# Adw Cleaner - Virus in the EXE file



## Aquarius69 (Dec 12, 2013)

As my computer doesn't have a virus, I've posted this thread in the General Security section, but please feel free to move it if it's in the wrong section.

I tried to use Adw Cleaner earlier today, which prompted me to upgrade to a new version, which I tried to do.

To my complete surprise, for the first time ever, Comodo Anti-Virus detected the Adw download as a Virus! I tried downloading it from Adw's official site (both the main and Mirror ones) and via Bleeping Computer's web site. In all cases, a repeated Comodo message that they had blocked an Adw virus appeared, which was then quarantined on all 3 occasions.

It appears that the Adw download has been infected, as Adw is normally a safe program widely publicized by several sites. 

Due to the above, Comodo deleted the original Desktop .exe file and prevented the new version from being installed.


----------



## flavallee (May 12, 2002)

Here is where I normally download *AdwCleaner.exe* from.

http://www.bleepingcomputer.com/download/adwcleaner/

Select the large blue "Download Now @ BleepingComputer" link.

The file is fine and NOT infected.

The current version is *3.015*


----------



## Cookiegal (Aug 27, 2003)

It's probably a false positive by Comodo. It's highly unlikely that the download from three different sites would all be infected.


----------



## dvk01 (Dec 14, 2002)

it is definitely a false detection by Comodo, which is very well known for inaccurate detections
the erroneous detections are being made on the autoit packer program that adwcleaner is built with


----------



## Aquarius69 (Dec 12, 2013)

flavallee said:


> Here is where I normally download *AdwCleaner.exe* from.
> 
> http://www.bleepingcomputer.com/download/adwcleaner/
> 
> ...


I'm glad to hear that the file is not infected.

Unfortunately, the fault is currently ongoing in all links, both the official French link and via Bleeping Computer.


----------



## Aquarius69 (Dec 12, 2013)

Cookiegal said:


> It's probably a false positive by Comodo. It's highly unlikely that the download from three different sites would all be infected.


I agree.

Adw Cleaner is an invaluable program, which, prior to just recently, I could easily download new versions of and run, but at present, Comodo is blocking access to install this program.


----------



## Aquarius69 (Dec 12, 2013)

dvk01 said:


> it is definitely a false detection by Comodo, which is very well known for inaccurate detections
> the erroneous detections are being made on the autoit packer program that adwcleaner is built with


It sounds like Comodo are renowned for false detections.

I've read mixed reviews on several brands of anti-virus, firewall and full security suites, including AVG, Comodo, Kaspersky, Avira and Avast.

How do these 5 compare for security, privacy, detection and removal of malware, viruses, etc?

Some people have expressed concern about Kaspersky because it's Russian, how it uses heavy resources and considerably slows down even more modern faster computers and clashes with remnants of unremoved traces of no longer used other security programs, while other people say newer versions are lighter on resources than previous versions and that it's one of the top brands for preventing, detecting and removing dangers.

I've read somewhere that Avira has a narrow edge over Avast for detections and that all have free anti-viruses but only Comodo has a free Internet Security suite, although I'd be very happy to keep in mind a fee based product, depending on how reliable and affordable it is, due to the annual or every 2 years subscriptions required and how well the product protects against malware in the wild and removing any malware that gets through. Comodo is very good generally, but it is a nuisance when it blocks safe programs like Adw Cleaner.

I've currently left my question on security suites, etc in this thread, as I've posted acknowledgement and reference to the Comodo false detections, but please feel free to move my question, moderators, to a different section if this makes things easier.

It is a big relief to hear from each of you that Adw Cleaner continues to be a safe program, but is presently blocked by Comodo.

Update: Adw Cleaner is now accessible again, as the false detection has since been removed.


----------



## Cookiegal (Aug 27, 2003)

The false positive has finally been reported to Comodo so it will be verified and removed very soon:

http://forums.comodo.com/av-false-positivenegative-detection-reporting/fp-t100386.0.html

Comodo was detecting it as "UnclassifiedMalware":

https://www.virustotal.com/en/file/...74ba3a5982906a9d5d882aaf0e1b933d36a/analysis/


----------



## Aquarius69 (Dec 12, 2013)

Cookiegal said:


> The false positive has finally been report to Comodo so it will be verified and removed very soon:
> 
> http://forums.comodo.com/av-false-positivenegative-detection-reporting/fp-t100386.0.html


http://forums.comodo.com/av-false-positivenegative-detection-reporting/fp-t100386.0.html

This is a huge relief. 



Cookiegal said:


> Comodo was detecting it as "UnclassifiedMalware":
> 
> https://www.virustotal.com/en/file/...74ba3a5982906a9d5d882aaf0e1b933d36a/analysis/


Some companies are still listing Adw as malware, but Comodo have since lifted the block, as I've revisited the Bleepingcomputer web site and tried to download Adw from its mirror link and it now works again.


----------



## Cookiegal (Aug 27, 2003)

It is quite common for security-related programs to be detected as malware for various reasons, one being the use of packers as dvk01 mentioned and basically because of the way they behave which is similar to malware (they are executables and have the ability to make changes and delete files and registry entries from your system). 

Comodo acted on it very quickly once it was brought to their attention.


----------



## Aquarius69 (Dec 12, 2013)

Cookiegal said:


> It is quite common for security-related programs to be detected as malware for various reasons, one being the use of packers as dvk01 mentioned and basically because of the way they behave which is similar to malware (they are executables and have the ability to make changes and delete files and registry entries from your system).


It sounds like false positives can occur as a deterrent, which would easily block a danger, even if not in this case. I know some other programs are Riddled with false positives, having read reviews on some software products, which are definitely best avoided.



Cookiegal said:


> Comodo acted on it very quickly once it was brought to their attention.


They did, and that's the beauty of Comodo. They soon rectify any problems and seem to be a generally reliable company for security software.


----------

