Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner 4.107 Databast 2015-01.11.2[live] False positives?


  • Please log in to reply
8 replies to this topic

#1 shadowk8

shadowk8

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 12 January 2015 - 02:57 PM

MOd Edit: Moved to Antivirus Software..~~ boopme

Hi guys was just doing routine scans and noticed that adwcleaner is detecting normal google chrome extensions as adware. Seems to be the following extensions lastpass, adblock, gmail, WoT, and google drive. Only one i cant figure out is Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn. Below i linked the txt from adwcleaner if u guys could double check that there fp's that be amazing. Also i figured you guys could let the creator know of the potential fp's.
 
Thank you, Colin
 
# AdwCleaner v4.107 - Report created 12/01/2015 at 14:32:41
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : ColinR - COLIN
# Running from : D:\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************

Attached Files


Edited by boopme, 12 January 2015 - 03:16 PM.


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:21 PM

Posted 12 January 2015 - 03:57 PM

I see that you ran AdwCleaner straight from the D: drive. If you move it on your Desktop, on your C: drive, is the Scan output the same?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:09:21 AM

Posted 12 January 2015 - 04:07 PM

Hello shadowk8:
 
Reference: How to contact Xplode. (Thank you quiteman7.)
 
bepbmhgboaologfdajaanbcjmnhjmhfn = Google Voice Search Hotword
 
I do not receive any False Positives/Positives using AdwCleaner 4.107 Run as Administrator from C:\Users\Administrator\Desktop much like Aura recommendeds above.
 
I do have Google's Chrome 39.0.2171.95 Stable browser installed on this W7Pro64SP1 system.
 
HTH :)


Edited by 1PW, 12 January 2015 - 04:24 PM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:21 AM

Posted 12 January 2015 - 04:40 PM

The program has its own Reinstall function, as it Quarantines all items, and will not Remove them until you Uninstall the program ........

First -

Download AdwCleaner by Xplode from Here or Here and save to your Desktop.

 

Last -

To restore an item that has been deleted by accident : Open the program again,
Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 PM

Posted 12 January 2015 - 04:41 PM

This has been reported to the developer...we will have to wait for confirmation.

BTW...many specialized tools are intended to be downloaded to and run from the Desktop for ease of use.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,201 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:21 PM

Posted 13 January 2015 - 08:10 AM

I didn't realize that immediately yesterday, but I saw someone's AdwCleaner fix log on another forum yesterday with 4-5 Chrome folder picked up by AdwCleaner, but that weren't deleted. I'll check if these folders represents the same extensions as the one posted here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 PM

Posted 13 January 2015 - 09:25 AM

The Malware Response Team has confirmed that previously reported Adblock Plus and Fireshot entries are detected only if AdwCleaner is executed from other location than C:...notification has been sent to Xplode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 13 January 2015 - 01:58 PM

good to know ty guys 



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 PM

Posted 13 January 2015 - 02:11 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users