I scanned my system with Super Anti-Spyware, and it returns nothing. Yet Ad-Aware 2008 returns the following:
---------------------------------------------------------
Family Id: 1001 Name: Win32.TrojanDownloader.Agent Category: Malware TAI:10
Item Id: 436452 Value: File: C:\Install Files\Not Installed\FreeUndelete\freeundelete.exe
Item Id: 414375 Value: Root: HKU Path: S-1-5-21-1409082233-1606980848-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value: ShowSuperHidden Data: 0
---------------------------------------------------------
freeundelete.exe is from http://www.officerecovery.com/freeundelete/index.htm -- can someone else confirm this false alarm.
ShowSuperHidden is a standard registry entry. What is wrong with it, and why is Ad-Aware 2008 grouping it together with freeundelete.exe under Win32.TrojanDownloader.Agent?
Full Version: False Positive? Alarm feedback
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Hello JasonD
Thank you for reporting this. We will reinvestigate the file and if it is found to be a false positive it will be removed with the next definition file update.
Regards
LS Anders
Thank you for reporting this. We will reinvestigate the file and if it is found to be a false positive it will be removed with the next definition file update.
Regards
LS Anders
Thanks.
What about the ShowSuperHidden registry entry? I'm sure this entry appears on everyone's machine (except that I have it to show the hidden system files on my PC).
What about the ShowSuperHidden registry entry? I'm sure this entry appears on everyone's machine (except that I have it to show the hidden system files on my PC).
QUOTE(JasonD @ Jan 5 2009, 12:09 AM) 
Thanks.
What about the ShowSuperHidden registry entry? I'm sure this entry appears on everyone's machine (except that I have it to show the hidden system files on my PC).
What about the ShowSuperHidden registry entry? I'm sure this entry appears on everyone's machine (except that I have it to show the hidden system files on my PC).
Hi JasonD!
The file and the registry key will be removed from detection as of the next definition file update.
Thanks for reporting this issue
The current FreeUndelete Setup file "freeundelete.exe", available at h**p://www.officerecovery.com/freeundelete/index.htm, (FileVersion 1032.4455.0.0) and the installed
components are not detected by Ad-Aware.
Regards,
LS Pekka
Lavasoft Research
You're welcome.
I am still dumbfounded as to why the registry entry was detected. I would have thought 1,000's of people would have reported this already. Perhaps most people just assume the software is correct and let it go?
I am still dumbfounded as to why the registry entry was detected. I would have thought 1,000's of people would have reported this already. Perhaps most people just assume the software is correct and let it go?
QUOTE(JasonD @ Jan 5 2009, 05:19 PM)
You're welcome.
I am still dumbfounded as to why the registry entry was detected. I would have thought 1,000's of people would have reported this already. Perhaps most people just assume the software is correct and let it go?
I am still dumbfounded as to why the registry entry was detected. I would have thought 1,000's of people would have reported this already. Perhaps most people just assume the software is correct and let it go?
Hi again JasonD!
The ShowSuperHidden value controls whether certain Operating System Files are shown in Windows Explorer. Conventional Files and Folders uses the value "Hidden" and Hidden Operating System Files uses the
"ShowSuperHidden" value name in the registry. This means that even if you enable to show hidden files and folders some files will still be hidden in Windows Explorer.
Setting ShowSuperHidden to 1 (enabled) makes "Hidden Operating System Files" viewable and setting it to 0 (disabled) hides them on the system. This can be used by malware in order to hide certain installed objects. The detected object,
Item Id: 414375 Value: Root: HKU Path: S-1-5-21-1409082233-1606980848-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value: ShowSuperHidden Data: 0
was detected as an "conditional" depending on a condition, i.e. that a certain filehash was detected.
The issue is corrected in the current definition file release.
Regards,
LS Pekka
Lavasoft Research
Ah, so the value itself is expected and is fine, but Ad-Aware thought that it was set intentionally by some mal-ware to hide itself. I getcha.
QUOTE(JasonD @ Jan 6 2009, 03:39 PM)
Ah, so the value itself is expected and is fine, but Ad-Aware thought that it was set intentionally by some mal-ware to hide itself. I getcha.
Thanks again for reporting the issue
LS Pekka
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.