Need Help - Ad-Aware 6

Ad-Aware will ALWAYS mark some innocuous items as ad-ware.

Since it claims to have found 271 objects I'm sure the overwhelming majority are cookies.

Goo ahead and delete the cookies and then run it again. I can try to help you determine if the stuff it is marking is a mistake or not.

Ok
I did a first run deleting all the files marked cookies and Gator (I knew about that one) and now there is 39 files remaining. That's what remaining:

Cydoor RegKey Data Miner HKEY_USERS:.default\software\Cydoor\

FlashTrack RegKey Data Miner KEY_CLASSES_ROOT:BRedObj.BRedObj\

FlashTrack RegKey Data Miner KEY_CLASSES_ROOT:BRedObj.BRedObj.1\

FlashTrack RegKey Data Miner HKEY_CLASSES_ROOT:CLSID\{665ACD90-4541-4836-9FE4-062386BB8F05}\

FlashTrack RegKey Data Miner HKEY_CLASSES_ROOT:Interface\{6E83AE1C-F69C-4AED-AF98-D23C24C6FA4B}\

Other RegKey Data Miner HKEY_CURRENT_USER:SOFTWARE\Acceleration Software International Corporation\

Other RegKey Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Acceleration Software International Corporation\

AdvertBar RegKey Data Miner HKEY_CURRENT_USER:Software\AdTools, Inc.\

Cydoor RegKey Data Miner HKEY_CURRENT_USER:software\cydoor\

Cydoor RegKey Data Miner HKEY_LOCAL_MACHINE:Software\Cydoor\

FlashTrack RegKey Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Flt\

HotBar RegKey Data Miner HKEY_CURRENT_USER:Software\Hotbar\

HotBar RegKey Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Hotbar\

HotBar RegKey Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}\

Alexa RegKey Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Internet
Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\

FlashTrack RegKey Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{665ACD90-4541-4836-9FE4-062386BB8F05}\

FlashTrack RegKey Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Flt\

OnFlow RegKey Data Miner HKEY_LOCAL_MACHINE:Software\Microsoft\Windows\CurrentVersion\Uninstall\OnFlow\

OnFlow RegKey Data Miner HKEY_LOCAL_MACHINE:Software\Onflow\

SaveNow RegKey Data Miner HKEY_LOCAL_MACHINE:Software\WhenU\

FlashTrack RegKey Data Miner HKEY_CLASSES_ROOT:TypeLib\{7955EA20-E0D6-4A77-88B6-120674D979EA}\

SaveNow RegKey Data Miner HKEY_CLASSES_ROOT:WUSN.1\

HotBar RegValue Data Miner HKEY_CURRENT_USER:Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

HotBar RegValue Data Miner HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\Hotbar 4.0

Other File Data Miner c:\agsetup0609.exe

WebHancer File Data Miner c:\windows\whinstaller.exe

WebHancer File Data Miner c:\windows\whinstaller.ini

WebHancer File Data Miner c:\windows\whagent.inf

Other File Data Miner c:\windows\vx2.dll

OnFlow File Data Miner c:\program files\internet explorer\plugins\nponflow.dll

OnFlow File Data Miner c:\program files\internet explorer\plugins\onflowplayer0.dll

OnFlow File Data Miner c:\program files\internet explorer\plugins\ieonflow.dll

OnFlow File Data Miner c:\program files\internet explorer\plugins\onflowreport.exe

WebHancer File Data Miner c:\program files\webhancer\programs\whagent.ini

WebHancer File Data Miner c:\program files\webhancer\programs\whiehlpr.ini

WebHancer Folder Data Miner C:\Program Files\webHancer\

OnFlow Folder Data Miner C:\Program Files\onflow\

FlashTrack File Data Miner c:\program files\flt\flt.mon

FlashTrack File Data Miner c:\program files\flt\flt.dll


Hope that's help.

I skimmed through quickly. Most of those are safe to delete. The Alexa registry key is one from Microsoft and is not the alexa that ad-ware is trying to recognize.

Alexa is a toolbar that some consider spyware (I don't) but the registry key Ad-Aware istrying to delete is from Microsoft, not alexa and is being flagged just because it has the same name.

So if I keep Alexa and delete the 38 others, that would be OK?

You can try to delete Alexa too. that won't hurt. it's just misidentified.

Done!
Thank you very much for your help.

Have a nice evening!

Note that much of what ad-aware flags as adware or spyware I do not consider to be such.

But in the above I simply flagged the alexa registry entry because they are mixing up microsoft's entry with alexa's entry.

yes i belive that whatever the adware telling u to delete delete because i have the same program and everything is fine i delete everything that it tells me to delete don't be worried nothing bad will happen.

That's simply not true. AdAware has deleted critical files from my computer in the past.

Always backup those files. No reason not to and plenty of reasons to.

What I have been doing is when something is identified, I run a Windows Search on the propriety name or program. Then I'll know if it is something that should be there. However, I will qualify this with the observation that my access to the Net is via a firewall and I don't have priviliges to stick software on at will.

Mr stillwater,

Why do you assume a windows search qualifies a program? a windows search can find anything from a virus to.. well anything. Finding it in the search only means it was found in the search. the search does not fillter out only the good results.

Sorry, sorry - I jumbled that answer up with my thread on Ad-Aware6.0. What I meant was; when Ad-aware turns up something that I'm not sure of I do the Explorer search to see where the file/s are located and just how long they have been on the hard-drive.

I notice that sometimes the application loads down to a new Folder called 'SafeSoftwareCorp' with the exe file and other bits, BUT they sneak other files on as 'XYZ Inc/sneakybastard/onyourdrive.exe' hidden away in WNNT or SYSTEMS folders.

My apols for the earlier post confusion.

Dr. de Kere, I have a related question that I will ask here:

Since you seem unimpressed with Ad-Aware, do you also feel the same way about Spybot and SpywareBlaster?

Am I understanding your opinion accurately--that all Active X control software simply isn't sufficient, and that Ad-Aware is the best of a substandard lot?

P Diddie,

I like Ad-Aware. But like every software of this type it has flaws.

Ad-Aware is freeware, but even giants like Symantec screw up. And that is with software that is sold.

Have a look at this page from Macromedia Norton indicates a virus alert with the Flash Player.

The reason these things happen is that these types of programs are fighting a large group of highly motivated people. Spammers, ad-ware and spy-ware distributors are, like virus writers, always trying to circumvent the measures taken against them.

In the past the detection was signature based, meaning that viruses and such were recognized by tell-tale signs in the virus definistions. The problem with signature recognition is that a computer savvy 5 year old could follow instructions on how to modify the virus enough so that it beats signature detection.

Now we are seeing a shift to heuristic engines. This means that malicious code is identified based on it's functions rather than having been flagged as a virus. Edward Skoudis, vice president of security strategy for Predictive Systems offered this analogy: "A signature-based system would recognize a statement like "How are you?" but it wouldn't recognize equivalents such as "How are you doing?" and "What's up?" Heuristics seeks to recognize such distinctions."

This is a good move that innoculates computers against many viruses but can lead to false positives.

Heuristics-based antivirus or intrusion detection software are always giving false positives. They try to stay one step ahead of the virus writers when in reality they have to react to them. The AV and spyware writers are right to do this. It would be terrible if the AV software would stop recognizing a virus just because it has been slightly altered.

Peter Lindstrom, the director of security strategies for Framingham said that signature-based recognition is like a cop with photos of the suspects. Heuristics is like a cop who has experience and recognizes criminal behavior patterns.

I used to have an extra computer lying around in Brazil so I started testing security systems and software on it. I found that modifying viruses (in some cases coming close to a re-write) was often not enough to beat a Heuristic engine.

Yet at the same time sometimes it was hard to get the AV program to stop recognizing something innocuous as a virus.

In the world of anti-spam, anti-virus and anti-spyware prevention the good guys face an uphill battle. They have to react to the bad guys' moves most of the time. So they try to stay one step ahead.

Often they will be too agressive. Spam filters are notorious for filtering wanted email. AV programs are notorious for false positives (on test computers I get over 100 a day sometimes I have to put a weight on the enter button of the keyboard to get the AV popups to go away without wearing out my finger).

So your question is a tough one. The best anti virus softwares in the world are always screwing up. Be it in failing to identify or identifying false positives.

Spyware and adware are, to me, far less serious. Ad-aware just makes it quick but getting rid of the stuff they flag is elementary.

So it comes down to the balance you think is fair.

Do you want the program to never miss stuff? Or do you want it to give no false positives?

You can't have both. I prefer it to miss stuff ebcause ad-ware is not like a virus. MUCH of what ad-aware tries to remove I do not consider spy-ware.

So to me, I'd prefer less in way of false positives. But false positives are a understandable exchange for what we ask of the program.

Ok, to end this long winded work-break, Ad-aware is a good piece of software in a bad business. Consider it a cop, even a good cop makes mistakes. It's a fine piece of software of a variety that frequently makes mistakes.

Ad-Aware happens to make some silly mistakes (like flagging something as spy-ware just because it has the same name). And on most windows computers ad-aware will make at least one mistake every single time it scans.

Such is life. It's probably the best free program of it's type but it's still not on the level of a commercial AV, and even those guys have yet to eliminate false positives.

Ad-Aware used to have definistions updates, it's through a program called Ref Update. But it seems like that's a dead project. When connecting to the lavasofty server the Ref Update program returns a 404 error.

Other servers still have the definitions but unless they are getting new definitions they are just spreading a false sense of security by allowing you to think you have up-to-date definitions while they might just be old forgotten definitions.

Lemme know if I was able to help. I might have given too much info but the bottom line is that Ad-Aware's flaws are mostly inherent to the job it tries to do.

I like ad-aware, whatever it's flaws. I have never had a problem with any critical files being deleted. Also, I believe that 6.0 quarantines the files after deleting them, so you can go into the quarantine file and restore any files you may have mistakenly deleted. Am I right?

Ad-Aware does have backup capability.

Incidentally I HAVE had instances where Ad-Aware wanted to delete files that I'd be very angry at it for deleting.

Mrs. cav got upset when I deleted some of her favourite cookies, I must admit...

Yeah, it's brutal with cookies. And cookies can't do much.

That was a fine explanation, Craven, and I especially appreciated the analogies.

The best I can apparently do is to download the current version, and be vigilant. As I have been.