system
1
Hi
Was sharing files to laptops shared folder and MSE that i’m still running on this PC til Avast 6 is final, detected in frostwire.exe file, Adware:Win32/Open Candy
(Actually on this PC later, going back to Avast 5.1.889)
Did a scan with Avast 5.1.889 on laptop–came back NO Threats found
Is it a false positive from MSE? or nothing to worry on
Or should i take more cleaning steps on laptop PC
Pondus
2
upload the file to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here
alternatives
VirScan http://virscan.org/
Jotti http://virusscan.jotti.org/en
Check your comp for malware with
Malwarebytes Anti-Malware 1.50.1 http://filehippo.com/download_malwarebytes_anti_malware/
Always update the program so you have latest database before you scan
Click the remove selected button to quarantine any infections found
You may post the scan log here if anything is found
DavidR
3
Try a forum search for frostwire.exe as there has been a topic about it recently an only MSE and one other consider it an issue out of 43 scanners on virustotal.
However a more recent VT scan doesn’t find anything including Microsoft, http://www.virustotal.com/file-scan/report.html?id=edb5304678788706899597cca672f8021915a4d71bfe4a39a2998aad41e45840-1297865642
system
4
Yeah MSE, and Mcafee detected it on virustotal, results coming in a moment from the virustotal scan
Well if Laptop would let me transfer the file to Desktop to run Virustotal scan lol, but right now laptop is froze lol, will work on getting the file to this PC for virustotal scan, and will post the results then
Think will scan all the PC’s anyways later tonight with Avast 5.1, and Malwarebytes
Probably am safer with avast with my p2p habits, and all that actually than i am with MSE maybe
I will still post the results from the virustotal scan soon as i can
Pondus
5
If the laptop is on the net…is it?..then you can just upload to VT from it…
system
6
Virustotal results
McAfee 5.400.0.1158 2011.02.17 ASKToolbar
Microsoft 1.6502 2011.02.16 Adware:Win32/OpenCandy
Those are the 2 that picked it up, rest was no detections
2/43
http://www.virustotal.com/file-scan/report.html?id=bd3964ee028104cf61d4ac6e20d6c5ad7eb2fad8cde193a74a5d9543e7969657-1297946983
DavidR
7
As you can see from my VT link, from the day before this was clear on all scanners, so it was a virus signature update between those two days that triggered this. When previously it wasn’t considered a problem.
When this happens on long established software (and coming from sourceforge) it is usually an indication it is a false positive and the VT results tend to support that view.
system
8
Oh ok thank you Everyone
been running Avast for 6 years, just decided to try MSE a bit on the Desktop, but think i do trust Avast quite a bit, so think will switch Desktop back early tomorrow, MSE i think or i hope uninstalls cleanly lol, and then can just put Avast 5.1 in, register, update, configure, and set
Thank you all for reply, really do appreciate it
Pondus
10
Adware:Win32/OpenCandy
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FOpenCandy
Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. User-specific information, including a unique machine code, operating system information, locale (country), and certain other information are sent to a remote server without obtaining adequate user consent.
And the McAfee ( ASKToolbar ) detection may be a PUP detection , it does not always show on VT
A PUP (potentially unwanted program) http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1066761,00.html
So does frostwire come with ask toolbar bundled ?
polonus
11
These possibly unwanted toolbar issues can be managed easily via using toolbarcop, see: http://windowsxp.mvps.org/toolbarcop.htm
OpenCandy and Ask bar installs could be considered such possibly unwanted browser extensions as they are coming “on the back” of another software install you choose and you did not agree to installing these additionally whether they are actually harmful or not
like there are:
Browser Helper Objects (BHO)
Toolbars
Standard Toolbar buttons
Context menu Extensions
Download managers
Protocol Handlers
Horizontal / Vertical Explorer Bars (side-search bars)
Startup applications originating from RUN registry keys.
polonus