway, I do hope to speak to someone soon. And yes, I plan to password my PC after this.

 

 

 

 

Filename: quarantine.exe
Threat name: Suspicious.Cloud.9
Full Path: c:\users\appdata\local\temp\quarantine.exe

____________________________

Details
Unknown Community Usage,  Unknown Age,  Risk High

Origin
Downloaded from Unknown

Activity
Actions performed: Actions performed: 1

____________________________


On computers as of 12/17/2013 at 3:59:58 PM
Last Used 12/17/2013 at 3:59:58 PM
Startup Item No
Launched No

____________________________


Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high.

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.



____________________________



Source: External Media


____________________________

File Actions

File: c:\users\appdata\local\temp\quarantine.exeBlocked
____________________________


File Thumbprint - SHA:
45f9bc8e8cf4071486b21a6ea4f0fe67504d57740d2043a2dd5ec9815377049c
File Thumbprint - MD5:
Not available
 

 

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.17.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Shawn Hegedus :: GAMER-PC [administrator]

12/17/2013 3:46:26 PM
mbam-log-2013-12-17 (15-46-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223428
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

-----ADWARE CLEANER----
 

 

# AdwCleaner v3.015 - Report created 17/12/2013 at 15:59:41
# Updated 10/12/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Shawn Hegedus - GAMER-PC
# Running from : C:\Users\Shawn Hegedus\Documents\Anti spybot and toolbar program\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Shawn Hegedus\AppData\Roaming\Mozilla\Firefox\Profiles\9pm8z92i.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Shawn Hegedus\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************


########## EOF - C:\AdwCleaner\AdwCleaner[R134].txt - [9573 octets] ##########
 


Edited by Lehr, 17 December 2013 - 04:11 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:26 AM

Posted 17 December 2013 - 04:14 PM

Can you do a full scan with Mbam?

#3 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 04:19 PM

If it is required, I suppose I can.

 

 

Spybot found zilch.

 

 

Okay, fifth time. When I try to start adware cleaner the warning pops up from Norton. Could it be Norton with an accidental detection?


Edited by Lehr, 17 December 2013 - 04:22 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:26 AM

Posted 17 December 2013 - 05:07 PM


Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Try AdwCleaner again. Possibly Norton is seeing ADW as a virus,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 05:22 PM

Empty your temp folders using TFC (Temporary File Cleaner)

  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Try AdwCleaner again. Possibly Norton is seeing ADW as a virus,

 

 

 

 

 

 

Temp files cleaned, rebooted.

 

Started ADW again, Norton tripped off the same alarm as before:

 

 

Filename: quarantine.exe
Threat name: Suspicious.Cloud.9
Full Path: c:\users\appdata\local\temp\quarantine.exe

____________________________

Details
Unknown Community Usage,  Unknown Age,  Risk High

Origin
Downloaded from Unknown

Activity
Actions performed: Actions performed: 1

____________________________


On computers as of Not Available
Last Used 12/17/2013 at 5:21:27 PM
Startup Item No
Launched No

____________________________


Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high.

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.



____________________________



Source: External Media


____________________________

File Actions

File: c:\users\\appdata\local\temp\quarantine.exeRemoved
____________________________


File Thumbprint - SHA:
45f9bc8e8cf4071486b21a6ea4f0fe67504d57740d2043a2dd5ec9815377049c
File Thumbprint - MD5:
Not available
 



#6 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 05:25 PM

http://www.symantec.com/security_response/writeup.jsp?docid=2013-052214-5723-99&vid=42539&product=Norton%20Internet%20Security&version=20.4.0.40&plang=sym:EN&layouttype=ESD&buildname=Retail&heartbeatID=89BC23DE-E34B-11DE-A19E-0024E8082526&env=prod&vendorid=&plid=2&plgid=2&skup=21171898&skum=21234721&skuf=21171505&endpointid={89BC23DE-E34B-11DE-A19E-0024E8082526}&partnerid=&lic_type=16&lic_attr=21255186&psn=QDFG4PGD8JW8&osvers=6.0&oslocale=iso:USA&oslang=iso:ENG&os=windows

 

 

 

And its related to this apparently.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:26 PM

Posted 17 December 2013 - 05:56 PM

Hi -

EDIT - Click on Follow this topic at the Top Right side,  and you should be notified when a reply is mads here -

 

 

For "Removal" this link is given by Norton ............
http://www.symantec.com/security_response/writeup.jsp?docid=2013-052214-5723-99&tabid=3
 

It seems to be a "Norton Thing" as I searched for other variations -

As you claim to use Norton, either follow their directions or see below .....

 

First -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* NOTE - Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

Next -

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -

You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

Copy and paste all reports -

 

Next -

Run a Full Malwarebytes Scan as per cryptodan -

 

 

Next -

See above from boopme -

 

 

Last -

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Thank You -


Edited by noknojon, 17 December 2013 - 05:59 PM.


#8 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 06:35 PM

NPE found nothing.

 

 

Again, this only seems to happen when I access ADW cleaner. It's been quiet for over an hour but each time I move to access adware cleaner it freaks out.

 

 

Also, Rkill is working atm, sorry for delay.

 

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/17/2013 06:32:33 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com

  20 out of 15492 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 12/17/2013 06:39:07 PM
Execution time: 0 hours(s), 6 minute(s), and 33 seconds(s)
 


Edited by Lehr, 17 December 2013 - 06:39 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:26 AM

Posted 17 December 2013 - 06:42 PM

Symantec's description of Suspicious.Cloud.9 appears to be a heuristics detection. In general, heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "false positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.

I would get a second opinion. Go to one of the following online services that analyzes suspicious files:--In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 06:53 PM

Filename: AdwCleaner.exe Status:
Scan finished. 1 out of 23 scanners reported malware.
Scan taken on:  

Mon 16 Dec 2013 00:09:54 (CET) Permalink

 

 

---^ Jotti's.

 

 

This file was already analysed by VirusTotal on 2013-12-17 21:38:08 .

Detection ratio: 8/49

You can take a look at the last analysis or analyse it again now.

 

---^ VirusTotals.

 

 

File Name :   AdwCleaner.exe File Size :   1226750 byte File Type :   PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 :   ffa683dc592d4e91f76714d9ba2272d1 SHA1 :   91e31f6f6fbbf4e9d003836ea64d98374c0540ce

 

 

a-squared 5.1.0.4 00050000000000 0005-00-00 1.115 AhnLab V3 2013.05.28.00 2013.05.28 2013-05-28
-
3.838 AntiVir 8.2.10.202 7.11.50.58 2012-11-16
-
10.495 Antiy 2.0.18 2.0.18. 0002-18-00
-
0.218 Arcavir 2011 201312160034 2013-12-16
-
7.215 Authentium 5.3.14 5.3.14 0005-14-00
-
1.031 AVAST! 4.7.4 131217-0 2013-12-17
-
0.415 AVG 10.0.1405 2109/6428 2013-12-17
-
0.260 BitDefender 7.90123.10611958 7.52134 2013-12-18
-
8.943 ClamAV 0.97.8 18251 2013-12-18 0.274 Comodo 5.1 15023 2013-12-13
-
3.573 CP Secure 1.3.0.5 2013.10.19 2013-10-19
-
0.208 Dr.Web 5.0.2.3300 2013.12.18 2013-12-18
-
25.360 F-Prot 4.6.2.117 20131217 2013-12-17
-
0.958 F-Secure 7.02.73807 2013.12.17.04 2013-12-17
-
6.435 Fortinet 4.3.392 16.549 2013-12-16
-
0.163 GData 22.12903 20131001 2013-10-01
-
11.395 Ikarus T3.1.32.10.0 ..1.32.10.0. --1.32.10.0
-
3.767 JiangMin 16.0.100 2013.08.13 2013-08-13
-
0.000 Kaspersky 5.5.10 2013.07.09 2013-07-09
-
0.000 KingSoft 2009.2.5.15 2013.12.14.9 2013-12-14
-
3.280 McAfee 5400.1158 5805 2009-11-17
-
16.399 Microsoft 1.10100 2013.12.13 2013-12-13
-
15.298 NOD32 3.0.21 9184 2013-12-17
-
1.830 Norman 6.8.3 201305031020 2013-05-03
-
0.227 nProtect 20131215.01 16104669 2013-12-15
-
13.709 Panda 9.05.01 2013.01.22 2013-01-22
-
33.818 Quick Heal 11.00 2013.12.14 2013-12-14
-
2.725 Rising 20.0 24.46.00.03 2013-01-21
-
6.321 Sophos 3.16.1 4.62 2013-12-18
-
9.757 Sunbelt 3.9.2574.2 24328 2013-12-13
-
2.390 Symantec 1.3.0.24 20130909.001 2013-09-09
-
1.200 The Hacker 6.8.0.5 v00379 2013-12-15
-
4.337 Trend Micro 9.500-1005 10.478.07 2013-12-17
-
1.662 VBA32 3.12.24.3 20131217.0732 2013-12-17
-
5.279 ViRobot 20131213 2013.12.13 2013-12-13
-
0.453 VirusBuster 5.5.2.13 15.0.652.0/14826789 2013-12-17
-


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:26 AM

Posted 17 December 2013 - 07:06 PM

Why did you submit AdwCleaner.exe?

Isn't this the file you are concerned about?

Filename: quarantine.exe
Threat name: Suspicious.Cloud.9
Full Path: c:\users\appdata\local\temp\quarantine.exe


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 07:11 PM

Why did you submit AdwCleaner.exe?

Isn't this the file you are concerned about?

Filename: quarantine.exe
Threat name: Suspicious.Cloud.9
Full Path: c:\users\appdata\local\temp\quarantine.exe

 

 

I think I know what the issue is.

 

Part of me is starting to think that this quarantine.exe may be related to ADW cleaner itself, I noticed when I had my temp folder open, and I ran it, ADW cleaner files suddenly appeared in it. COuld this be nothing more then a false positive due to a Norton update?


Edited by Lehr, 17 December 2013 - 07:29 PM.


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:26 AM

Posted 17 December 2013 - 07:39 PM

Ok. I misunderstood exactly what was going on.

Did you use the Uninstall button at some point and then later reuse AdwClearner? Several folks have reported that doing so creates Quarantine.exe in a %temp% folder.

See the comments in this topic. AdwCleaner 3.0 Feedback

Norton is detecting it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:26 PM

Posted 17 December 2013 - 07:42 PM

Oh, well bleep.

 

I have removed the .exe from the folder I've kept it in and replaced it recently. This could be the issue.

 

I'll give it a day or so. Is ADW cleaner safe to use still?


Edited by Lehr, 17 December 2013 - 07:42 PM.


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,390 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:26 AM

Posted 17 December 2013 - 07:46 PM

False detections by anti-virus programs for specialized fix tools are not uncommon.

Certain embedded files that are part of legitimate programs or specialized fix tools like AdwClearner, may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users