Jump to content

Adwcleaner: potential false positives.


gamefan

Recommended Posts

Hello, I'd like to report  potential false positives, that I found last week that Adwcleaner is still detecting.

***** [ Folders ] *****

PUP.Optional.CrossRider, C:/Users\Gamefan\AppData\Roaming\app

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin

I looked in the folder mentioned in the Crossrider detection, and I only see 2 files, Jerakine_lang_vesrion.dat and Jerakine_lang_vesrion.dat not sure what they do. I analyzed them both on VirusTotal, and both came up clean. I don't see any other folders marked with Crossrider.

https://www.virustotal.com/en/file/e5ccfd8cc41402bb51e2dffe4e1378944e3a6ad12c97a9e7018dbb452be326b3/analysis/1500810478/

https://www.virustotal.com/en/file/57dc4adde8d4ed77f2749d34913fc43110c6a8072039822f78a7ac491e943661/analysis/1500810499/

I think the Legacy key is legit, since Pando seems to be used by several MMOs. I believe that key has been on my laptop for several years and it hasn't caused any trouble.

I ran Kaspersky's TDSS killer, Mcafee Rootkit remover Hitman Pro's free version, JRT, Roguekiller, Avast's Boot Time, Scan and a Mbam Full and Threat Scan last week around the first time ADW detected these items, none of them found anything. I scanned the folder with Mbam and Avast and it came up clean. No suspicious programs or Firefox Add-ons/plugins have been installed recently.

Is it possible to whitelist these detections? I've included a log as well.

 

log.txt

Edited by gamefan
Link to post
Share on other sites

Hi,

 


PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin


This Plugin belongs to "Pando Media Booster" which is a PUP in my eyes, so it would be correct that AdwCleaner detects it.
Link: http://www.shouldiremoveit.com/Pando-Media-Booster-6090-program.aspx

 

 


 PUP.Optional.CrossRider, C:/Users\Gamefan\AppData\Roaming\app


This may be a FPs on your system... although Adware does create this kind of folder.
Moreover, looking trough malware removal forums, I noticed that ComboFix by sUBs is removing it as well.
Maybe fr33tux can ask/do some researches on this.

 

just my 2 cent

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.