Sorry about the misdirection on my greeting. It should have been: "Thank you for the answer, AL!"
That's what happens when I'm writing a single message on two different computers and alternating between mail program and mail webpage... Às 18:24 de 17-02-2016, JD Ackle escreveu: > Thank you for the answer, Joel > > Although I wouldn't be surprised myself to learn an ISP included Adware in > something they provided for free, Shopperz was not the one found on my free > copy of Panda Antivirus Pro, it was Uztuby-3 (Shopperz was on > dnsapi.dll).That being said, I had previously downloaded and executed the > said Panda installer on my Windows system and indeed I noticed the logo of my > ISP on Panda's window. I opted out of receiving third party offers and such > when I first signed with this ISP but I guess otherwise that area on Panda's > window might be used to show advertisements. And I believe this would > classify it as Adware but what is actually reported by ClamAV is a Trojan.I'm > not al all savy on these matters but wouldn't a Trojan pose a greater risk > than the mere disply of (possibly unwanted) ads on one program?I did contact > my ISP about this and their response (no verbal communication towards me > whatsoever) was to remove the free license I had previously activated from my > account management webpage. I can still access it and I redownloaded the file > which remains unchanged. > Concerning the Shopperz detection, I got it on a Windows system file ( > C:\Windows/System32/dnsapi.dll ) and the its full name is: > Win.Trojan.Shopperz-381dnsapi.dll is a Windows system file without which > Windows will not connect to the Internet (at least on my WiFi setup).ClamAV > also detected Sopperz-381 on the same file, in a different location (cached?) > on the same Windows system: > Windows/WinSxS/amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17/dnsapi.dllThe > first time I ran ClamAV on these files (first scan = detection) was > immediately after installing Windows 10 from a DVD burned with an ISO file > downloaded from Microsoft's site. After my first login to that Windows system > I rebooted to a Linux Live DVD (NO network connection was made until after > booting Linux - which I performed in order to install ClamAV and run > freshclam).VirusTotal thinks it's "probably harmless" but Antiy-AVL agrees > with ClamAV that it contains a > Trojan:https://www.virustotal.com/en/file/b51a82ed2d45855ea9018b6269931ca62f3dc430fd513c7e751fc2cb76014bab/analysis/1455724650/FYI > at least since version 8 of Windows, there is this Microsoft Shop > application that enables you to download free/bought software - I'm guessing > there might me some code in dnsapi.dll facilitating that feature. > Hope that helps. > > > > > > On Tuesday, February 16, 2016 10:13 PM, Al Varnell <alvarn...@mac.com> wrote: > > > > Without the exact name of the Shopperz infection, I can’t tell you whether > it’s a recent definition or an old one. There are currently 351 such > signatures. > > The Uztuby-3 was added to the database on 30 Jan 2016 04-36 -0500 in > daily:21324, so it’s been there for a couple of weeks. > > It would not surprise me to learn that an ISP was providing something for > free that included Adware. I’m sure that’s what Shopperz’s are. > > -Al- _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
