AdwCleaner FPs

[abruptum]

I see that you recommend AdwCleanar and I also recommended it in the past,
but I found out several times that there are false positives.
First, after deleting stuff with AdwCleaner, Ghostery disappeared from IE10.
Later I found that Ghostery for IE is using Crossrider (cross browser platform for addons)
which was deleted by AdwCleaner. Today I installed latest version of Divx Web Player and
although I always uncheck toolbars and stuff in installers I always check after installation with
AdwCleaner.It deleted C:\Users\xxx\AppData\Local Low\boost_interprocess folder.
That folder was recreated while I was testing DWP.Inside that folder there are 4 files named
DDM something.One file was created at the time I used DWP.Also there is DDMCache folder in
AppData\Local\Temp which is DWP cache.Actually I saved video file from that cache.
So if your apps or addons stopped working maybe AdwCleaner is culprit.
Sorry about my English.

[davexnet]

I also had a false positive, this one:
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536


This key is apparently related to some software for the HP printer I have installed, the "HP Solution Center".
Not sure why AdwCleaner would flag this,,unless the key is perhaps also associated with some malware?

[abruptum]

I searched online and found out that Crossrider is also used by bad addons (toolbars)
and I guess that is why AdwCleaner is deleting it.
Location of boost_interprocess folder is usual location for Babylon and similar crap.
Bad thing is that there is no exclude option in AdwCleaner.

P.S. There was also FP after Windows Updates few months ago which was fixed
       in later version.

[Charyb-0]

I also had one for InstallMate in ProgramData which is related to  WinPatrol setup. I'm not certain what the consequence of removing this would be so it is going to stay where it is.

[polonus]

AdwCleaner therefore should be used under guidance,
just like a lot of other tools.
 A qualified removal specialist can evaluate the logs.
Same was for tools like HJT and still so for freefixer.
Whenever something is found up by for instance MBAM and or SAS,
I do an online investigation (google is your best friend),
and or ask those in the forum community
that can discriminate between malcode, pup, riskware and false positives.

One scan with one scanner is too small a basis to decide on.
Use strong tools with care.
Deletion is always a last option,
just quarantine so it might be brought back from limbo.

@charyb -> http://forums.majorgeeks.com/showthread.php?t=256296
-> http://forums.superantispyware.com/index.php?/topic/6717-trojanagentgen-sefnit-is-this-a-possible-false-positive-and-how-can-you-define-a-fp/
(malcode acting like a crocodile laying dormant until it feels like activity)

Stay safe, secure and malcode free,
is the wish of,

polonus

[abruptum]

@Charyb
I can confirm FP with InstallMate and WinPatrol.It was 6-7 months ago.
I guess WinPatrol would be uninstalled if InstallMate is deleted.
I am not using WinPatrol anymore.I used it only to delay start up of some apps.

[Charyb-0]

It was months ago for me too. I also just ran it again to see if AdwCleaner still wants to remove it and it does.

I sent an email to Bill P. to see what the consequence would be.

I am not too thrilled with AdwCleaner and its lack of options to exclude files/folders.

[abruptum]

I added boost_interprocess folder to CCleaner.
Anyway,it is re-created every time I use Divx Web Player.

[iroc9555]

...I sent an email to Bill P. to see what the consequence would be.

Install mate is recreated again after rebooting without problems to WinPatrol. Confirmed. It happened to me too .

Like polonus said AdwCleaner must be run under guidance or at least just for scan and not delete.

[Pondus]

Like polonus said AdwCleaner must be run under guidance or at least just for scan and not delete.

id like to hear what essexboy / magna86 say first.   

[Charyb-0]

The only instructions I see are to download, run, delete and reboot. There doesn't seem to be any special case by case instructions or any options to exclude files/folders. I don't see it as being that advanced.

Pondus, I would like to hear back on this too.

Thanks for the feedback, iroc.

I just found the following in the InstallMate read me text file.

README.TXT
----------------------------------------------------------------------

The files in this folder are part of the following product:

- Name: WinPatrol
- Version: 28.1.2013.0
- Publisher: BillP Studios
- Web site: http://www.winpatrol.com
- Email: support@winpatrol.com
- Phone:

Copyright © 1997- 2013 BillP Studios

The files in this folder are required for a clean update or removal
of the above product. Please do not delete them.

If you wish to remove the product:

  WinPatrol 28.1.2013.0

from your computer, then use the standard Add/Remove Programs control
panel that you will find via the Start button of your Windows system.

[essexboy]

All of those deleted are known bad elements especially crossrider and interboost.  Leastwise I have not yet seen them used for good 

[abruptum]

Is Ghostery for IE (uses crossrider) bad ?
Is Divx Plus Web Player bad ?
As I said before boost-interprocess folder is created only when i use DWP and
files inside are DWP related.
Anyway I added that folder to CCleaner to be deleted with other things.
There should be exclude option in AdwCleaner.
I am not happy with how AdwCleaner works.
It could leave users with broken apps and addons.

[Pondus]

remember one thing, AdwCleaner does not have a update function so you have to download latest updated version
meaning, latest version may have a fix.... if needed

[magna86]

Hi 

AdwCleaner works at known level of detections. I think it also use wildcard technics for detections.
That is why it is the best in the field but that also means that FP are posible as with any product, not only with AdwCleaner.
http://general-changelog-team.fr/~xplode/Changelogs/CG_AdwCleaner_EN.txt

For this reason, there is a Search button. It is on user or on helper to check&determine whether everything is valid.
AdwCleaner will never target system files and therefore is not a dangerous to the system and for well known programs as it has its own whitelist.

This is Xplode's support mail. If you think that AdwCleaner does target valid entries, feel free to contact him via mail.
Xplode-ccm@hotmail.fr