Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

3/55 negative results on virus total for the AdwCleaner download on Bleeping ???


  • Please log in to reply
4 replies to this topic

#1 Momadice

Momadice

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:04:43 PM

Posted 18 February 2016 - 03:47 PM

Does anyone know why AdwCleaner download has 3/55 negative results on Virus Total?
 
SHA256: 5e2f5b4797500c19b8c301b63b48b39f9b6e26e1faebd86f9030fd6fb4b8da46 
File name: AdwCleaner.exe
Detection ratio: 3 / 55 
Analysis date: 2016-02-18 20:34:59 UTC ( 1 minute ago ) 
 
AegisLab  Troj.W32.Agent  20160218 
Bkav  W32.HfsAtITA.2C8B  20160218 
Qihoo-360  HEUR/QVM11.1.Malware.Gen  20160218 
ALYac    20160218 
AVG    20160218 
AVware    20160218 
Ad-Aware    20160218 
Agnitum    20160217 
AhnLab-V3    20160218 
Alibaba    20160218 
Antiy-AVL    20160218 
Arcabit    20160218 
Avast    20160218 
Avira    20160218 
Baidu-International    20160218 
BitDefender    20160218 
ByteHero    20160218 
CAT-QuickHeal    20160218 
CMC    20160216 
ClamAV    20160217 
Comodo    20160218 
Cyren    20160218 
DrWeb    20160218 
ESET-NOD32    20160218 
Emsisoft    20160218 
F-Prot    20160218 
F-Secure    20160218 
Fortinet    20160218 
GData    20160218 
Ikarus    20160218 
Jiangmin    20160218 
K7AntiVirus    20160218 
K7GW    20160218 
Kaspersky    20160218 
Malwarebytes    20160218 
McAfee    20160218 
McAfee-GW-Edition    20160218 
MicroWorld-eScan    20160218 
Microsoft    20160218 
NANO-Antivirus    20160218 
Panda    20160218 
Rising    20160218 
SUPERAntiSpyware    20160218 
Sophos    20160218 
Symantec    20160217 
Tencent    20160218 
TheHacker    20160217 
TrendMicro    20160218 
TrendMicro-HouseCall    20160218 
VBA32    20160218 
VIPRE    20160218 
ViRobot    20160218 
Zillya    20160218 
Zoner    20160218 
nProtect    20160218 
 
 



BC AdBot (Login to Remove)

 


#2 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:02:43 PM

Posted 18 February 2016 - 04:16 PM

Hello Momadice:

 

This is the cross that many Windows utilities must bare. IMO you are witnessing the product of overly aggressive, lesser AV vendor's attempt to artificially boost their detection statistics.

 

I have been tracking Xplode's AdwCleaner for years and the hits you see are always false positives. When you see the highest tier AV vendors showing hits, then it's time to look closer.


Edited by 1PW, 18 February 2016 - 04:44 PM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 18 February 2016 - 05:33 PM

Certain embedded files that are part of legitimate programs and specialized fix tools (like AdwCleaner), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, Emsisoft and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are falsely detected by various anti-virus programs from time to time for the reasons noted above. This in turn sometimes results in an inaccurate site rating/warning of potentially dangerous software when that is not the case.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Momadice

Momadice
  • Topic Starter

  • Members
  • 156 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Ontario, Canada
  • Local time:04:43 PM

Posted 21 February 2016 - 07:17 PM

Thank you for taking the time to respond.  It is exactly what I wanted to here.  I did not know if I was being directed to a rogue site, impostor; and a healthy tiny dose of paranoia I suspect is warranted with the recent law suit, as it seems reasonable to check things out as that company has already made some 'no no' posts to your forums.

 

Thanks again



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 21 February 2016 - 09:31 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users