Scanned this morning with the latest update and got one result:
A reg entry for DiaRemover (just the one). Got the same thing mysteriously on all my machines, including a freshly rebuilt XP SP2 machine with all updates. I have nothing installed that remotely points to DiaRemover and Ewido et al give me a clean scan. I'm assuming this is another false positive. Can someone comment / confirm please?
Thanks
Full Version: DiaRemover F/P
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
I have had the same detection after the latest update (which corrected yesterday's FPs).
I too believe this to be a false positive as there have been no symptoms of this type of scumware (Diaremover) a rogue spyware that attempts scam the user into buy the product.
Nor has Spybot S&D, Ewido, my firewall or avast! anti-virus detected anything.
The most convincing thing is that there has been no behaviour like a rogue spyware infection and coming directly after an update to me is suspect.
QUOTE
Name:Diaremover
Category:Malware
Object Type:Regkey
Size:0 Bytes
Location:...\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}\
Last Activity:13-09-2006
Relevance:Low
TAC index:10
Comment:
Description:Diaremover is a rogue spyware that attempts scam the user into buy the product. Diaremover installs false positives that it the finds and claims to be very critical hits. Uses downloaders and droppers to install itself in stealth on a compromised system. The uninstaller only works partially, and may even reinstall the software later on.
Category:Malware
Object Type:Regkey
Size:0 Bytes
Location:...\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}\
Last Activity:13-09-2006
Relevance:Low
TAC index:10
Comment:
Description:Diaremover is a rogue spyware that attempts scam the user into buy the product. Diaremover installs false positives that it the finds and claims to be very critical hits. Uses downloaders and droppers to install itself in stealth on a compromised system. The uninstaller only works partially, and may even reinstall the software later on.
I too believe this to be a false positive as there have been no symptoms of this type of scumware (Diaremover) a rogue spyware that attempts scam the user into buy the product.
Nor has Spybot S&D, Ewido, my firewall or avast! anti-virus detected anything.
The most convincing thing is that there has been no behaviour like a rogue spyware infection and coming directly after an update to me is suspect.
Same here, I found this:
-----------------------------------------------------------------------
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
-----------------------------------------------------------------------
I'm waiting for any confirmation of new FP...
-----------------------------------------------------------------------
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-1677128483-1343024091-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
-----------------------------------------------------------------------
I'm waiting for any confirmation of new FP...
Now, I am wondering what's going on. I've search high an low for this malware and oddly there's nothing online about it. I only found one or two sites but nothing I trusted to actually view. I even stumbled onto this thread by mistake.
I got the same results today after updating the Ad-aware software. Does anyone know more about this? If I should be concerned?
I've used Spybot, my ISP anti-spy, spysubtract, micro defender and none of these caught this so-called spyware.
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-4208328222-882473164-2515519820-1006\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
I got the same results today after updating the Ad-aware software. Does anyone know more about this? If I should be concerned?
I've used Spybot, my ISP anti-spy, spysubtract, micro defender and none of these caught this so-called spyware.
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-4208328222-882473164-2515519820-1006\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
It's EXACTLY the same for me...
I even fixed some lines that didn't seem bad with hijack this, cause my despair is so great...
Help (confirm the false positive or not) before I make some definitive mistake on my computer
Thanks
I even fixed some lines that didn't seem bad with hijack this, cause my despair is so great...
Help (confirm the false positive or not) before I make some definitive mistake on my computer
Thanks
QUOTE(chucklaplante @ Sep 14 2006, 12:27 AM) 
It's EXACTLY the same for me...
I even fixed some lines that didn't seem bad with hijack this, cause my despair is so great...
Help (confirm the false positive or not) before I make some definitive mistake on my computer
Thanks
I even fixed some lines that didn't seem bad with hijack this, cause my despair is so great...
Help (confirm the false positive or not) before I make some definitive mistake on my computer
Thanks
Personally I haven't taken any action on this DiaRemover detection, ignore or quarantine as I believe it is a false positive. Another reason is what the DiaRemover (Diaremover is a rogue spyware that attempts scam the user into buy the product.) trying to get you to buy it, etc. so even if a valid detection it would be a minor irritation as I'm certainly not going to fall for any request/blackmail, etc. to purchase it.
Note post #9, by LS Calamity Jane:
'Yep, think that is another one. I've alerted the Research Team so please be patient while they look at that one (wasn't known last night so it's not in the latest update yet)
http://www.lavasoftsupport.com/index.php?showtopic=3347
and here:
http://www.lavasoftsupport.com/index.php?showtopic=3363
'Yep, think that is another one. I've alerted the Research Team so please be patient while they look at that one (wasn't known last night so it's not in the latest update yet)
http://www.lavasoftsupport.com/index.php?showtopic=3347
and here:
http://www.lavasoftsupport.com/index.php?showtopic=3363
Aren't definitions tested by LS before its releasing don't they? If so why they end up as FPs?
ok, I get the exact same thing, but i have F-secure antivirus/antispyware
exactly the same place and all of that, but if I remvoe it or place it in quaranteen it recreates itself when I reboot the computer
exactly the same place and all of that, but if I remvoe it or place it in quaranteen it recreates itself when I reboot the computer
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.