False positive or not?(SOLVED-At last, see latest post)

Starting on October 1. I have been logging reports of Win32:FraudTool[Tool] in program PrivacyControl.exe and Win32:Spywarestop-AE in
Spycleaner.dll. Both programs come from AdwareAlert and have operated w/o issues up till October 1.

AdwareAlert reports the it may be a False Postive (of course).

Am I being duped by them or is there an issue with recent Avast updates?

Can you send the file to virus (at) avast.com for analysis?
Maybe you can zip it into a passworded zip file and send it (informing the password in the email body).
Hope they correct the false positive soon.

Before your mention of it I have never heard of AdwareAlert, try a search for AdwareAlert on http://www.spywarewarrior.com/rogue_anti-spyware.htm, they don’t like it either.

But google doesn’t like it, lots of bad reports, http://www.google.com/search?q=AdwareAlert

Also WOT doesn’t like AdwareAlert.com so personally I believe there is something in these detections and even so I would get rid of the program based on the bad reports.


I will second David’s opinion as I googled AdwareAlert through ScanDoo and got the result for the home page as is shown in the image below. Click the image to enlarge it.

Other results :

http://www.2-spyware.com/review-adwarealert.html

http://www.411-spyware.com/remove-adwarealert



Information about Spycleaner.dll shows this as malware and a threat …

http://www.threatexpert.com/files/SpyCleaner.dll.html

http://www.ca.com/securityadvisor/pest/pest.aspx?id=453131077

http://www.spywareterminator.com/fr/item/42970/FraudToolSpywareStopb.html

As you can tell from this post and my prior post, this dll is related to several rogue programs.


Getting rid of AdwareAlert has been an on and off all day affair.
First, the un-install in Vista (from AdwareAlert) caused some disk volume issues that resulted in a scan for errors at start-up. Next, using the recommendation from the AdwareAlert FAQ I deleted the Program Folder. Big mistake! This caused a continuous re-boot at the log-in screen. Resolved this with a System Restore Boot CD and going back a couple of weeks to an earlier Restore Point.
This returned me to a starting point where I could a least boot and log in to Vista. But, of course AdwareAlert is back and avast is squawking about it.

I looked over the sites referenced in the earlier posts and didn’t come away with a warm and fussy about the removal recommendations cited. So, having used Ad - Aware from Lavasoft in the past I downloaded the free version of Ad - Aware 2008 and gave it a try. The first scan, full, did not show AdwareAlert to be a problem , but the next scan, smart, showed AdwareAlert with 18 entries in the Program Files\Adware Alert folder. I placed all in Quarantine and re-started the system with no issues. AdwareAlert is gone with the exception of the program entry in the Control Panel – Programs and Features which I will just live with.

I completed a thorough scan with avast with no errors.

For Tech, I did zip the files and send to virusavast.com.

Thanks to all who responded on this thread.

I agree, AdwareAlert doesn’t belong on any computer.


You are welcome and I am glad if I helped in some small way.

By the way … a belated welcome to the forums. :slight_smile:

Please visit here often, learn more, and maybe help others.


No problem happy I could help, I’m glad that you stuck with it and are now adwarealert free.

I think in the process you have learnt a valuable lesson (some can be more painful believe me) in the selection of security software. There is no way though that I would go to a site with a suspect product to see how to remove it, if I don’t trust the product there is no way I would trust them to remove it without a fight.

First do the spade work and analysis (google, etc.) before installation as prevention is much less painful than cure.

Welcome to the forums.

Thanks for helping improving detection.
Is anything else that we can help you?

The detection Tech was IMHO good as AdwareAlert is a bit of a rogue program.

Oh… oh… sorry then, my fault.

After operating normally a couple of days I encountered a failure to boot and entered the repair the OS program. This could not correct the problem. The repair log indicated that the file “adwarealert.sys” was corrupt. With nothing to lose I entered the command prompt and copied adwarealert.sys to adwarealert.bak and then copied adwarealert.bak to adwarealert.sys. Then I restored the system to the most current restore point. This returned the system to a normal boot and log in experience.

This driver is loaded by ntldr at boot. Before Vista, boot.ini controlled the sequence and which drivers to load at boot. To drop the boot load of a driver you just edited boot.ini and commented out the offending driver’s entries.

Vista uses BCD registry for boot configuration. I cannot determine from regedit how to find the driver load list. I found some entries about adwarealert.sys and deleted them. While the delete worked with no adverse effects I still have this driver loading at boot. A search of registry from within regedit shows no references left of adwarealert.sys.

I need to find out how to stop this driver from loading. I know I am paranoid, but I think this driver might have a timed self destruct function to corrupt the end of file marker thus making a failed boot.

Finally my question. In Vista, short of a complete system restore, how does one prevent a driver from loading at boot?

Maybe Autoruns from Microsoft (run with admin elevation) will do it.

me- I’d run down tech’s general cleaning list- I’ll post it up next time I run across it
MBAM -update check any baddies and click REMOVE SELECTED

SAS
and
Spybot search and destroy
update clean and quarantine- if any hits post em up but edit cookies
I hope you are clean

a trend-micro rootkit scan- let’s look for a hidden installer

good to see that ad-aware does work on some cases
are you 32 bit vista?

you could read the stickie at the top of this forum and post a hjt
however Vista internals are way beyond me
you may get a referal

Yes, it is 32 bit Vista Home Premium. The PC is Toshiba A205-S4777.

For Tech: Is Autoruns a utility to download from microsoft?

Thanks much for the replies.

Yes. http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Using my grand-daughter’s phrase “My Bad”

It appears that I had this problem of awarealert.sys loading at boot solved with removal of the registry keys and values associated with adwarealert.sys. I did not read ntbolg.txt closely enough. Once established each new boot is appended with time stamp to the existing file. I was reading the beginning and seeing adwarealert.sys each time and thinking it was the most current boot log.

Attached is a copy of the backup registry converted to text which shows the adwarealert,sys keys that were removed and a copy of the log which shows the loading and then no longer loading of adwarealert.sys.

I would advise anyone who is not having this problem not to attempt the registry changes and just wait for removal software to catch up with adwarealert.

If removal is attempted have on an a windows recovery boot CD and backup the registry before any edits.

If anyone put any work into this solved issue, I apologize.