the correct path is:
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
the new 3.309 adwcleaner tells that there is a virus in it...why?
and why ,if it is true, is not possible to remove it...??
Also cannot download as Norton blocks and removes it. Here is copy of Norton details:
Filename: adwcleaner[1].exe
Threat name: Trojan.Gen.SMH
Full Path: c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0xz70k18\adwcleaner[1].exe
____________________________
Details
Unknown Community Usage, Unknown Age, Risk High
Origin
Downloaded from
http://download.bleepingcomputer.com/dl/ccc7b1be60ac8b673cbab8cd91aea0c9/5405e713/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe
Activity
Actions performed: Actions performed: 1
____________________________
On computers as of
9/2/2014 at 8:45:45 AM
Last Used
9/2/2014 at 9:49:52 AM
Startup Item
No
Launched
No
____________________________
Unknown
It is unknown how many users in the Norton Community have used this file.
Unknown
This file release is currently not known.
High
This file risk is high.
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
___________________________
http://download.bleepingcomputer.com/dl/ccc7b1be60ac8b673cbab8cd91aea0c9/5405e713/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe
Downloaded File adwcleaner[1].exe Threat name: Trojan.Gen.SMH
from bleepingcomputer.com
Source: External Media
adwcleaner[1].exe
___________________________
File Actions
File: c:\Users\ADMIN\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0XZ70K18\ adwcleaner[1].exe Removed
____________________________
File Thumbprint - SHA:
f303a32ba4a44ae7d25b73f5b6f3f2c3dcf6d9970ebf88de816b399eedce80b1
File Thumbprint - MD5:
Not available
False alarm:
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhkmpddbiciimgibbkmimhfognpknmeo
It is absolutely legal extension of the store
https://chrome.google.com/webstore/detail/save-as-mhtml/fhkmpddbiciimgibbkmimhfognpknmeo
C:\Users\User\AppData\Local\Mail.Ru
In this folder, I have installed "Cloud Mail.ru", it need not be removed, it is completely legal and no it does not apply to advertising
https://cloud.mail.ru/
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru
And in that folder I have is a shortcut to the legal application "Cloud Mail.ru"
https://cloud.mail.ru/
Please, I need your help. After scanning my system with your product, I detected the following (from the report)
# AdwCleaner v3.303 - Report created 08/08/2014 at 10:38:47
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Paulo - PAULO-PC
# Running from : C:\Users\Paulo\Desktop\Clean Up\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Google Chrome v34.0.1847.116
[ File : C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
*************************
AdwCleaner[R99].txt - [715 octets] - [08/08/2014 10:38:47]
########## EOF - C:\AdwCleaner\AdwCleaner[R99].txt - [775 octets] ##########
After the scan, Under Chrome found an Extension unknown.(see above)
Selected "Clean" - Program ran for a little then a message appeared:
Aut2Exe has stopped working.
A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is available.
The faulty chrome Extension was not removed. My system is now unstable and had several dumps (blue screen). Avast, ESET, Malwarebytes and other reported nothing, only AdwCleaner.
Again, my system is now unstable, AdwCleaner is detecting that Chrome Extension but does abort before removing it. Any idea of what the problem is.
Please, contact me at padi5star@gmail.com if you have a solution. I will be away from my computer for 10 days, but I can receive emails.
Thank you.
Go to http://www.afterdawn.com/ and in the search bar type "AdwCleaner v3.302". After it down loads, then run it. If it says a new version is available, PRESS CANCEL button. That way it will not remove itself from your folder.
=8-)
//////// v3.303 - 06/08/14 //////// FR
- Mise à jour de la base de données
- Faux positifs supprimés
- Détection générique Multiplug mise à jour
- Détection générique DownloadProtect mise à jour
- Détection générique Crossrider mise à jour
- Détection générique Skintrim mise à jour
//////// v3.303 - 06/08/14 //////// ENG
- Database update
- False positive removed
- Generic.Crossrider detection updated
- Generic.Downloadprotect detection updated
- Generic.Multiplug detection updated
- Generic.Skintrim detection updated
//////// v3.302 - 30/07/14 //////// FR
- Mise à jour de la base de données
- Faux positifs supprimés
- Ajout de processus à la liste blanche
- Mise à jour du module de détection des tâches planifiées
- Ajout de la possibilité d'annuler le nettoyage avant la fermeture des processus
- Détection générique AdPeak mise à jour
//////// v3.302 - 30/07/14 //////// ENG
- Database update
- False positive removed
- Added processes to whitelist
- Updated scheduled task detections
- Added possibility to cancel cleaning before closing processes
- Generic.AdPeak detection updated
Merci encore pour tout le service rendu ;)
Bonjour,
Est t'il prévu de pouvoir lancer AdwCleaner en ligne de commande ? Par exemple, "adwcleaner.exe /scan -remove" lancerait un scan des fichiers malveillants, puis les supprimeraient, tout cela en arrière plan avec peut être un log directement dans la console (par ex: "Scanning folders... Done!" etc.)
Merci,
Received a message from Norton concerning adwcleaner 3.216: 07/19/2014 11:58:51 AM,High,adwcleaner.exe (SONAR.Heuristic.120) detected by SONAR,Quarantined,Resolved - No Action. Norton removed adwcleaner.exe to resolve problem. Is this normal?.
Thank you for this excellent software which removed the annoying 'trovi' infection of my browsers. I found your site from an article in Computreactive Issue 247.
