Jump to content
ky331

DAP being detected as CWS/HWY

Recommended Posts

I have download accelerator plus (DAP) version 5.0 [which i understand some people might consider adware in its own right]

which is being detected by SAS [core 3339, trace 1340] as Trojan.CWS/HWY:

HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

the classID shows up in my HJT log under O9, as an internet explorer button for DAP

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

I only did a custom scan, so I don't know at this point if a complete scan would pick up additional items... i hope to run one later today.

I am assuming this to be a false positive??

Share this post


Link to post
Share on other sites

Result: 0/31 (0%)

Antivirus Version Last Update Result

AhnLab-V3 2007.11.10.0 2007.11.09 -

AntiVir 7.6.0.34 2007.11.09 -

Authentium 4.93.8 2007.11.09 -

Avast 4.7.1074.0 2007.11.09 -

AVG 7.5.0.503 2007.11.09 -

BitDefender 7.2 2007.11.09 -

CAT-QuickHeal 9.00 2007.11.09 -

ClamAV 0.91.2 2007.11.09 -

DrWeb 4.44.0.09170 2007.11.09 -

eSafe 7.0.15.0 2007.11.08 -

eTrust-Vet 31.2.5284 2007.11.09 -

Ewido 4.0 2007.11.09 -

FileAdvisor 1 2007.11.10 -

Fortinet 3.11.0.0 2007.10.19 -

F-Prot 4.4.2.54 2007.11.09 -

F-Secure 6.70.13030.0 2007.11.09 -

Ikarus T3.1.1.12 2007.11.09 -

Kaspersky 7.0.0.125 2007.11.09 -

McAfee 5160 2007.11.09 -

Microsoft 1.3007 2007.11.09 -

NOD32v2 2650 2007.11.09 -

Norman 5.80.02 2007.11.09 -

Panda 9.0.0.4 2007.11.09 -

Rising 20.17.41.00 2007.11.09 -

Sophos 4.23.0 2007.11.09 -

Sunbelt 2.2.907.0 2007.11.09 -

Symantec 10 2007.11.09 -

TheHacker 6.2.9.122 2007.11.09 -

VBA32 3.12.2.4 2007.11.08 -

VirusBuster 4.3.26:9 2007.11.09 -

Webwasher-Gateway 6.0.1 2007.11.09 -

Additional information

File size: 1351680 bytes

MD5: 3de47c2191bc54f39c321d4404ad0b57

SHA1: 45972d15039f7dbe3614ec47d77461c3fa07d88c

Share this post


Link to post
Share on other sites

and from Jotti

File: DAP.exe

Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 3de47c2191bc54f39c321d4404ad0b57

Packers detected: -

Bit9 reports: No threat detected

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Share this post


Link to post
Share on other sites
I have download accelerator plus (DAP) version 5.0 [which i understand some people might consider adware in its own right]

which is being detected by SAS [core 3339, trace 1340] as Trojan.CWS/HWY:

HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

the classID shows up in my HJT log under O9, as an internet explorer button for DAP

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

I only did a custom scan, so I don't know at this point if a complete scan would pick up additional items... i hope to run one later today.

I am assuming this to be a false positive??

Looks like spyware sharing the same GUID as DAP if that's the case:

http://www.google.com/search?hl=en&safe ... 95F261C%7D

I would suggest just trusting/allowing the GUID.

Share this post


Link to post
Share on other sites

for what it's worth, I finally got around to doing a COMPLETE scan [core 3341, trace 1342], and that one registry entry was the only thing being picked up

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×