Jump to content



Recommended Posts

This morning, I ran my usual MBAM quick scan (with definition file 3916) on my WinXP Pro desktop computer. To my surprise, it found an infected file in C:\RECYCLER\.... It identified the malware as Adware.Adrotator. I quarantined it and then ran another quick scan, which came up clean. I then ran a full scan with my McAfee antivirus, which gets updated every evening. It found nothing. I also ran a quick scan with SuperAntiSpyware, with current definitions. As it was scanning my Program Files directory, Malwarebytes popped up to tell me that it had detected malware trying to get into my computer. It asked what I wanted to do. Sure enough, the supposed malware was Adware.Adrotator, this time supposedly in the uninstall file for Hard Drive Powerwash, which has been on my computer for months. I said Quarantine. A few seconds later, MBAM claimed another attack, again from Adware.Adrotator, this time in the Reshade uninstall file in Program Files. And shortly thereafter, a third warning, this time claiming Adware.Adrotator was in KMPlayer's uninstall file, also located in Program Files. All these programs (including the uninstall files) have been on my computer for months, and never before has MBAM complained. (I should add that the SAS quick scan reported no problems.)

I then ran MBAM on my Windows7 netbook, I think with the same set of definitions. It found nothing, but then a while later it claimed that my computer was under attack from...yep...Adware.Adrotator, supposedly located in the setup file for IPNetInfo, located in a directory I call tempstore. I've had this program on my netbook for months. Interestingly, I also have it on my desktop computer, almost certainly the same file, but MBAM didn't flag it there. I've quarantined the supposed malware on my netbook.

I must say, I find this sudden spate of "attacks" from software files I've had on my computers for months to be rather odd. My guess is that a recent change in the definitions file is triggering a bunch of false positives, but I'm not sure. Hence my message. I see at least two other people are questioning similar findings today.

So are these false positives? Thanks in advance for your help.

Link to post
Share on other sites

Hi ya,

This was my mistake(Adrotator F/p's), i tried to be a bit to expansive with just one complex signature.It nuked over a 1000+ Adrotator unique binaries but unfortunetly because of the way the signature data was structured it appears to flag some other completely random files as well too.

Got to be honest i'm gutted as was major foo against that Adware but no more alas :)

Can you update and verify if this is fixed?

Thanks and apologies for undue alarm caused.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.