DAP being detected as CWS/HWY

[ky331]

I have download accelerator plus (DAP) version 5.0 [which i understand some people might consider adware in its own right]

which is being detected by SAS [core 3339, trace 1340] as Trojan.CWS/HWY:

HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

the classID shows up in my HJT log under O9, as an internet explorer button for DAP

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

I only did a custom scan, so I don't know at this point if a complete scan would pick up additional items... i hope to run one later today.

I am assuming this to be a false positive??

[Lasse88]

try and upload the file to virustotal.com

[ky331]

Result: 0/31 (0%)

Antivirus Version Last Update Result

AhnLab-V3 2007.11.10.0 2007.11.09 -

AntiVir 7.6.0.34 2007.11.09 -

Authentium 4.93.8 2007.11.09 -

Avast 4.7.1074.0 2007.11.09 -

AVG 7.5.0.503 2007.11.09 -

BitDefender 7.2 2007.11.09 -

CAT-QuickHeal 9.00 2007.11.09 -

ClamAV 0.91.2 2007.11.09 -

DrWeb 4.44.0.09170 2007.11.09 -

eSafe 7.0.15.0 2007.11.08 -

eTrust-Vet 31.2.5284 2007.11.09 -

Ewido 4.0 2007.11.09 -

FileAdvisor 1 2007.11.10 -

Fortinet 3.11.0.0 2007.10.19 -

F-Prot 4.4.2.54 2007.11.09 -

F-Secure 6.70.13030.0 2007.11.09 -

Ikarus T3.1.1.12 2007.11.09 -

Kaspersky 7.0.0.125 2007.11.09 -

McAfee 5160 2007.11.09 -

Microsoft 1.3007 2007.11.09 -

NOD32v2 2650 2007.11.09 -

Norman 5.80.02 2007.11.09 -

Panda 9.0.0.4 2007.11.09 -

Rising 20.17.41.00 2007.11.09 -

Sophos 4.23.0 2007.11.09 -

Sunbelt 2.2.907.0 2007.11.09 -

Symantec 10 2007.11.09 -

TheHacker 6.2.9.122 2007.11.09 -

VBA32 3.12.2.4 2007.11.08 -

VirusBuster 4.3.26:9 2007.11.09 -

Webwasher-Gateway 6.0.1 2007.11.09 -

Additional information

File size: 1351680 bytes

MD5: 3de47c2191bc54f39c321d4404ad0b57

SHA1: 45972d15039f7dbe3614ec47d77461c3fa07d88c

[ky331]

and from Jotti

File: DAP.exe

Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 3de47c2191bc54f39c321d4404ad0b57

Packers detected: -

Bit9 reports: No threat detected

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

[SUPERAntiSpy]

I have download accelerator plus (DAP) version 5.0 [which i understand some people might consider adware in its own right]

which is being detected by SAS [core 3339, trace 1340] as Trojan.CWS/HWY:

HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

the classID shows up in my HJT log under O9, as an internet explorer button for DAP

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

I only did a custom scan, so I don't know at this point if a complete scan would pick up additional items... i hope to run one later today.

I am assuming this to be a false positive??

Looks like spyware sharing the same GUID as DAP if that's the case:

http://www.google.com/search?hl=en&safe ... 95F261C%7D

I would suggest just trusting/allowing the GUID.

[ky331]

for what it's worth, I finally got around to doing a COMPLETE scan [core 3341, trace 1342], and that one registry entry was the only thing being picked up