ky331 Posted November 7, 2007 I have download accelerator plus (DAP) version 5.0 [which i understand some people might consider adware in its own right] which is being detected by SAS [core 3339, trace 1340] as Trojan.CWS/HWY: HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} the classID shows up in my HJT log under O9, as an internet explorer button for DAP O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE I only did a custom scan, so I don't know at this point if a complete scan would pick up additional items... i hope to run one later today. I am assuming this to be a false positive?? Share this post Link to post Share on other sites
Lasse88 Posted November 9, 2007 try and upload the file to virustotal.com Share this post Link to post Share on other sites
ky331 Posted November 9, 2007 Result: 0/31 (0%) Antivirus Version Last Update Result AhnLab-V3 2007.11.10.0 2007.11.09 - AntiVir 7.6.0.34 2007.11.09 - Authentium 4.93.8 2007.11.09 - Avast 4.7.1074.0 2007.11.09 - AVG 7.5.0.503 2007.11.09 - BitDefender 7.2 2007.11.09 - CAT-QuickHeal 9.00 2007.11.09 - ClamAV 0.91.2 2007.11.09 - DrWeb 4.44.0.09170 2007.11.09 - eSafe 7.0.15.0 2007.11.08 - eTrust-Vet 31.2.5284 2007.11.09 - Ewido 4.0 2007.11.09 - FileAdvisor 1 2007.11.10 - Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.09 - F-Secure 6.70.13030.0 2007.11.09 - Ikarus T3.1.1.12 2007.11.09 - Kaspersky 7.0.0.125 2007.11.09 - McAfee 5160 2007.11.09 - Microsoft 1.3007 2007.11.09 - NOD32v2 2650 2007.11.09 - Norman 5.80.02 2007.11.09 - Panda 9.0.0.4 2007.11.09 - Rising 20.17.41.00 2007.11.09 - Sophos 4.23.0 2007.11.09 - Sunbelt 2.2.907.0 2007.11.09 - Symantec 10 2007.11.09 - TheHacker 6.2.9.122 2007.11.09 - VBA32 3.12.2.4 2007.11.08 - VirusBuster 4.3.26:9 2007.11.09 - Webwasher-Gateway 6.0.1 2007.11.09 - Additional information File size: 1351680 bytes MD5: 3de47c2191bc54f39c321d4404ad0b57 SHA1: 45972d15039f7dbe3614ec47d77461c3fa07d88c Share this post Link to post Share on other sites
ky331 Posted November 9, 2007 and from Jotti File: DAP.exe Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 3de47c2191bc54f39c321d4404ad0b57 Packers detected: - Bit9 reports: No threat detected A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Share this post Link to post Share on other sites
SUPERAntiSpy Posted November 9, 2007 I have download accelerator plus (DAP) version 5.0 [which i understand some people might consider adware in its own right]which is being detected by SAS [core 3339, trace 1340] as Trojan.CWS/HWY: HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} the classID shows up in my HJT log under O9, as an internet explorer button for DAP O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE I only did a custom scan, so I don't know at this point if a complete scan would pick up additional items... i hope to run one later today. I am assuming this to be a false positive?? Looks like spyware sharing the same GUID as DAP if that's the case: http://www.google.com/search?hl=en&safe ... 95F261C%7D I would suggest just trusting/allowing the GUID. Share this post Link to post Share on other sites
ky331 Posted November 10, 2007 for what it's worth, I finally got around to doing a COMPLETE scan [core 3341, trace 1342], and that one registry entry was the only thing being picked up Share this post Link to post Share on other sites