Hi all. After recently instaling Ad-Aware Anniversary Edition Pro it began pulling-up any screensavers I had purchased from 3Planesoft.com. The last one I purchased, that actually hasn't run yet is the 3D Haloween SS:-
http://www.3planesoft.com/holidays-screens...3d-screensaver/
Though it has been other SS that 3planesoft make and are on my PC that have been giving me, I hope, false positives, e.g. Christmas Bells 3D Screensaver.
Ad-Aware's Ad-Watch has been stopping the executable part of the screensavers - so far it has put the main executables from 4 screensavers by 3Planesoft into quarantine. Ad-Watch was also concerned about Screensaver Manager part that comes with each screensaver.
I've been in touch with the helpful Lavasoft's Johan, he says posting some details her might help solve things. I've included a log file from today. Hopefully things can get cleared-up one way or another peeps?
TIA,
Andy W.
Full Version: 3Planesoft Screensavers False Positives or not?
Hi billywest1967,
Thanks for your post. We will investigate further - if this is a false positive it will be removed from detection as of the next definition file update.
Regards,
Andy
Lavasoft Malware Labs
Thanks for your post. We will investigate further - if this is a false positive it will be removed from detection as of the next definition file update.
Regards,
Andy
Lavasoft Malware Labs
Hi billywest1967,
The log file didn't give up as much information as I was hoping for. I also downloaded a number of screensavers from the site but didn't get any detections.
Would it be pssible for you to run a scan that detects the files you mention and post that? The information about those detections will allow us to check the corresponding entries in the detection databases. Thanks!
Regards,
Andy
Lavasoft Malware Labs
The log file didn't give up as much information as I was hoping for. I also downloaded a number of screensavers from the site but didn't get any detections.
Would it be pssible for you to run a scan that detects the files you mention and post that? The information about those detections will allow us to check the corresponding entries in the detection databases. Thanks!
Regards,
Andy
Lavasoft Malware Labs
Hi Andy,
That seems good news on the whole so far. But, Ad-Watch is still detecting the SS files from 3Planesoft when they run here LOL. A recent one that was quarantined and logged was Zodiac Clock - I've added the log, if it's of any use? 2009-10-13-10-15-31.log This is of a log that runs just after the SS attempt to run btw. On a daily Smart Scan or a weekly Full Scan I run, Ad-Ware detects nothing out of the ordinary. It's only Ad-watch's Process Watch, which was set on mild that picked the SS activity.
Maybe these screensavers are legit? Well I hope so, as I say I did pay good money for them.
I'll get back in a couple of days.
Thanks again,
Andy W.
That seems good news on the whole so far. But, Ad-Watch is still detecting the SS files from 3Planesoft when they run here LOL. A recent one that was quarantined and logged was Zodiac Clock - I've added the log, if it's of any use? 2009-10-13-10-15-31.log This is of a log that runs just after the SS attempt to run btw. On a daily Smart Scan or a weekly Full Scan I run, Ad-Ware detects nothing out of the ordinary. It's only Ad-watch's Process Watch, which was set on mild that picked the SS activity.
Maybe these screensavers are legit? Well I hope so, as I say I did pay good money for them.
I'll get back in a couple of days.
Thanks again,
Andy W.
QUOTE(LS Andy @ Oct 12 2009, 07:28 AM) 
Hi billywest1967,
The log file didn't give up as much information as I was hoping for. I also downloaded a number of screensavers from the site but didn't get any detections.
Would it be pssible for you to run a scan that detects the files you mention and post that? The information about those detections will allow us to check the corresponding entries in the detection databases. Thanks!
Regards,
Andy
Lavasoft Malware Labs
The log file didn't give up as much information as I was hoping for. I also downloaded a number of screensavers from the site but didn't get any detections.
Would it be pssible for you to run a scan that detects the files you mention and post that? The information about those detections will allow us to check the corresponding entries in the detection databases. Thanks!
Regards,
Andy
Lavasoft Malware Labs
Hi!
The file is detected as a suspicious object. You can read more about it here:
http://www.lavasoftsupport.com/index.php?showtopic=23576
It would be really helpful if you can upload the detected file in this thread. So we could take a closer look at it.
C:\Windows\SysWOW64\Zodiac Clock 3D Screensaver.exe :
Here are instructions for uploading files and FP reports:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
The file is detected as a suspicious object. You can read more about it here:
http://www.lavasoftsupport.com/index.php?showtopic=23576
It would be really helpful if you can upload the detected file in this thread. So we could take a closer look at it.
C:\Windows\SysWOW64\Zodiac Clock 3D Screensaver.exe :
Here are instructions for uploading files and FP reports:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
Hi Albin,
Righto then, seems with Heuristics turned-up, this file is always going to be picked-up as a "nasty", no?
But just in case, I will upload Zodiac Clock 3D Screensaver.exe from my PC. 10mins later: Andy eventually managed to zip it along with the scr and a log, phew!
I will hopefully also try to send the right FP log too, much harder than it sounds btw. Especially as I've just installed the new version of Ad-Aware and another D*mn SS (Snow Village 3D SS this time) from 3PlaneSoftware has run while I was out of the house - GRRR! Of course this is what reminded me to get back in touch with you.
I've just done a context scan of C:\Windows\SysWOW64, no problems found basically, I'm confused. So I'm doing the weekly Full Scan now anyway to see if I can get some kind of log for you. Maybe you can get enough from the attachment I've made and let me know more? Perhaps in the end I'll just have to end up turning Heuristics down? I'll get back soon.
Thanks, Andy W.
Righto then, seems with Heuristics turned-up, this file is always going to be picked-up as a "nasty", no?
But just in case, I will upload Zodiac Clock 3D Screensaver.exe from my PC. 10mins later: Andy eventually managed to zip it along with the scr and a log, phew!
I will hopefully also try to send the right FP log too, much harder than it sounds btw. Especially as I've just installed the new version of Ad-Aware and another D*mn SS (Snow Village 3D SS this time) from 3PlaneSoftware has run while I was out of the house - GRRR! Of course this is what reminded me to get back in touch with you.
I've just done a context scan of C:\Windows\SysWOW64, no problems found basically, I'm confused. So I'm doing the weekly Full Scan now anyway to see if I can get some kind of log for you. Maybe you can get enough from the attachment I've made and let me know more? Perhaps in the end I'll just have to end up turning Heuristics down? I'll get back soon.
Thanks, Andy W.
QUOTE(LS Albin @ Oct 15 2009, 01:44 PM)
Hi!
The file is detected as a suspicious object. You can read more about it here:
http://www.lavasoftsupport.com/index.php?showtopic=23576
It would be really helpful if you can upload the detected file in this thread. So we could take a closer look at it.
C:\Windows\SysWOW64\Zodiac Clock 3D Screensaver.exe :
Here are instructions for uploading files and FP reports:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
The file is detected as a suspicious object. You can read more about it here:
http://www.lavasoftsupport.com/index.php?showtopic=23576
It would be really helpful if you can upload the detected file in this thread. So we could take a closer look at it.
C:\Windows\SysWOW64\Zodiac Clock 3D Screensaver.exe :
Here are instructions for uploading files and FP reports:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Thanks
Albin
Lavasoft Malware Labs
Hi again !
Try to turn down the heuristics to avoid detection of the file.
Please let me know if the file is still detected after changed the settings.
Thanks
Albin
Lavasoft Malware Labs
Try to turn down the heuristics to avoid detection of the file.
Please let me know if the file is still detected after changed the settings.
Thanks
Albin
Lavasoft Malware Labs
Hi again,
I'd love to turn down the heuristics Albin, but can't find where to uncheck Spyware Heuristics or similar now on Ad-Ware Pro, on the Profile Scans tab anywhere. I've followed your links.
Can you point me in the right direction where I might turn down these darn heuristics so my lovely, paid for screensavers might stop giving false positives, please? Thanks.
Andy W.
I'd love to turn down the heuristics Albin, but can't find where to uncheck Spyware Heuristics or similar now on Ad-Ware Pro, on the Profile Scans tab anywhere. I've followed your links.
Can you point me in the right direction where I might turn down these darn heuristics so my lovely, paid for screensavers might stop giving false positives, please? Thanks.
Andy W.
QUOTE(LS Albin @ Oct 19 2009, 07:35 AM)
Hi again !
Try to turn down the heuristics to avoid detection of the file.
Please let me know if the file is still detected after changed the settings.
Thanks
Albin
Lavasoft Malware Labs
Try to turn down the heuristics to avoid detection of the file.
Please let me know if the file is still detected after changed the settings.
Thanks
Albin
Lavasoft Malware Labs
Hi billwest1967,
Not sure if you still have AE or updated to the new 8.1. You can download/view user manuals from here:
http://lavasoft.com/support/supportcenter/...uct_manuals.php
Anniversary Edition
1. under Settings - Scanning - Profile Settings, there are checkboxes for Spyware Heuristics and Anti-virus Behavior-based detection (mild, medium, strict).
2. under Settings - Ad-Watch Live! - Detection Layers, there are similar checkboxes.
2010 Version 8.1
1. under Settings - Profile Scans - Profile Settings, there's a checkbox for Behavior-based detection.
2. under Settings - Ad-Watch Live! - Detection Layers, there's a similar checkbox.
It looks like the new version has eliminated the mild, medium, strict settings for Behavior-based detection - you might try the settings in both Simple and Advanced Modes to see if there's a difference.
Not sure if you still have AE or updated to the new 8.1. You can download/view user manuals from here:
http://lavasoft.com/support/supportcenter/...uct_manuals.php
Anniversary Edition
1. under Settings - Scanning - Profile Settings, there are checkboxes for Spyware Heuristics and Anti-virus Behavior-based detection (mild, medium, strict).
2. under Settings - Ad-Watch Live! - Detection Layers, there are similar checkboxes.
2010 Version 8.1
1. under Settings - Profile Scans - Profile Settings, there's a checkbox for Behavior-based detection.
2. under Settings - Ad-Watch Live! - Detection Layers, there's a similar checkbox.
It looks like the new version has eliminated the mild, medium, strict settings for Behavior-based detection - you might try the settings in both Simple and Advanced Modes to see if there's a difference.
Thanks Albin,
All sorted. I've turned off the Behaviour Based Detection in Ad-Aware, evidently the new 8.10. So the lovely SS from 3Planesoft are running lovely now, without interference from Ad-Watch Live!
But perhaps another question you might be able to help me with before I leave you, please?
Re. Ad-Aware's Anti-virus engine. I already own a good proprietary AV (Norton360), so I understand having Ad-Aware's ticked-on and running under Ad-Watch-Live!/Detection Layer would be probably be a bad idea?
But, what about while doing scheduled scans with Ad-Aware? I.E., should I leave the box ticked-on and running under Settings/Profile Scans/Antivirus? Could I leave this option on for scanning without the two AV engines clashing?
Or do you recommend leaving both boxes unticked?
TIA,
Andy W.
All sorted. I've turned off the Behaviour Based Detection in Ad-Aware, evidently the new 8.10. So the lovely SS from 3Planesoft are running lovely now, without interference from Ad-Watch Live!
But perhaps another question you might be able to help me with before I leave you, please?
Re. Ad-Aware's Anti-virus engine. I already own a good proprietary AV (Norton360), so I understand having Ad-Aware's ticked-on and running under Ad-Watch-Live!/Detection Layer would be probably be a bad idea?
But, what about while doing scheduled scans with Ad-Aware? I.E., should I leave the box ticked-on and running under Settings/Profile Scans/Antivirus? Could I leave this option on for scanning without the two AV engines clashing?
Or do you recommend leaving both boxes unticked?
TIA,
Andy W.
QUOTE(visitor @ Oct 20 2009, 12:32 PM)
Hi billwest1967,
Not sure if you still have AE or updated to the new 8.1. You can download/view user manuals from here:
http://lavasoft.com/support/supportcenter/...uct_manuals.php
Anniversary Edition
1. under Settings - Scanning - Profile Settings, there are checkboxes for Spyware Heuristics and Anti-virus Behavior-based detection (mild, medium, strict).
2. under Settings - Ad-Watch Live! - Detection Layers, there are similar checkboxes.
2010 Version 8.1
1. under Settings - Profile Scans - Profile Settings, there's a checkbox for Behavior-based detection.
2. under Settings - Ad-Watch Live! - Detection Layers, there's a similar checkbox.
It looks like the new version has eliminated the mild, medium, strict settings for Behavior-based detection - you might try the settings in both Simple and Advanced Modes to see if there's a difference.
Not sure if you still have AE or updated to the new 8.1. You can download/view user manuals from here:
http://lavasoft.com/support/supportcenter/...uct_manuals.php
Anniversary Edition
1. under Settings - Scanning - Profile Settings, there are checkboxes for Spyware Heuristics and Anti-virus Behavior-based detection (mild, medium, strict).
2. under Settings - Ad-Watch Live! - Detection Layers, there are similar checkboxes.
2010 Version 8.1
1. under Settings - Profile Scans - Profile Settings, there's a checkbox for Behavior-based detection.
2. under Settings - Ad-Watch Live! - Detection Layers, there's a similar checkbox.
It looks like the new version has eliminated the mild, medium, strict settings for Behavior-based detection - you might try the settings in both Simple and Advanced Modes to see if there's a difference.
QUOTE(billywest1967 @ Oct 25 2009, 01:12 PM)
Thanks Albin,
All sorted. I've turned off the Behaviour Based Detection in Ad-Aware, evidently the new 8.10. So the lovely SS from 3Planesoft are running lovely now, without interference from Ad-Watch Live!
But perhaps another question you might be able to help me with before I leave you, please?
Re. Ad-Aware's Anti-virus engine. I already own a good proprietary AV (Norton360), so I understand having Ad-Aware's ticked-on and running under Ad-Watch-Live!/Detection Layer would be probably be a bad idea?
But, what about while doing scheduled scans with Ad-Aware? I.E., should I leave the box ticked-on and running under Settings/Profile Scans/Antivirus? Could I leave this option on for scanning without the two AV engines clashing?
Or do you recommend leaving both boxes unticked?
TIA,
Andy W.
All sorted. I've turned off the Behaviour Based Detection in Ad-Aware, evidently the new 8.10. So the lovely SS from 3Planesoft are running lovely now, without interference from Ad-Watch Live!
But perhaps another question you might be able to help me with before I leave you, please?
Re. Ad-Aware's Anti-virus engine. I already own a good proprietary AV (Norton360), so I understand having Ad-Aware's ticked-on and running under Ad-Watch-Live!/Detection Layer would be probably be a bad idea?
But, what about while doing scheduled scans with Ad-Aware? I.E., should I leave the box ticked-on and running under Settings/Profile Scans/Antivirus? Could I leave this option on for scanning without the two AV engines clashing?
Or do you recommend leaving both boxes unticked?
TIA,
Andy W.
Hi!
You will get better protection whith both AV engines turned on. However this might take up more system resources. If you are not using your computer while scanning I would recommend you to have full protection (both AV engines). Ad-Watch will protect you in real time so I recommended you to have this function running.
Thanks
Albin
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.