Author Topic: Adware Win32/Generic.A being detected by WinDefender Resident Protection  (Read 9822 times)

0 Members and 1 Guest are viewing this topic.

gdiloren

  • Guest
This morning I updated the latest def. of Windows Defender. All of the sudden it detects Adware Win32/Generic.A Trojan whenever I start Spyware Terminator. I tried putting it in Quarantine or eliminating it but I think I will have to uninstall ST. Is this a false positive and how to solve the problem? Avast didn't detect anything. ???

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89336
  • No support PMs thanks
You don't mention the file name or location so we can't even guess ?

You don't say if you have tested the file at virustotal ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
gdiloren, I'm using ST on-demand and not a complain from avast about anything...
The best things in life are free.

gdiloren

  • Guest
It's not a file but a process. It is only detected by Windows defender (latest update). It is only detected after I open Spyware Terminator. The warning window from WD opens and if I take action to delete or quarantine the Trojan, ST closes. Do you run both ST and WD on your PC? I scanned with SAS without any problem. I have now two options to click Ignore in WD or to wait and see for the next updates to fix this. I can't trace this to a file! :o

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89336
  • No support PMs thanks
A process also requires a file, the Web Shield is a process and the file is ashWebSv.exe.

How about the full text of the alert or a screenshot.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gdiloren

  • Guest
Did a scan with Avast v. 4.8 and also HiJack This:all are negative about that virus. As I said it is linked to the opening of ST. I'll try to find the file in my ST folder and scan it on Virus Total. Meanwhile, this is the screen shot of my Windows Defender Warning message.

gdiloren

  • Guest
Off course, I don't have any Windows Defender warning when i run a scan and ST (I have resident protection on) happens to be closed. Now I know Crawler uses some information to improve their software...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
It's not a file but a process.
A process is 'always' a file being run or executed or loaded...

Do you run both ST and WD on your PC?
Yes. ST only on-demand.
The best things in life are free.

gdiloren

  • Guest
It's not a file but a process.
A process is 'always' a file being run or executed or loaded...

Do you run both ST and WD on your PC?
Yes. ST only on-demand.
Thanks Tech. I forgot to place RP OFF in ST and this may be an example of interference. Anyways I reported this as FALSE POSITIVE in the MSDN Microsoft WD Forum, we'll see what they say about it. Anyway, it's frightening all of a sudden to face off a Warning message telling you you have a Trojan Horse (I let a friend open attachments in his hotmail account yesterday, that's why, because he couldn't connect to the web at home as he said...) >:(

gdiloren

  • Guest
Strange, I deactivated ST RP and opened the program and had another alert. Somebody else has to report the same events on their pc? ???

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89336
  • No support PMs thanks
When you next get this, make a note of the pid number (in the image, pid:4656), now go to windows Task Manager and see what process matches the pid:number.

These are my comments if recommending ST, Resident scanner (if you use this don't install the toolbar or crawler or the anti-virus module).

Do you have the ST toolbar or crawler enabled, because for a long time crawler was considered adware ?
So it may be the toolbar or crawler that it is objecting to and since it is an Adware generic detection signature that could be it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89336
  • No support PMs thanks
Strange, I deactivated ST RP and opened the program and had another alert. Somebody else has to report the same events on their pc? ???

Is it the same alert, malware name, etc. or does this one differ slightly ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

gdiloren

  • Guest
Strange, I deactivated ST RP and opened the program and had another alert. Somebody else has to report the same events on their pc? ???

Is it the same alert, malware name, etc. or does this one differ slightly ?
Same alert! Here is a link (I Googled a lot) & looks like a False Positive from CRAP WD :(
http://forum.spywareterminator.com/Default.aspx?g=posts&m=30850

gdiloren

  • Guest
I have PID 4076 now when I start ST and can't see it in service except for a PID 4052 SBSD Security Center Service. I choose to always allow it. This solves the problem. In effect, I choose in the past to install the Crawler Bar but later uninstalled it. My only error. Is this really a virus/Spyware? I don't think so! :-X

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89336
  • No support PMs thanks
I have PID 4076 now when I start ST and can't see it in service except for a PID 4052 SBSD Security Center Service. I choose to always allow it. This solves the problem. In effect, I choose in the past to install the Crawler Bar but later uninstalled it. My only error. Is this really a virus/Spyware? I don't think so! :-X

But is there a PID that matches the ones in the alerts ?

You didn't answer if you have the ST Toolbar or Crawler enabled in ST ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security