If they truly are not spyware, then I would report the false positive to the vendor. That will nix the annoying warnings for everyone.
--TH13
Printable View
If they truly are not spyware, then I would report the false positive to the vendor. That will nix the annoying warnings for everyone.
--TH13
Hmmm,
It is a good point about false positives though. I know that a lot of scanners will flag Alexa as spyware, but I am surprised to see it in 4 installation files? Anyway, we know that MS installs it, so the warning seems a bit superfluous?
http://www.jsware.net/jsware/msicode.php3#unpack
That site has tools that let you open up .msi files and see what they do ;)
Hey there. Thanks for the link.
Spoke to my supervisor. She says that Alexa is Malware, I quote
As nihil saidQuote:
It can open up your computer to outsiders
I might be asking a stupid Q here - Why does MS install it if it gets flagged for malware?Quote:
Anyway, we know that MS installs it, so the warning seems a bit superfluous?
Alexa is strange one. as it is not a malware in my absolutely pedantic definition of such. :D
You might consider it to be a form of spyware, but in reality it is just a bloody nuisance. It is actually a targeted advertising application that is the result of some sort of deal between Microsoft and Amazon (I think). I seem to recall that it needs IE to work?
It is of no interest and absolutely no value to me so I always remove it. I take a very simple view that if I don't use something I don't want it running. Firstly it would be using MY resources and secondly it is just something else to go wrong and cause conflicts.
I am not surprised that all Panda does is flag it in the .msi files............ far too complex to try to extract it from one of those! I would guess that what Panda does is clean the Registry and executables, so it cannot run. That is what SpyBot and AdAware do, if you so choose.
I do not think that it is a security hazard in particular............. that would depend on how you run your system IMO............like IE on minimum security and always log in as Administrator? :lildevil: c'mon MS and Amazon are major players.............. if they were doing things like that, how come the drek/cack/poep hasn't hit the fan?
:)
Wow
Delete the msi files in question
DevSupp.dll is probably hijacked
If you notice the random characters your mal/spyware generated i.e., 36fe.msi
This means your true issue is creating random install files so when you clean one, two more infect you. These are not the Microsoft installer, they are Microsoft installation packages.
9 times out of 10 there will be a entry in the \...\currentversion\run KEYS (Current user - everyone who loged on) and system pointing to the instal packages.
ie HKEY\LOCAL MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN and in the left pain will be c:\windows\36fe.msi
Don't forget to dump system restore
Sheesh, what a mission :)
Thanks for all the tips everyone.
Get copies of the files.....................
If dinowuff is correct, you are NOT dealing with Alexa.
Send the files to your research people to investigate ;)
virustotal or cwsandbox are two of my favorite for submitting questionable stuff.
Another one is Jotti:
http://virusscan.jotti.org/
Although virus total uses more scanners
http://www.virustotal.com/
Both are supported by and use Panda, so they should be OK for Cider to use. Obviously they are both using scanning techniques, whilst Sunbelt's CWSandbox actually tries to run the thing and see what it does
:)
Back on original topic so a double post :)
It just ocurred to me that this might actually be some sort of trojan with Alexa as the payload.
I seem to recall that there were one or two that specifically did this?
As Alexa is a web surfing habits and site rating system, unscrupulous site owners would use this trick to increase the number of hits being reported to Alexa.
Something similar to the click fraud scams for pay per click advertising schemes. There are trojans to do that as well:(