Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ADWCleaner dropped a virus on me


  • Please log in to reply
10 replies to this topic

#1 LoserGamer

LoserGamer

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 29 November 2017 - 10:32 AM

When I downloaded ADWCleaner from Bleeping Computers my Windows Defender tells me I got a virus. I forgot the exact name of it but it is a win32 registry virus listed as severe.

I just built a new PC and downloaded a webcam program and blamed it on it. I did a new install and scanned which was clean. I installed ADW thinking I was setting up a perfectly clean system. After I scanned there that virus was again so I isolated it was not the web cam program because I hadn't loaded it yet to the fresh install.

 

You guys may want to investigate why a virus is packed with it or please tell me it is a known false positive.


Edited by LoserGamer, 29 November 2017 - 10:34 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:38 AM

Posted 29 November 2017 - 10:42 AM

Hello, could you please post the log or the line with the virus path?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,845 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:38 AM

Posted 29 November 2017 - 11:01 AM

What version of Windows, Windows Defender, and WD Definitions are you using?

 

I have just downloaded AdwCleaner (version 7.0.4.0) from both the Malwarebytes site and BC's page and neither is triggering a virus warning.  I'm under Windows 10 and using the following:

 

Attached File  WinDefenderSnippet.jpg   49.79KB   0 downloads


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#4 LoserGamer

LoserGamer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 29 November 2017 - 11:05 AM

Did you do a FULL scan? MY PC was updated fully when I got them and I had to do a full scan.

I think I am going to make an image of my unadulterated PC at the moment and try to see if i can get that virus again and give you the information you guys need.

I am hesitant to think its really a virus and thinking more of a false positive but you never know. Using build 1709 windows 10


Edited by LoserGamer, 29 November 2017 - 11:05 AM.


#5 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,845 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:38 AM

Posted 29 November 2017 - 11:16 AM

No, I didn't do a full scan.  WD scans upon download.

 

However, I just did a manual scan on both of the exe files and both are zero threats found, 2 items scanned.

 

I, also, am on Version 1709 of Windows 10 Home, 64-bit.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#6 LoserGamer

LoserGamer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 29 November 2017 - 11:21 AM

When I get home tonight from work I'll try to get it to show again. What screen shots do you need and how do I get to where you need to see?

 

I am going to reload an image on another drive I know never had ADW on it then load it and scan. Its a fresh install image



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:38 AM

Posted 29 November 2017 - 11:29 AM

The detection is a false positive by the anti-virus. Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free.

Certain embedded files that are part of legitimate programs and specialized fix tools (like AdwCleaner ), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed, packed, or obfuscated to protect code, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be encrypted or password protected in order to conceal itself so they do not allow access for scanning often trigger alerts by security software as well.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, Emsisoft and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are falsely detected by various anti-virus programs from time to time for the reasons noted above. This in turn sometimes results in an inaccurate site rating/warning by browsers of potentially dangerous software when that is not the case.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

Either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 LoserGamer

LoserGamer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 29 November 2017 - 11:32 AM

I figured it was a false positive considering the program is in the midst of people who know about security and coding. If any real virus was present it would have the light shined on it big time.

But at the same time I wanted to see if anyone else had any issues so I posted anyhow.

Thanks.


Edited by LoserGamer, 29 November 2017 - 11:32 AM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:38 AM

Posted 29 November 2017 - 11:36 AM

Not a problem. I certainly understand the concern and why most non-security experts would report the detection. It's happened many times before with these types of tools and probably will happen again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 LoserGamer

LoserGamer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 02 December 2017 - 12:22 AM

Guys, I believe I figured it out. Because I got the thing again without even using ADWcleaner, I just want to make that clear as to not make people feel its not safe because it is a great tool.

I got a tip from Windows Defender that this could be a virus. Trojan:Win32/BlockMsav.A!reg. Windows found it in the firewallpolicy/firewall rules. That is when the lightbulb went off and I was like oh, its the firewall program I downloaded giving a false positive because its working with windows firewall.

 

Makes sense now.

Off to dl ADWcleaner now. :) 


Edited by LoserGamer, 02 December 2017 - 12:22 AM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:38 AM

Posted 02 December 2017 - 07:20 AM

Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users