Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware 'not-a-virus' Or Wisesfx Dropper (help!)


  • Please log in to reply
1 reply to this topic

#1 MystyDeb

MystyDeb

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 10 December 2006 - 10:40 AM

My computer has been just a mess. Ive known there was something wrong, but Trend virus software said everything was just fine and dandy.
Today I installed Kaspersky and right away this stuff popped up.
Has anyone seen this before? Is WiseSFX dropper a virus? Im confused.

Deb


12/10/2006 3:37:45 AM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/10/2006 3:37:58 AM The threat signatures are obsolete. Your computer is at risk. You are advised to update the signatures immediately.
12/10/2006 3:37:58 AM Real-time protection started.
12/10/2006 3:39:36 AM Please restart your computer to complete the installation of new or updated protection components.
12/10/2006 3:39:36 AM Please restart your computer to complete the installation of new or updated protection components.
12/10/2006 3:39:38 AM Update completed successfully.
12/10/2006 3:40:20 AM Real-time protection is not running. You are advised to resume protection.
12/10/2006 3:41:38 AM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/10/2006 3:41:46 AM Real-time protection started.
12/10/2006 3:52:43 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016311.exe//WiseSFX Dropper//WISE0017.BIN: detected adware 'not-a-virus:AdWare.Win32.NewDotNet'.
12/10/2006 3:52:43 AM Security threats have been detected. You are advised to neutralize them immediately.
12/10/2006 3:52:43 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016311.exe//WiseSFX Dropper//WISE0017.BIN: is still infected, postponed.
12/10/2006 3:52:43 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016311.exe//WiseSFX Dropper//WISE0019.BIN: detected adware 'not-a-virus:AdWare.Win32.Relevant.a'.
12/10/2006 3:53:00 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016319.exe//WiseSFX Dropper//WISE0017.BIN: detected adware 'not-a-virus:AdWare.Win32.NewDotNet'.
12/10/2006 3:53:00 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016319.exe//WiseSFX Dropper//WISE0017.BIN: is still infected, postponed.
12/10/2006 3:53:00 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016319.exe//WiseSFX Dropper//WISE0019.BIN: detected adware 'not-a-virus:AdWare.Win32.Relevant.a'.
12/10/2006 4:07:18 AM File C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\CPMN0PAN\winzip110[1].exe//SETUP.WZ/WINZIP32.EX_: is password protected.
12/10/2006 4:12:06 AM File C:\Documents and Settings\Deb\My Documents\GENEALOGY\geneology-Jackson\acornucopia.exe//WiseSFX Dropper//WISE0017.BIN: detected adware 'not-a-virus:AdWare.Win32.NewDotNet'.
12/10/2006 4:12:06 AM File C:\Documents and Settings\Deb\My Documents\GENEALOGY\geneology-Jackson\acornucopia.exe//WiseSFX Dropper//WISE0017.BIN: is still infected, postponed.
12/10/2006 4:12:06 AM File C:\Documents and Settings\Deb\My Documents\GENEALOGY\geneology-Jackson\acornucopia.exe//WiseSFX Dropper//WISE0019.BIN: detected adware 'not-a-virus:AdWare.Win32.Relevant.a'.
12/10/2006 7:03:08 AM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
12/10/2006 7:03:08 AM Real-time protection started.
12/10/2006 7:03:40 AM Security threats have been detected. You are advised to neutralize them immediately.
12/10/2006 7:12:07 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016311.exe//WiseSFX Dropper//WISE0017.BIN: detected adware 'not-a-virus:AdWare.Win32.NewDotNet'.
12/10/2006 7:12:07 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016311.exe//WiseSFX Dropper//WISE0017.BIN: is still infected, postponed.
12/10/2006 7:12:07 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016311.exe//WiseSFX Dropper//WISE0019.BIN: detected adware 'not-a-virus:AdWare.Win32.Relevant.a'.
12/10/2006 7:12:23 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016319.exe//WiseSFX Dropper//WISE0017.BIN: detected adware 'not-a-virus:AdWare.Win32.NewDotNet'.
12/10/2006 7:12:23 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016319.exe//WiseSFX Dropper//WISE0017.BIN: is still infected, postponed.
12/10/2006 7:12:23 AM File C:\System Volume Information\_restore{62905520-7370-4141-A23C-96F524828AF7}\RP64\A0016319.exe//WiseSFX Dropper//WISE0019.BIN: detected adware 'not-a-virus:AdWare.Win32.Relevant.a'.
12/10/2006 7:23:49 AM File C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\CPMN0PAN\winzip110[1].exe//SETUP.WZ/WINZIP32.EX_: is password protected.
12/10/2006 7:27:59 AM File C:\Documents and Settings\Deb\My Documents\GENEALOGY\geneology-Jackson\acornucopia.exe//WiseSFX Dropper//WISE0017.BIN: detected adware 'not-a-virus:AdWare.Win32.NewDotNet'.
12/10/2006 7:27:59 AM File C:\Documents and Settings\Deb\My Documents\GENEALOGY\geneology-Jackson\acornucopia.exe//WiseSFX Dropper//WISE0017.BIN: is still infected, postponed.
12/10/2006 7:27:59 AM File C:\Documents and Settings\Deb\My Documents\GENEALOGY\geneology-Jackson\acornucopia.exe//WiseSFX Dropper//WISE0019.BIN: detected adware 'not-a-virus:AdWare.Win32.Relevant.a'.

(Moderator edit: post moved to more appropriate forum. jgweed)

Edited by jgweed, 10 December 2006 - 10:44 AM.


BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:52 AM

Posted 10 December 2006 - 12:38 PM

detected adware 'not-a-virus'

Technically, no it's not a virus, it's classified as adware. The nice thing about Kaspersky is it detects a wide range of threats and software that may be unwanted. Adware is more of a nuisance than anything else, altho some of it does collect information about you so it could also be considered spyware. Some adware I don't mind, if it is just a program that displays ads to support itself. Others don't want any ads at all. So you have a choice of what you are willing to tolerate.

The question is is acornucopia.exe something you installed yourself and use. It's flagged as both NewDotNet and AdWare.Win32.Relevant.a. I'm not familiar with the latter but know something about NewDotNet. It's debatable whether the program is one that can be used legitimately or not. But in the large majority of cases, it comes bundled with other software and not something that you might particularly want so is usually foistware.

So generally we recommend removing it. But first you need to decide if it's something you need or want. I only ask because the file in question is in a geneology folder in your My Documents. So maybe you use it?

If you decide to remove NewDotNet be very careful. It must be uninstalled correctly or you could break your ability to get online. Follow the instructions in this self Help Guide exactly:

How To Remove New.net / Newdotnet

I would recommend removing it unless that file is something you just can't live without. Then scan again with Kaspersky and see if it goes away. It would be helpful to us all if you can tell us what you know about the acornucopia.exe file.

BTW, the file will still show up in the System Volume Information folder. That is where System Restore keeps it's Restore Points and they won't reinfect you unless you use System Restore. If you are successful in removing NewDotNet we can then purge those Restore Points so that doesn't happen, but it is a good idea to keep SR active so we have something to fall back on if something goes wrong.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users