Avast WEBforum

Other => Viruses and worms => Topic started by: cromag on July 19, 2009, 03:13:36 AM

Title: Emusic Setup bundle getting ID'ed as Adware-gen
Post by: cromag on July 19, 2009, 03:13:36 AM

The topic pretty much says it all.  The package at hXXp://www.emusic.com/remote/1.0/emusic_setup_bundle.exe set off Avast!, warning that it was a Adware-gen.  Emusic has been around a long time, and I know lots of folks who are customers.  Could Emusic have been hacked?  Or have they added something questionable to their service?

I don't think this is a false positive, because a friend with Norton says Norton picked it up as well -- calling it "Spyware-CometCursor."

Title: Re: Emusic Setup bundle getting ID'ed as Adware-gen
Post by: DavidR on July 19, 2009, 04:20:03 PM

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Title: Re: Emusic Setup bundle getting ID'ed as Adware-gen
Post by: cromag on July 19, 2009, 08:38:39 PM

Thanks, DavidR, but I may not have to do that.  I went to the quarantined file in the chest and re-scanned it.  In the detailed report it showed that of the many, many files in the setup, only two were flagged as "Win32:Adware-gen [Adw]" -- they were both associated with something called the "Alot toolbar."  McAfee Site Advisor, and just about everyone else I found on the web, flags this as spyware/adware.

I'll try to follow your directions and run this through Virus Total later, when I have a bit more time, but this looks like the cause.  Thank you very much.

Title: Re: Emusic Setup bundle getting ID'ed as Adware-gen
Post by: Lisandro on July 19, 2009, 08:55:11 PM

We hate adware as much as any other malware.
Why do people continue to use this way for ad?

Title: Re: Emusic Setup bundle getting ID'ed as Adware-gen
Post by: cromag on July 20, 2009, 08:56:24 AM

Thanks for your help and patience.  I follwed your instructions and uploaded the setup.exe file to VirusTotal.  The results page is <HERE> (http://www.virustotal.com/analisis/6e2bd38c9bd86d1470607bc93c11c04b32b9fdd0aa90b2c699841d6ba2e008f8-1248072400).

Bottom line, the file was identified as adware by 8 of the 39 scanners.  Norton wasn't used, so that might have been another hit.

I'd just as soon not have it on my computer, so I'm deleting it now.   ;)

Thanks again for your help!