Jump to content


Photo

McAfee flags up AAW free download as malware


  • This topic is locked This topic is locked
16 replies to this topic

#1 epsilon

epsilon

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 09 July 2010 - 11:09 PM

New to this forum so hello to all.

Just tried to run a scan of AAW free but received a message indicating that a new version of software was available. Attempted to download the new software from CNet but as soon as it started, my McAfee software stepped in to block it suggesting that the AAW download contained malware. ;)

Likely to be a false positive I know but, once you see that message (which has hardly ever happened to me before), there is always that slight doubt that maybe something nasty has got into the download. I don't like ignoring warnings. Such things are not unknown, after all.

For the time being I abandoned the download of the new software pending resolution of the issue. If there really is a problem with the download, it needs, of course, to be cleaned up. Otherwise, perhaps Lavasoft need to talk to McAfee to get the false positive removed. In the meantime, just thought I'd post it here to alert Users (and Lavasoft - presumably they read this forum) of the problem.

e.

#2 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 10 July 2010 - 12:22 PM

Thanks for the info. McAfee detected Ad-Aware back in April, May 2010 but it was the processwatch.exe file. Lavasoft contacted McAfee, but it helps for users to report it to McAfee also:

http://www.lavasofts...s...st&p=119131

One user got a reply from McAfee - they advised uninstalling Lavasoft Ad-Aware instead of fixing their definitions ;)

I've updated Lavasoft to let them know Ad-Aware's installer is now detected:

http://www.lavasofts...s...st&p=120943
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#3 epsilon

epsilon

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 10 July 2010 - 04:56 PM

One user got a reply from McAfee - they advised uninstalling Lavasoft Ad-Aware instead of fixing their definitions ;)


No surprise I suppose. Ad-Aware is, after all, competition as far as McAfee are concerned. Disappointing nontheless.

Was the issue with processwatch.exe resolved or can I expect to hit that one later?

e.

#4 heriss

heriss

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 10 July 2010 - 08:30 PM

Hi be glad that your mcaffie stoped the down load as avg did not and i got well and truly shafted the download when run was in azabijanie and released at least 10 trojans to the extent i had to reinstall xp

#5 epsilon

epsilon

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 11 July 2010 - 01:07 AM

Hi be glad that your mcaffie stoped the down load as avg did not and i got well and truly shafted the download when run was in azabijanie and released at least 10 trojans to the extent i had to reinstall xp


Ouch! ;)

Thanks for the warning heriss. I'll certainly continue holding off from updating until this one is cleared up.

e.

#6 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 11 July 2010 - 12:02 PM

No surprise I suppose. Ad-Aware is, after all, competition as far as McAfee are concerned.

Competitors, but kinda dirty. I think some security companies actually share info on malware signatures and stuff, and compete more on the software development of features and ease of use. If it wasn't evil to not address false positives, everyone would be adding the competition to their detection databases, LOL.

Was the issue with processwatch.exe resolved or can I expect to hit that one later?

As far as I know, it was fixed. There weren't any posts about it later.

Ouch! ;)
Thanks for the warning heriss. I'll certainly continue holding off from updating until this one is cleared up.

If you want to subscribe/follow, here's the other post about the alleged malicious Ad-Aware trojans:

http://www.lavasofts...showtopic=29587
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#7 geosin

geosin

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 14 July 2010 - 06:59 PM

Competitors, but kinda dirty. I think some security companies actually share info on malware signatures and stuff, and compete more on the software development of features and ease of use. If it wasn't evil to not address false positives, everyone would be adding the competition to their detection databases, LOL.
As far as I know, it was fixed. There weren't any posts about it later.
If you want to subscribe/follow, here's the other post about the alleged malicious Ad-Aware trojans:

http://www.lavasofts...showtopic=29587



Interesting that I got Ad-aware flagged when I tried to download using Firefox but not when using IE8

#8 epsilon

epsilon

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 14 July 2010 - 07:53 PM

Interesting that I got Ad-aware flagged when I tried to download using Firefox but not when using IE8


Very interesting. I too was using Firefox. Didn't think of trying IE.

Now I wonder why that would be. :angry:

Should I conclude that you did, in the end, install without any further incidents and all is well?

e.

#9 geosin

geosin

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 15 July 2010 - 11:43 AM

Very interesting. I too was using Firefox. Didn't think of trying IE.

Now I wonder why that would be. :angry:

Should I conclude that you did, in the end, install without any further incidents and all is well?

e.



Yes, installed with no problems and all seems OK. Ad-aware scan ran right after installation

#10 WDF1

WDF1

    Member

  • Members
  • PipPip
  • 21 posts

Posted 16 July 2010 - 01:14 AM

For what it's worth: about an hour ago, using Firefox 3.6.6, I downloaded A-A 8.3.0 (+ def's 0150.0013) from CNET & installed it; McAfee cited "possible malware", which I told it to ignore, and everything was fine from then on (including a test scan, which found a couple of tracking cookies, which ATT/Yahoo always delivers to me).

Edited by WDF1, 16 July 2010 - 01:35 AM.


#11 Computer wizard

Computer wizard

    Advanced Member

  • Valued Member
  • PipPipPip
  • 155 posts

Posted 16 July 2010 - 04:21 AM

Did Mcafee flag with it's heuristics or it's signatures?
~*~The more you interact with your security solution the better protected you are - The less you interact the less protected you are!~*~

Need assistance with Stubborn infections? Create a new topic in - HiJack- This forum
Stumbled upon a false positive? Create a new topic in - False Positive - Ad aware forum

#12 epsilon

epsilon

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 16 July 2010 - 08:28 AM

Did Mcafee flag with it's heuristics or it's signatures?

In my case, it can only have been signature based, as it was right at the start of the download in Firefox. At that stage, there wouldn't have been any activity for heuristics to trap. The actual message was shown as coming from McAfee Site Advisor. If I recall correctly, the wording was very brief but seemed to suggest that the Lavasoft site had been pre-scanned (as I believe Site Advisor does) and that the download had already been identified as questionable before I tried to download it. It offered no option for further details but simply 'allow' or 'block'.

Thanks for the reassurance, geosin and WDF1. Makes me think I should probably go ahead in spite of McAfee's warnings.

e.

#13 WDF1

WDF1

    Member

  • Members
  • PipPip
  • 21 posts

Posted 17 July 2010 - 04:02 AM

For what it's worth: about an hour ago, using Firefox 3.6.6, I downloaded A-A 8.3.0 (+ def's 0150.0013) from CNET & installed it; McAfee cited "possible malware", which I told it to ignore, and everything was fine from then on (including a test scan, which found a couple of tracking cookies, which ATT/Yahoo always delivers to me).

Afterthought: For completeness, I should have mentioned that, during A-A installation, I UNchecked the box to restart my computer in order to activate Ad-Watch Live, so as to avoid interaction problems with McAfee's similar function.

#14 Computer wizard

Computer wizard

    Advanced Member

  • Valued Member
  • PipPipPip
  • 155 posts

Posted 17 July 2010 - 05:44 AM

Afterthought: For completeness, I should have mentioned that, during A-A installation, I UNchecked the box to restart my computer in order to activate Ad-Watch Live, so as to avoid interaction problems with McAfee's similar function.


Did Ad-watch activate on the next system start-up? did you also try to temporarily disable mcafee? as both security suites have a real time protection mcafee would have recognized the behavior and making the assumption it was a rogue attack so turning off mcafee and turning it back on after ad-aware had completed it final steps would have worked ( in theory lol ). keep in mind if you have mcafee ad-watch really doesn't need to be active but its good to know its all in working order. It's good to know you got it sorted though well done :)

Cheers

Computer Wizard
~*~The more you interact with your security solution the better protected you are - The less you interact the less protected you are!~*~

Need assistance with Stubborn infections? Create a new topic in - HiJack- This forum
Stumbled upon a false positive? Create a new topic in - False Positive - Ad aware forum

#15 ascendant

ascendant

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 19 August 2010 - 12:20 AM

Just tried to run a scan of AAW free but received a message indicating that a new version of software was available. Attempted to download the new software from CNet but as soon as it started, my McAfee software stepped in to block it suggesting that the AAW download contained malware. :)


This was not a false positive, just a false definition. The 2010 version of Ad-Aware now has pop-up ads embedded into the installation, which is the exact definition of adware. McAfee was justified in blocking it, they just incorrectly categorized it as malware instead of adware. Though I don't like McAfee myself, they were protecting you from a program that now has pop-ups, so I would listen to McAfee and stay away from this version of Ad-Aware.

#16 Computer wizard

Computer wizard

    Advanced Member

  • Valued Member
  • PipPipPip
  • 155 posts

Posted 19 August 2010 - 01:10 AM

i have too disagree with that reason of blocking Ad-aware for being categorized as adware.

1. McAfee as far as I've seen is the only AV company that flaged Adaware for any particular reason.

2. If it was adware Mcafee wouldn't be the only one flagging Ad-aware and then LS would be in trouble for distributing there product

3. as like LS adaware, mcafee uses signatures, which aren't very reliable and accurate.
~*~The more you interact with your security solution the better protected you are - The less you interact the less protected you are!~*~

Need assistance with Stubborn infections? Create a new topic in - HiJack- This forum
Stumbled upon a false positive? Create a new topic in - False Positive - Ad aware forum

#17 WDF1

WDF1

    Member

  • Members
  • PipPip
  • 21 posts

Posted 20 August 2010 - 08:06 PM

Did Ad-watch activate on the next system start-up? did you also try to temporarily disable mcafee? as both security suites have a real time protection mcafee would have recognized the behavior and making the assumption it was a rogue attack so turning off mcafee and turning it back on after ad-aware had completed it final steps would have worked ( in theory lol ). keep in mind if you have mcafee ad-watch really doesn't need to be active but its good to know its all in working order. It's good to know you got it sorted though well done :)

Cheers

Computer Wizard


Days later, after one of those multi-item bug-fix updates from Microsoft, I had to restart, but Ad-Watch retained its "off" setting. At no time did I try to temporarily disable McAfee (but I would have if Ad-Watch had activated, thus causing the scenario you described).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users