Freedom AV confusion - is there adware in the online scanner ?

Freedom AV confusion - is there adware in the online scanner ?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Freedom AV confusion - is there adware in the online scanner ? David H. Lipman 05-26-2006
Posted by David H. Lipman on May 26, 2006, 4:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I am a little confused over this one. Freedom AV I thought was pretty
reputable. Formally
a subsidiary of a company called ZeroKnowledge and now the company is called
Radialpoint, it
uses the F-Prot engine.

McAfee flagged an On Line scanning component.

5/23/2006 6:44:00 PM Delete failed (Clean failed) DLIPMAN-1\lipman
C:\WINNT\Downloaded Program Files\cssweb.dll Generic PUP.a
5/23/2006 6:49:14 PM Delete failed (Clean failed) DLIPMAN-1\lipman
D:\temp\IE6\Temporary Internet
Files\Content.IE5HRSB3V\cssweb[1].cab\CSSWEB[1].CAB
Generic PUP.a

From HJT:
O16 - DPF: (CSS Web Installer Class) -
hxxp://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab

Extracted cssweb.dll from the above CAB file and sent it to Virus Total.

AntiVir 6.34.1.32 05.23.2006 ADSPY/CSSWeb.B
Authentium 4.93.8 05.23.2006 no virus found
Avast 4.6.695.0 05.23.2006 Win32:Adware-gen.
AVG 386 05.23.2006 Adware Generic.ISW
BitDefender 7.2 05.24.2006 Adware.Cssweb.B
CAT-QuickHeal 8.00 05.23.2006 AdWare.CSSWeb.b (Not a Virus)
ClamAV devel-20060426 05.22.2006 no virus found
DrWeb 4.33 05.23.2006 Adware.Cssweb
eTrust-InoculateIT 23.72.16 05.23.2006 no virus found
eTrust-Vet 12.4.2224 05.23.2006 no virus found
Ewido 3.5 05.23.2006 Adware.CSSWeb
Fortinet 2.77.0.0 05.23.2006 PUP!01
F-Prot 3.16c 05.23.2006 no virus found
Ikarus 0.2.65.0 05.23.2006 AdWare.CSSWeb.B
Kaspersky 4.0.2.24 05.24.2006 not-a-virus:AdWare.Win32.CSSWeb.b
McAfee 4768 05.23.2006 potentially unwanted program Generic PUP
Microsoft 1.1440 05.22.2006 no virus found
NOD32v2 1.1553 05.22.2006 Win32/Adware.CSSWeb
Norman 5.90.17 05.23.2006 W32/CSSWeb.b
Panda 9.0.0.4 05.23.2006 Adware/CssWeb
Sophos 4.05.0 05.23.2006 no virus found
Symantec 8.0 05.24.2006 no virus found
TheHacker 5.9.8.146 05.22.2006 Adware/CSSWeb.b
UNA 1.83 05.23.2006 Adware.CSSWeb
VBA32 3.11.0 05.23.2006 AdWare.CSSWeb.b

Hence my confusion.

Subsequently I have distributed the sample to the various AV vendors noting the
possibility
of a False Positive. Only Ewido has removed the adware detection. :-(


AntiVir 6.34.1.32 05.26.2006 ADSPY/CSSWeb.B
Authentium 4.93.8 05.26.2006 no virus found
Avast 4.6.695.0 05.26.2006 Win32:Adware-gen.
AVG 386 05.26.2006 Adware Generic.ISW
BitDefender 7.2 05.26.2006 Adware.Cssweb.B
CAT-QuickHeal 8.00 05.26.2006 AdWare.CSSWeb.b (Not a Virus)
ClamAV devel-20060426 05.26.2006 no virus found
DrWeb 4.33 05.26.2006 Adware.Cssweb
eTrust-InoculateIT 23.72.18 05.26.2006 no virus found
eTrust-Vet 12.6.2229 05.26.2006 no virus found
Ewido 3.5 05.26.2006 no virus found
Fortinet 2.77.0.0 05.26.2006 PUP!01
F-Prot 3.16c 05.26.2006 no virus found
Ikarus 0.2.65.0 05.26.2006 AdWare.CSSWeb.B
Kaspersky 4.0.2.24 05.26.2006 not-a-virus:AdWare.Win32.CSSWeb.b
McAfee 4771 05.26.2006 potentially unwanted program Generic PUP
Microsoft 1.1441 05.26.2006 no virus found
NOD32v2 1.1561 05.26.2006 Win32/Adware.CSSWeb
Norman 5.90.17 05.26.2006 W32/CSSWeb.b
Panda 9.0.0.4 05.26.2006 Adware/CssWeb
Sophos 4.05.0 05.26.2006 no virus found
Symantec 8.0 05.26.2006 no virus found
TheHacker 5.9.8.148 05.26.2006 Adware/CSSWeb.b
UNA 1.83 05.26.2006 Adware.CSSWeb
VBA32 3.11.0 05.26.2006 AdWare.CSSWeb.b


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Art on May 27, 2006, 10:03 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Fri, 26 May 2006 20:45:39 GMT, "David H. Lipman"

>I am a little confused over this one. Freedom AV I thought was pretty
reputable. Formally
>a subsidiary of a company called ZeroKnowledge and now the company is called
Radialpoint, it
>uses the F-Prot engine.

I just uploaded a cssweb.dll file to VT and no av produced alerts. I
didn't keep a copy of the older dll file so I duuno if it's been
changed or not. I can't believe all vendors reacted that quickly to
remove detection. Do you have a older cssweb.dll file you can upload
to VT in order to check this out?

Art
http://home.epix.net/~artnpeg



Posted by David H. Lipman on May 27, 2006, 12:38 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| On Fri, 26 May 2006 20:45:39 GMT, "David H. Lipman"
|
>> I am a little confused over this one. Freedom AV I thought was pretty
reputable.
>> Formally a subsidiary of a company called ZeroKnowledge and now the company
is called
>> Radialpoint, it uses the F-Prot engine.
|
| I just uploaded a cssweb.dll file to VT and no av produced alerts. I
| didn't keep a copy of the older dll file so I duuno if it's been
| changed or not. I can't believe all vendors reacted that quickly to
| remove detection. Do you have a older cssweb.dll file you can upload
| to VT in order to check this out?
|
| Art
| http://home.epix.net/~artnpeg
|

The version I tested still is flagged as adware. In email from Authentium, it
was indicated
that my version is old.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by David H. Lipman on May 31, 2006, 9:45 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| I am a little confused over this one. Freedom AV I thought was pretty
reputable.
| Formally a subsidiary of a company called ZeroKnowledge and now the company is
called
| Radialpoint, it uses the F-Prot engine.
|

I am no longer confused. It was False Positive that *mnay* vendors made.

Things have greatly improved.

AntiVir 6.34.1.34 05.31.2006 no virus found
Authentium 4.93.8 05.31.2006 no virus found
Avast 4.7.844.0 05.31.2006 no virus found
AVG 386 05.31.2006 no virus found
BitDefender 7.2 05.31.2006 Adware.Cssweb.B
CAT-QuickHeal 8.00 05.31.2006 AdWare.CSSWeb.b (Not a Virus)
ClamAV devel-20060426 05.31.2006 no virus found
DrWeb 4.33 05.31.2006 no virus found
eTrust-InoculateIT 23.72.23 06.01.2006 no virus found
eTrust-Vet 12.6.2235 05.31.2006 no virus found
Ewido 3.5 05.31.2006 no virus found
Fortinet 2.77.0.0 05.31.2006 no virus found
F-Prot 3.16f 05.31.2006 no virus found
Ikarus 0.2.65.0 05.31.2006 no virus found
Kaspersky 4.0.2.24 06.01.2006 not-a-virus:AdWare.Win32.CSSWeb.b
McAfee 4774 05.31.2006 no virus found
Microsoft 1.1441 06.01.2006 no virus found
NOD32v2 1.1571 06.01.2006 no virus found
Norman 5.90.17 05.31.2006 no virus found
Panda 9.0.0.4 05.31.2006 no virus found
Sophos 4.05.0 05.31.2006 no virus found
Symantec 8.0 06.01.2006 no virus found
TheHacker 5.9.8.151 05.29.2006 Adware/CSSWeb.b
UNA 1.83 05.30.2006 Adware.CSSWeb
VBA32 3.11.0 05.31.2006 AdWare.CSSWeb.b


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Art on May 31, 2006, 10:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Thu, 01 Jun 2006 01:45:35 GMT, "David H. Lipman"

>
>| I am a little confused over this one. Freedom AV I thought was pretty
reputable.
>| Formally a subsidiary of a company called ZeroKnowledge and now the company
is called
>| Radialpoint, it uses the F-Prot engine.
>|
>
>I am no longer confused. It was False Positive that *mnay* vendors made.
>
>Things have greatly improved.
>
> AntiVir 6.34.1.34 05.31.2006 no virus found
> Authentium 4.93.8 05.31.2006 no virus found
> Avast 4.7.844.0 05.31.2006 no virus found
> AVG 386 05.31.2006 no virus found
> BitDefender 7.2 05.31.2006 Adware.Cssweb.B
> CAT-QuickHeal 8.00 05.31.2006 AdWare.CSSWeb.b (Not a Virus)
> ClamAV devel-20060426 05.31.2006 no virus found
> DrWeb 4.33 05.31.2006 no virus found
> eTrust-InoculateIT 23.72.23 06.01.2006 no virus found
> eTrust-Vet 12.6.2235 05.31.2006 no virus found
> Ewido 3.5 05.31.2006 no virus found
> Fortinet 2.77.0.0 05.31.2006 no virus found
> F-Prot 3.16f 05.31.2006 no virus found
> Ikarus 0.2.65.0 05.31.2006 no virus found
> Kaspersky 4.0.2.24 06.01.2006 not-a-virus:AdWare.Win32.CSSWeb.b
> McAfee 4774 05.31.2006 no virus found
> Microsoft 1.1441 06.01.2006 no virus found
> NOD32v2 1.1571 06.01.2006 no virus found
> Norman 5.90.17 05.31.2006 no virus found
> Panda 9.0.0.4 05.31.2006 no virus found
> Sophos 4.05.0 05.31.2006 no virus found
> Symantec 8.0 06.01.2006 no virus found
> TheHacker 5.9.8.151 05.29.2006 Adware/CSSWeb.b
> UNA 1.83 05.30.2006 Adware.CSSWeb
> VBA32 3.11.0 05.31.2006 AdWare.CSSWeb.b

Which cssweb.dll file version was that? Last I checked, the
issue was resolved by Freedom av putting up a version that no
av alert on. That was some ago. I just checked and KAV still doesn't
alert on the file that's been up there for several days now. Looks
to me like you're beating a dead horse by uploading a old and
outdated file :)

Art
http://home.epix.net/~artnpeg


Similar ThreadsPosted
A new online scanner from MS November 1, 2005, 6:15 pm
Free online scanner? October 25, 2006, 12:32 am
Looking for freeware (on-access) antivirus scanner... November 2, 2005, 2:16 pm
Which Virus Scanner is Better for Windows 98se? December 13, 2007, 7:13 pm
ANN: C# Online.NET May 9, 2006, 9:13 am
Spybot scanner mentions registry change; what does it mean? May 26, 2008, 9:08 am
Can't run online scan November 19, 2005, 3:46 pm
Capture "Avast! On-Access Scanner Message" log file December 14, 2005, 10:59 pm
cant get online due to security center November 2, 2008, 7:28 pm
Demo -Venak and Avenak Detection Malware Scanner (MPS Edition) December 15, 2007, 9:17 am

The site map in XML format XML site map

Contact Us | Privacy Policy