Ad-aware - False Postives with new RefList
 

There are at least two false positives on the new ref list:

1) Norton CleanSweep's cscore.dll is being identified as a CometCursor file.

2) sporder.dll -- used by Sygate PF and AdCruncher Proxy -- is being identified as a WebHancer file.

Check here for latest info:
Lavasoft Support Board > Open forums > Suggestions & Bug reporting link

Norton CleanSweep cscore.dll Comet Cursor

Buzz...
 

Buzz...thanks for the imput..I hope you are right..

..To my understanding there are 5 files that comprise Webhancer..sproder.dll is one of them.

It is a reporting file.

Why is it being bundled with a firewall program?

I would like to see the dust settle fully on this one.

This explanation raises more questions than it answers...

Re: Buzz...
 

My first thought on this is that some spyware program has named their files after important system files.

Say, if a spyware program would be named win32dll.exe and was in your ~/system folder, would you delete it?

Re: Buzz...
 

Damn, I had a large post all written and somehow, while double-checking one of the sites I was on, closed the browser without posting it...

I got my original info from Ad-aware while checking out the Norton CleanSweep cscore.dll > Comet Cursor issue.
(See my post above)

I have been reading several pages and excerpts from manuals that I found with google.com (sporder.dll)

The first site was cexx.org > Foistware/Spyware: WebHancer
About halfway down the page are instructions from WebHancer for uninstalling their program. On the list is the sporder.dll with an indication of a footnote below:
After more reading I have found that the file is used to help set the default Winsock 2 tcp\ip stack...
This function can be used by a firewall\proxy\adblocker program to redirect the URL request correctly...
(Also would help spyware\foistware\adware programs intercept your requests as well)

But yes, the file does have legitimate uses... :cool:

at least one site now has the older reflist, Ad-aware signature file (ref # 101-04-04-2002) 20 kb instead of ref # 103-07-04-2002. what i'm not sure of, because the site i got this from is a mirror, is if all sites have removed #103, or if this site never had it to start with. you know the deal with ad-aware, if you don't allow a site redirection your browser just times out. this is it below.
http://www.majorgeek.com/index2.html

i don't know what's worse, an ad-aware mistake or runaway spyware.

nah, the spyware's much worse. ad-ware's doing a great job. they can have their occasional mistake, if that's even what it was, because you know they'll fix it immediately. when the spyware guys blow it they just spend the time lying to you about how great it is.

- js.

When I installed 5.71, I looked for a reffile, but could find only 101-04-04-2002 for download. Then I checked my current ref list, and it said 103-07-04-2002 - so it seems that the latter comes only with the 5.71 itself.:W:

i had gotten it by itself and i just now got back into the same site. Ad-aware signature file (ref # 103-07-04-2002) 22 kb is still there. that's interesting. http://www.lsfileserv.com/downloads.html

- js.

new ad-aware ref file # 105-11-04-2002
 

havent tried it out yet, but here it is:
Ad-aware signature file (ref # 105-11-04-2002) 22 kb
http://www.lsfileserv.com/downloads.html

or direct link: Ad-aware signature file (ref # 105-11-04-2002) 22 kb

thanks djakrse,:tu: i just ran it and didn't find anything new. don't know whether that's good or bad after these last few days...

- js.

same here, nothing new but then im not in the danger zone right now. sorry to hear yer probs, ive certainly had my share. ;(