Author Topic: FP: aawservice.exe PROCESSES misidentified as Trojans (Read 4867 times)

yarok · « **on:** August 01, 2010, 11:25:09 PM »

I have Avast 5 Free and Adaware 8.3 Free.

Ad-Watch (AdAware's real-time shield, aawservice.exe) is running a group of 14 processes.

Avast misidentifies all 14 processes as 13 different Trojans and 1 HTML I-Frame gen.

AdAware itself and Malwarebytes report clean processes.

The file aawservice.exe is clean (according to VirusTotal and Avast itself). Only the processes that this CLEAN file is running are misidentified as INFECTED! How can a CLEAN file run INFECTED processes???

Thank you for any help you can render.

Y.

Asyn · « **Reply #1 on:** August 01, 2010, 11:31:09 PM »

Quote from: yarok on August 01, 2010, 11:25:09 PM

Avast misidentifies all 14 processes as 13 different Trojans and 1 HTML I-Frame gen.

I guess this happens when you scan the memory with avast..!??
asyn

DavidR · « **Reply #2 on:** August 01, 2010, 11:58:55 PM »

Well I wouldn't call them false positives when you set loose a signature based scan, it will find them if you have it scam memory in the custom scan that you used.

These are locations in memory, related to adaware having placed unencrypted virus signatures in memory, so there is no file to actually perform any action on. It isn't saying aawservice.exe is infected but that is the process responsible for placing them in memory.

Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now and for me committing a sin in placing unencrypted virus signatures in memory where another security application looking for virus signatures would find them.

Asyn · « **Reply #3 on:** August 02, 2010, 12:26:31 AM »

Quote from: DavidR on August 01, 2010, 11:58:55 PM

Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now and for me committing a sin in placing unencrypted virus signatures in memory where another security application looking for virus signatures would find them.

+1
asyn

yarok · « **Reply #4 on:** August 02, 2010, 11:01:02 AM »

I wholeheartedly agree: unencrypted signatures are a NO-NO!!!

I somewhat disagree regarding the benefits of using Ad-Aware, but this debate is not for this forum or this thread.

Am running MBAM, too, of course. Unfortunately they have no resident shield.

You have helped a lot! Thanks.

Y.

Asyn · « **Reply #5 on:** August 02, 2010, 11:10:49 AM »

You're welcome..!
asyn

YoKenny · « **Reply #6 on:** August 02, 2010, 12:53:26 PM »

Quote from: yarok on August 02, 2010, 11:01:02 AM

Am running MBAM, too, of course. Unfortunately they have no resident shield.

MBAM has Website Blocking in the paid version.

I am with DavidR

Quote

Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now and for me committing a sin in placing unencrypted virus signatures in memory where another security application looking for virus signatures would find them.

Author Topic: FP: aawservice.exe PROCESSES misidentified as Trojans (Read 4867 times)

yarok

FP: aawservice.exe PROCESSES misidentified as Trojans

Asyn

Re: FP: aawservice.exe PROCESSES misidentified as Trojans

DavidR

Re: FP: aawservice.exe PROCESSES misidentified as Trojans

Asyn

Re: FP: aawservice.exe PROCESSES misidentified as Trojans

yarok

Re: FP: aawservice.exe PROCESSES misidentified as Trojans

Asyn

Re: FP: aawservice.exe PROCESSES misidentified as Trojans

YoKenny

Re: FP: aawservice.exe PROCESSES misidentified as Trojans