Author Topic: FP: aawservice.exe PROCESSES misidentified as Trojans  (Read 4856 times)

0 Members and 1 Guest are viewing this topic.

yarok

  • Guest
FP: aawservice.exe PROCESSES misidentified as Trojans
« on: August 01, 2010, 11:25:09 PM »
I have Avast 5 Free and Adaware 8.3 Free.

Ad-Watch (AdAware's real-time shield, aawservice.exe) is running a group of 14 processes.

Avast misidentifies all 14 processes as 13 different Trojans and 1 HTML I-Frame gen.

AdAware itself and Malwarebytes report clean processes.

The file aawservice.exe is clean (according to VirusTotal and Avast itself). Only the processes that this CLEAN file is running are misidentified as INFECTED! How can a CLEAN file run INFECTED processes???

Thank you for any help you can render.

Y.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: FP: aawservice.exe PROCESSES misidentified as Trojans
« Reply #1 on: August 01, 2010, 11:31:09 PM »
Avast misidentifies all 14 processes as 13 different Trojans and 1 HTML I-Frame gen.

I guess this happens when you scan the memory with avast..!??
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: FP: aawservice.exe PROCESSES misidentified as Trojans
« Reply #2 on: August 01, 2010, 11:58:55 PM »
Well I wouldn't call them false positives when you set loose a signature based scan, it will find them if you have it scam memory in the custom scan that you used.

These are locations in memory, related to adaware having placed unencrypted virus signatures in memory, so there is no file to actually perform any action on. It isn't saying aawservice.exe is infected but that is the process responsible for placing them in memory.

Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now and for me committing a sin in placing unencrypted virus signatures in memory where another security application looking for virus signatures would find them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: FP: aawservice.exe PROCESSES misidentified as Trojans
« Reply #3 on: August 02, 2010, 12:26:31 AM »
Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now and for me committing a sin in placing unencrypted virus signatures in memory where another security application looking for virus signatures would find them.

+1
asyn

W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

yarok

  • Guest
Re: FP: aawservice.exe PROCESSES misidentified as Trojans
« Reply #4 on: August 02, 2010, 11:01:02 AM »
I wholeheartedly agree: unencrypted signatures are a NO-NO!!!

I somewhat disagree regarding the benefits of using Ad-Aware, but this debate is not for this forum or this thread.

Am running MBAM, too, of course. Unfortunately they have no resident shield.

You have helped a lot! Thanks.

Y.


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76032
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: FP: aawservice.exe PROCESSES misidentified as Trojans
« Reply #5 on: August 02, 2010, 11:10:49 AM »
You're welcome..!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

YoKenny

  • Guest
Re: FP: aawservice.exe PROCESSES misidentified as Trojans
« Reply #6 on: August 02, 2010, 12:53:26 PM »
Am running MBAM, too, of course. Unfortunately they have no resident shield.
MBAM has Website Blocking in the paid version.

I am with DavidR
Quote
Personally I wouldn't give AdAware hard disk space as it is a much depreciated application now and for me committing a sin in placing unencrypted virus signatures in memory where another security application looking for virus signatures would find them.