in particular i wanted to raise awareness about some firefox adware/malware which is showing up rather frequently as an addon with a randomized id and name which hides itself from the addons manager which is going undetected at the moment.
you can find some samples of the amlicious addon's .xpi file attached at https://bugzilla.mozilla.org/show_bug.cgi?id=1161259
Hi,
These FP have been removed from the database.
Regards,
Hi / Salut,
2 détections :
***** [ Fichiers ] *****
Fichier Trouvé : C:\WINDOWS\Sysnative\drivers\mcaudrv_x64.sys Fichier
Trouvé : C:\WINDOWS\Sysnative\drivers\mcvidrv.sysVirustotal :
https://www.virustotal.com/fr/file/b4b06b17f687be591275d80d63e3f648cac9d34dd83c80af5...
Hello,
Can you please provide us with AdwCleaner's logfile so that we will be able to remove it from the database or update our detections ?
You can write a script to restore many files at once. Just put one line per file to restore ( you can extract the lines from Quarantine.log file ) and use "Script" option in Quarantine manager. Put only the original location of each file in your script.
...How to Remove LizardSales
File,Folder
%ProgramData%\Application Data\LizardSales %ProgramData%\LizardSales %AppData%\appdataFr2.bin %AppData%\appdataFr25.bin %AppData%\appdataFr3.bin
Registry
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlag\Compatibility Assistant\Persisted] "C:\ProgramData\LizardSales\LizardSales.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal...
Bonjour,
Je viens de faire un scan de ma machine avec AdwCleaner et le rapport d'analyse me dit : "Fichier Trouvé : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab"
En regardant le contenu de ce dossier, je vois que c'est l'extension pour Google Chrome du logiciel "HP Client Security Manager". Extrait du contenu du fichier C:\Us...
I just ran ADWCleaner at the suggestion of the Reddit Techsupport forum, and it removed a very valuable folder.
I found the folder in Quarantine, but I feel that this needs to be looked at further.
The folder that was deleted was a save folder for a variety of modded Minecraft games. There is an online community on Reddit where these games are discussed, and a standalone Launcher that downloa...
Hi,
UVK_en.exe belongs to UltraVirusKiller.
The developer of UltraVirusKiller has stolen the databases from JRT and AdwCleaner.
I would never use a software where the developer steals the databases of other softwares in order to improve this own tool.
So why should the process from such a fake tool be whitelisted?
Hi pguilb75,
according to a little research I did, HKLM\Software\classes\SDP seems to be related to Adware.Somoto-group.
Can you post the full logfile of AdwCleaner (C:\AdwCleaner\AdwCleaner[Sx].txt), please?
