As already noted, false detections by anti-virus programs for specialized fix tools are not uncommon. Let me explain further.
Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as suspicious
, a Risk Tool
, Hacking Tool
, Potentially Unwanted Program
, a possible threat
or even Malware (virus/trojan) when that is not the case
. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed
, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.
When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis
engine which provides the ability to detect possible new variants of malware
. Anti-virus scanners cannot distinguish
between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove
them. In these cases the detection is a "false positive
" and can be ignored.
Most of the well known specialized tools we use as malware fighters are written by known experts at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and others so they can be trusted. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time.The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves
. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.
As for your question in regards to quarantine...When an anti-virus or security program quarantines
a file and moves it into a virus vault (virus chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat
. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename, encrypt and password protect the file as part of the moving process.
Quarantine is just an added safety measure
which allows you to view and investigate the files while keeping them from harming your computer. One reason for doing this is to prevent the permanent deletion of a legitimate file that may have been incorrectly flagged (a "false positive
") and placed in quarantine. This can occur if the scanner uses heuristic analysis
technology which is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. After confirming the file is legitimate, it can be safely restored from quarantine and added to the exclusion or ignore list.
When the quarantined file is known to be malicious
, you can permanently delete
it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete. In your case, all quarantined items (and the folder holding them) will be removed when uninstalling AdwCleaner.