Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ADWCleaner to be trusted?


  • Please log in to reply
10 replies to this topic

#1 LetMeKnow

LetMeKnow

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 May 2014 - 01:31 AM

ADWCleaner found these registry entries, which seem doubtful to me:

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}          
    dhRichClient3.dll, used by MAXA Cookie Manager, VirusTotal: clean

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}        
    dsfNativeFLACSource.dll, used for OGG, VirusTotal: clean

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}            
    URLReqService, no corresponding file found in the computer

Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}        
    IBrowserExternals, no corresponding file found in the computer

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03F4DEAA-456E-4A23-8635-23AEC43340CD}

    no entry

 

and if I would remove them all, I suppose I would have trouble... except probably where there is no entry or no such file is found.

 

Does anyone have comments or a suggestion?

What happens if I remove entries for RASAPI32 or RASMANCS?

One apparently has to be VERY CAREFUL with ADWCleaner!

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 12 May 2014 - 02:21 AM

Hello -

Please read thse details on AdwCleaner -

 

First your Clean report - (AdwCleaner[S0].txt)

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

• Items that are deleted are then moved to the Quarantine Folder: "C:\AdwCleaner\Quarantine"
• To restore any item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

AdwCleaner is not a "killer" but a Quarantine Tool ....

If you do not open the program a second time and hit "Uninstall" all items Quarantined still remain -

 

These can be restored later if you wish.



#3 LetMeKnow

LetMeKnow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 May 2014 - 04:00 AM

Thanks fpr the information.

Nevrtheless it appears that there can be quite a few false positives...

I also noted others under other tags.

What about the entries in ...Microsoft\Tracing?

Even though I could restore them from the quarantine, should I remove them?

Would you? What would happen?

Who has an opinion?



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,814 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 12 May 2014 - 04:18 AM

Anything that contains apnstub ....is associated with ASK TOOLBAR....which is a recognized piece of crap adware which usually downloads with more highly regarded software. Java comes to mind.

It is a sad fact of life that quite well regarded software has to pay the bills......and an increasing number of them now do so by allowing junk like ask and conduit etc etc etc to 'piggyback' on their installations.

When installing anything.....it is always wise to choose the 'Custom install' if that option is offered.  The outcome of blindly clicking on the next button is having crap installed on your PC that you do not need/want......these are called PUP's...potentially unwanted programs.

Most of these will TRACE your surfing habits etc etc and report those habits back to a database somewhere which will eventually start to 'target' you with adds....at this stage you will begin to find your browser being redirected and pop ups occurring on the web pages....and worse.

 

I have been using AdwCleaner for many years now and would not hesitate to remove them.

 

 

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#5 LetMeKnow

LetMeKnow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 May 2014 - 04:54 AM

Thanks! I do avoid such crap. But I may once have missed to unmark it and then uninstalled it, so that something still remained.

I will remove it.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 12 May 2014 - 07:18 AM

Hi -

If this was related to a detection by ?? say Malwarebytes Anti-Malware, would you have the same reaction ??

 

As I have spent about 10 years on the MBAM Forum, the sub-forum related to False Positives (wrong detections) is very large.

 

You will find this with any Antivirus / Antimalware / Adware type program, and it always has been there, and always will be.

If you have found one of these programs, then I will leave my current programs and go there. As of now, I find that almost all of these types of programs do have some faults, and it is better in my mind to have a Quarantine base, rather than just a Delete policy.



#7 LetMeKnow

LetMeKnow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 12 May 2014 - 08:06 AM

I agree...

yet some AntiVirus programs at least in many cases offer the choice of quarantining.



#8 cmptrgy

cmptrgy

  • Members
  • 1,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:02:35 AM

Posted 12 May 2014 - 10:11 AM

You found registry entries, which seem doubtful to you

“What happens if I remove entries for RASAPI32 or RASMANCS?”

--- Don’t know yet

“One apparently has to be VERY CAREFUL with ADWCleaner!”

--- Being very careful on an application isn’t limited to ADWCleaner

“Nevrtheless it appears that there can be quite a few false positives...”

--- I would find out in what way they can be false positives on any application if I suspected that is possible

“What about the entries in ...Microsoft\Tracing?”

--- Don’t know yet

My opinion: All questions are valid

 

Noknojon: “it is better in my mind to have a Quarantine base, rather than just a Delete policy”

You responded: “I agree...

yet some AntiVirus programs at least in many cases offer the choice of quarantining”

My opinion: I agree with Noknojon fully.

--- Many times when I’m called to help someone on their computer they have no clue on what was involved when they just delete whatever

Even with a choice, the same questions you are wondering about would still be valid

--- AntiVirus programs are designed to offer a full complement of whatever they offer

--- ADWCleaner is a free standalone program that will allow you to remove what you want but the value I see is you can refer to the quarantine list which in turn allows the user time to evaluate what’s going on instead of trying to figure out how to evaluate each item ahead of time

 

On to my ADWCleaner experiences

Just like you I had those similar valid questions when I first started using it

--- I would delete what appeared to me to be ok but I would research what I wasn’t sure of

--- And some programs that might appear on both your computer as well as mine can have different reasons for being there

--- I’ve done some research on the items you mentioned and in some cases, the item was removed and in some others they weren’t for whatever reason so you need to find out how they relate to your computer

But before I run ADWCleaner on any one’s computer I run their antivirus programs first

--- I make sure their firewall and real-time anti-virus program is in order

------ If their real-time anti-virus program finds any infections, I run it again to ensure all infections have been deleted and have not returned

------ Then I run a no-real-time antivirus program for a second opinion and do the same: run it a second time if necessary

------ I’m not an expert by any means, but the value of a second opinion no-real-time antivirus program is that it has no idea of how the real-time anti-virus has been accommodated to run what the user runs

------ Yes I know this brings up additional questions but it’s supposed to

--- At least you are interested in knowing what’s going on; I wish my friends would do the same

Moving on, after it’s ensured the computer is safe from infections, it’s time to do the maintenance items, clearing the cache, deleting cookies, run disk cleanup, uninstall unnecessary toolbars etc.

--- Once the computer is known to be safe and maintained then ADWCleaner can be used as the final touch

So to me yes ADWCleaner is safe to use but should be used a part of a maintenance program, not as a “fix-it” tool

In your case, research the items you ask about to see what could apply on your computer and post back if you have further questions

--- BTW, there have been times I have set a Restore point but never had to revert back due to an issue with ADWCleaner. I am still careful of the Quarantine list as well as reports from other programs I run



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:35 PM

Posted 12 May 2014 - 05:41 PM

--- ADWCleaner is a free standalone program that will allow you to remove what you want but the value I see is you can refer to the quarantine list which in turn allows the user time to evaluate what’s going on instead of trying to figure out how to evaluate each item ahead of time

If you read above, there is even an option to restore any detections -

• To restore any item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

So the program has Preview and Restore options built in, that many do not include -

 

Just my version - - - -



#10 cmptrgy

cmptrgy

  • Members
  • 1,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:02:35 AM

Posted 12 May 2014 - 06:25 PM

Thanks noknojon for bringing that to our attention

Although I had read it I guess it didn't register, but's registered now



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:35 AM

Posted 16 May 2014 - 07:33 PM

The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep. The only things you can't uncheck is Chrome and Firefox preferences lines but you still can view them in the "Chrome" and "Firefox" tab. If a detection is made the preference line will be removed when running the tool. In some cases AdwCleaner may detect items related to legitimate programs...if in doubt about a particular detection, a Google search should be performed to gather additional information before removal.

BTW....most of the well known specialized tools we use as malware fighters and available for download here are written by known experts/Security Colleagues at various security forums like BleepingComputer, TechSupport, GeeksToGo, SypwareInfo and others so they can be trusted. AdwCleaner was created by Xplode (a BC Security Colleague). Rest assured our Security Colleagues are trustworthy and all the programs you can download from this site are safe to use.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users