16 replies to this topic

[epsilon]

New to this forum so hello to all.

Just tried to run a scan of AAW free but received a message indicating that a new version of software was available. Attempted to download the new software from CNet but as soon as it started, my McAfee software stepped in to block it suggesting that the AAW download contained malware.

Likely to be a false positive I know but, once you see that message (which has hardly ever happened to me before), there is always that slight doubt that maybe something nasty has got into the download. I don't like ignoring warnings. Such things are not unknown, after all.

For the time being I abandoned the download of the new software pending resolution of the issue. If there really is a problem with the download, it needs, of course, to be cleaned up. Otherwise, perhaps Lavasoft need to talk to McAfee to get the false positive removed. In the meantime, just thought I'd post it here to alert Users (and Lavasoft - presumably they read this forum) of the problem.

e.

[visitor]

Thanks for the info. McAfee detected Ad-Aware back in April, May 2010 but it was the processwatch.exe file. Lavasoft contacted McAfee, but it helps for users to report it to McAfee also:

http://www.lavasofts...s...st&p=119131

One user got a reply from McAfee - they advised uninstalling Lavasoft Ad-Aware instead of fixing their definitions

I've updated Lavasoft to let them know Ad-Aware's installer is now detected:

http://www.lavasofts...s...st&p=120943

[epsilon]

One user got a reply from McAfee - they advised uninstalling Lavasoft Ad-Aware instead of fixing their definitions

No surprise I suppose. Ad-Aware is, after all, competition as far as McAfee are concerned. Disappointing nontheless.

Was the issue with processwatch.exe resolved or can I expect to hit that one later?

e.

[heriss]

Hi be glad that your mcaffie stoped the down load as avg did not and i got well and truly shafted the download when run was in azabijanie and released at least 10 trojans to the extent i had to reinstall xp

[epsilon]

Hi be glad that your mcaffie stoped the down load as avg did not and i got well and truly shafted the download when run was in azabijanie and released at least 10 trojans to the extent i had to reinstall xp

Ouch!

Thanks for the warning heriss. I'll certainly continue holding off from updating until this one is cleared up.

e.

[visitor]

No surprise I suppose. Ad-Aware is, after all, competition as far as McAfee are concerned.

Competitors, but kinda dirty. I think some security companies actually share info on malware signatures and stuff, and compete more on the software development of features and ease of use. If it wasn't evil to not address false positives, everyone would be adding the competition to their detection databases, LOL.

Was the issue with processwatch.exe resolved or can I expect to hit that one later?

As far as I know, it was fixed. There weren't any posts about it later.

Ouch!
Thanks for the warning heriss. I'll certainly continue holding off from updating until this one is cleared up.

If you want to subscribe/follow, here's the other post about the alleged malicious Ad-Aware trojans:

http://www.lavasofts...showtopic=29587

[geosin]

Competitors, but kinda dirty. I think some security companies actually share info on malware signatures and stuff, and compete more on the software development of features and ease of use. If it wasn't evil to not address false positives, everyone would be adding the competition to their detection databases, LOL.
As far as I know, it was fixed. There weren't any posts about it later.
If you want to subscribe/follow, here's the other post about the alleged malicious Ad-Aware trojans:

http://www.lavasofts...showtopic=29587

Interesting that I got Ad-aware flagged when I tried to download using Firefox but not when using IE8

[epsilon]

Interesting that I got Ad-aware flagged when I tried to download using Firefox but not when using IE8

Very interesting. I too was using Firefox. Didn't think of trying IE.

Now I wonder why that would be.

Should I conclude that you did, in the end, install without any further incidents and all is well?

e.

[geosin]

Very interesting. I too was using Firefox. Didn't think of trying IE.

Now I wonder why that would be.

Should I conclude that you did, in the end, install without any further incidents and all is well?

e.

Yes, installed with no problems and all seems OK. Ad-aware scan ran right after installation

[WDF1]

For what it's worth: about an hour ago, using Firefox 3.6.6, I downloaded A-A 8.3.0 (+ def's 0150.0013) from CNET & installed it; McAfee cited "possible malware", which I told it to ignore, and everything was fine from then on (including a test scan, which found a couple of tracking cookies, which ATT/Yahoo always delivers to me).

Edited by WDF1, 16 July 2010 - 01:35 AM.

[Computer wizard]

Did Mcafee flag with it's heuristics or it's signatures?

[epsilon]

Did Mcafee flag with it's heuristics or it's signatures?

In my case, it can only have been signature based, as it was right at the start of the download in Firefox. At that stage, there wouldn't have been any activity for heuristics to trap. The actual message was shown as coming from McAfee Site Advisor. If I recall correctly, the wording was very brief but seemed to suggest that the Lavasoft site had been pre-scanned (as I believe Site Advisor does) and that the download had already been identified as questionable before I tried to download it. It offered no option for further details but simply 'allow' or 'block'.

Thanks for the reassurance, geosin and WDF1. Makes me think I should probably go ahead in spite of McAfee's warnings.

e.

[WDF1]

For what it's worth: about an hour ago, using Firefox 3.6.6, I downloaded A-A 8.3.0 (+ def's 0150.0013) from CNET & installed it; McAfee cited "possible malware", which I told it to ignore, and everything was fine from then on (including a test scan, which found a couple of tracking cookies, which ATT/Yahoo always delivers to me).

Afterthought: For completeness, I should have mentioned that, during A-A installation, I UNchecked the box to restart my computer in order to activate Ad-Watch Live, so as to avoid interaction problems with McAfee's similar function.

[Computer wizard]

Afterthought: For completeness, I should have mentioned that, during A-A installation, I UNchecked the box to restart my computer in order to activate Ad-Watch Live, so as to avoid interaction problems with McAfee's similar function.

Did Ad-watch activate on the next system start-up? did you also try to temporarily disable mcafee? as both security suites have a real time protection mcafee would have recognized the behavior and making the assumption it was a rogue attack so turning off mcafee and turning it back on after ad-aware had completed it final steps would have worked ( in theory lol ). keep in mind if you have mcafee ad-watch really doesn't need to be active but its good to know its all in working order. It's good to know you got it sorted though well done

Cheers

Computer Wizard

[ascendant]

Just tried to run a scan of AAW free but received a message indicating that a new version of software was available. Attempted to download the new software from CNet but as soon as it started, my McAfee software stepped in to block it suggesting that the AAW download contained malware.

This was not a false positive, just a false definition. The 2010 version of Ad-Aware now has pop-up ads embedded into the installation, which is the exact definition of adware. McAfee was justified in blocking it, they just incorrectly categorized it as malware instead of adware. Though I don't like McAfee myself, they were protecting you from a program that now has pop-ups, so I would listen to McAfee and stay away from this version of Ad-Aware.

[Computer wizard]

i have too disagree with that reason of blocking Ad-aware for being categorized as adware.

1. McAfee as far as I've seen is the only AV company that flaged Adaware for any particular reason.

2. If it was adware Mcafee wouldn't be the only one flagging Ad-aware and then LS would be in trouble for distributing there product

3. as like LS adaware, mcafee uses signatures, which aren't very reliable and accurate.

[WDF1]

Did Ad-watch activate on the next system start-up? did you also try to temporarily disable mcafee? as both security suites have a real time protection mcafee would have recognized the behavior and making the assumption it was a rogue attack so turning off mcafee and turning it back on after ad-aware had completed it final steps would have worked ( in theory lol ). keep in mind if you have mcafee ad-watch really doesn't need to be active but its good to know its all in working order. It's good to know you got it sorted though well done

Cheers

Computer Wizard

Days later, after one of those multi-item bug-fix updates from Microsoft, I had to restart, but Ad-Watch retained its "off" setting. At no time did I try to temporarily disable McAfee (but I would have if Ad-Watch had activated, thus causing the scenario you described).