« previous next »
Pages: [1]   Go Down

Author Topic: Emusic Setup bundle getting ID'ed as Adware-gen  (Read 3719 times)

0 Members and 1 Guest are viewing this topic.

cromag

  • Guest
Emusic Setup bundle getting ID'ed as Adware-gen
« on: July 19, 2009, 03:13:36 AM »
The topic pretty much says it all.  The package at hXXp://www.emusic.com/remote/1.0/emusic_setup_bundle.exe set off Avast!, warning that it was a Adware-gen.  Emusic has been around a long time, and I know lots of folks who are customers.  Could Emusic have been hacked?  Or have they added something questionable to their service?

I don't think this is a false positive, because a friend with Norton says Norton picked it up as well -- calling it "Spyware-CometCursor."
« Last Edit: July 19, 2009, 03:56:41 AM by cromag »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89065
  • No support PMs thanks
Re: Emusic Setup bundle getting ID'ed as Adware-gen
« Reply #1 on: July 19, 2009, 04:20:03 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cromag

  • Guest
Re: Emusic Setup bundle getting ID'ed as Adware-gen
« Reply #2 on: July 19, 2009, 08:38:39 PM »
Thanks, DavidR, but I may not have to do that.  I went to the quarantined file in the chest and re-scanned it.  In the detailed report it showed that of the many, many files in the setup, only two were flagged as "Win32:Adware-gen [Adw]" -- they were both associated with something called the "Alot toolbar."  McAfee Site Advisor, and just about everyone else I found on the web, flags this as spyware/adware.

I'll try to follow your directions and run this through Virus Total later, when I have a bit more time, but this looks like the cause.  Thank you very much.

Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Emusic Setup bundle getting ID'ed as Adware-gen
« Reply #3 on: July 19, 2009, 08:55:11 PM »
We hate adware as much as any other malware.
Why do people continue to use this way for ad?
Logged
The best things in life are free.

cromag

  • Guest
Re: Emusic Setup bundle getting ID'ed as Adware-gen
« Reply #4 on: July 20, 2009, 08:56:24 AM »
Thanks for your help and patience.  I follwed your instructions and uploaded the setup.exe file to VirusTotal.  The results page is <HERE>.

Bottom line, the file was identified as adware by 8 of the 39 scanners.  Norton wasn't used, so that might have been another hit.

I'd just as soon not have it on my computer, so I'm deleting it now.   ;)

Thanks again for your help!
Logged
Pages: [1]   Go Up
« previous next »