Adware Win32/Generic.A being detected by WinDefender Resident Protection

[gdiloren]

This morning I updated the latest def. of Windows Defender. All of the sudden it detects Adware Win32/Generic.A Trojan whenever I start Spyware Terminator. I tried putting it in Quarantine or eliminating it but I think I will have to uninstall ST. Is this a false positive and how to solve the problem? Avast didn't detect anything.

[DavidR]

You don't mention the file name or location so we can't even guess ?

You don't say if you have tested the file at virustotal ?

[Lisandro]

gdiloren, I'm using ST on-demand and not a complain from avast about anything...

[gdiloren]

It's not a file but a process. It is only detected by Windows defender (latest update). It is only detected after I open Spyware Terminator. The warning window from WD opens and if I take action to delete or quarantine the Trojan, ST closes. Do you run both ST and WD on your PC? I scanned with SAS without any problem. I have now two options to click Ignore in WD or to wait and see for the next updates to fix this. I can't trace this to a file!

[DavidR]

A process also requires a file, the Web Shield is a process and the file is ashWebSv.exe.

How about the full text of the alert or a screenshot.

[gdiloren]

Did a scan with Avast v. 4.8 and also HiJack This:all are negative about that virus. As I said it is linked to the opening of ST. I'll try to find the file in my ST folder and scan it on Virus Total. Meanwhile, this is the screen shot of my Windows Defender Warning message.

[gdiloren]

Off course, I don't have any Windows Defender warning when i run a scan and ST (I have resident protection on) happens to be closed. Now I know Crawler uses some information to improve their software...

[Lisandro]

It's not a file but a process.

A process is 'always' a file being run or executed or loaded...

Do you run both ST and WD on your PC?

Yes. ST only on-demand.

[gdiloren]

It's not a file but a process.

A process is 'always' a file being run or executed or loaded...

Do you run both ST and WD on your PC?

Yes. ST only on-demand.

Thanks Tech. I forgot to place RP OFF in ST and this may be an example of interference. Anyways I reported this as FALSE POSITIVE in the MSDN Microsoft WD Forum, we'll see what they say about it. Anyway, it's frightening all of a sudden to face off a Warning message telling you you have a Trojan Horse (I let a friend open attachments in his hotmail account yesterday, that's why, because he couldn't connect to the web at home as he said...)

[gdiloren]

Strange, I deactivated ST RP and opened the program and had another alert. Somebody else has to report the same events on their pc?

[DavidR]

When you next get this, make a note of the pid number (in the image, pid:4656), now go to windows Task Manager and see what process matches the pid:number.

These are my comments if recommending ST, Resident scanner (if you use this don't install the toolbar or crawler or the anti-virus module).

Do you have the ST toolbar or crawler enabled, because for a long time crawler was considered adware ?
So it may be the toolbar or crawler that it is objecting to and since it is an Adware generic detection signature that could be it.

[DavidR]

Strange, I deactivated ST RP and opened the program and had another alert. Somebody else has to report the same events on their pc?

Is it the same alert, malware name, etc. or does this one differ slightly ?

[gdiloren]

Strange, I deactivated ST RP and opened the program and had another alert. Somebody else has to report the same events on their pc?

Is it the same alert, malware name, etc. or does this one differ slightly ?

Same alert! Here is a link (I Googled a lot) & looks like a False Positive from CRAP WD
http://forum.spywareterminator.com/Default.aspx?g=posts&m=30850

[gdiloren]

I have PID 4076 now when I start ST and can't see it in service except for a PID 4052 SBSD Security Center Service. I choose to always allow it. This solves the problem. In effect, I choose in the past to install the Crawler Bar but later uninstalled it. My only error. Is this really a virus/Spyware? I don't think so!

[DavidR]

I have PID 4076 now when I start ST and can't see it in service except for a PID 4052 SBSD Security Center Service. I choose to always allow it. This solves the problem. In effect, I choose in the past to install the Crawler Bar but later uninstalled it. My only error. Is this really a virus/Spyware? I don't think so!

But is there a PID that matches the ones in the alerts ?

You didn't answer if you have the ST Toolbar or Crawler enabled in ST ?