-
March 10th, 2008, 05:23 PM
#11
If they truly are not spyware, then I would report the false positive to the vendor. That will nix the annoying warnings for everyone.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 10th, 2008, 07:04 PM
#12
Hmmm,
It is a good point about false positives though. I know that a lot of scanners will flag Alexa as spyware, but I am surprised to see it in 4 installation files? Anyway, we know that MS installs it, so the warning seems a bit superfluous?
http://www.jsware.net/jsware/msicode.php3#unpack
That site has tools that let you open up .msi files and see what they do
Last edited by nihil; March 10th, 2008 at 07:06 PM.
-
March 11th, 2008, 01:17 PM
#13
Hey there. Thanks for the link.
Spoke to my supervisor. She says that Alexa is Malware, I quote
It can open up your computer to outsiders
As nihil said
Anyway, we know that MS installs it, so the warning seems a bit superfluous?
I might be asking a stupid Q here - Why does MS install it if it gets flagged for malware?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
March 11th, 2008, 01:54 PM
#14
-
March 11th, 2008, 06:01 PM
#15
Wow
Delete the msi files in question
DevSupp.dll is probably hijacked
If you notice the random characters your mal/spyware generated i.e., 36fe.msi
This means your true issue is creating random install files so when you clean one, two more infect you. These are not the Microsoft installer, they are Microsoft installation packages.
9 times out of 10 there will be a entry in the \...\currentversion\run KEYS (Current user - everyone who loged on) and system pointing to the instal packages.
ie HKEY\LOCAL MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN and in the left pain will be c:\windows\36fe.msi
Don't forget to dump system restore
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
March 12th, 2008, 08:56 AM
#16
Sheesh, what a mission
Thanks for all the tips everyone.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
March 12th, 2008, 09:05 AM
#17
Get copies of the files.....................
If dinowuff is correct, you are NOT dealing with Alexa.
Send the files to your research people to investigate
-
March 12th, 2008, 04:41 PM
#18
virustotal or cwsandbox are two of my favorite for submitting questionable stuff.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
March 12th, 2008, 05:00 PM
#19
Another one is Jotti:
http://virusscan.jotti.org/
Although virus total uses more scanners
http://www.virustotal.com/
Both are supported by and use Panda, so they should be OK for Cider to use. Obviously they are both using scanning techniques, whilst Sunbelt's CWSandbox actually tries to run the thing and see what it does
-
March 12th, 2008, 10:46 PM
#20
Back on original topic so a double post
It just ocurred to me that this might actually be some sort of trojan with Alexa as the payload.
I seem to recall that there were one or two that specifically did this?
As Alexa is a web surfing habits and site rating system, unscrupulous site owners would use this trick to increase the number of hits being reported to Alexa.
Something similar to the click fraud scams for pay per click advertising schemes. There are trojans to do that as well
Similar Threads
-
By cool_boy in forum General Computer Discussions
Replies: 3
Last Post: June 29th, 2006, 02:45 AM
-
By Nokia in forum Tips and Tricks
Replies: 0
Last Post: June 12th, 2004, 05:36 PM
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By Gbin@ryR in forum AntiOnline's General Chit Chat
Replies: 8
Last Post: February 28th, 2002, 05:52 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|