Jump to content

Bundled.Toolbar.Google.D is this false positive please?


Recommended Posts

Hello,

My Avast license has expired, once that happened, after couple of days I decided to scan my computer as I always do, with Eset, Roguekiller, Malwarebytes, Mbar, and Avast. I scan with only one thing at a time.

Eset for some reason (almost certainly false positive) found this:

C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe    Win32/Bundled.Toolbar.Google.D potenciálne zneužiteľná aplikácia    chyba pri mazaní (Prístup odmietnutý)
C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-94f.vpx    Win32/Bundled.Toolbar.Google.D potenciálne zneužiteľná aplikácia    chyba pri mazaní (Prístup odmietnutý)

So,according to this, there is Bundles.Toolbar.Google.D and it cannot be deleted by Eset Online Scanner.

(for info, I use Eset Online scanner only as a one time use, IMO it shows better results than regular Eset).

I also scanned files with virustotal and nothing shows up:

https://www.virustotal.com/gui/file/52aa6ad3ac357075d8ff55cca5931cc8388966a840302a2b484c79f3c4d104d4/detection

and

https://www.virustotal.com/gui/file/52aa6ad3ac357075d8ff55cca5931cc8388966a840302a2b484c79f3c4d104d4/detection

 

I had my computer turned off during last couple of days, and last time I had it turned on I also scanned it, it was at the time I had Avast License,and nothing was found. So,basically, it was turned off, there was nothing that could have infected it since last scan. Only Avast license has expired,and antivirus/antimalware programs, including Eset Online Scanner received updates. So this probable false positives came with new update for Eset Online Scanner.

I attached Eset report file and also packed both files that show up as positive.

 

Is this please false positive? Thanks

 

 

 

eset.txt pack.zip

Link to comment
Share on other sites

  • Administrators

It seems you have already contacted samples[at]eset.com as well where you've received a response.

The detection is correct. The reason why EOS couldn't delete the file could be that you have another AV installed which is protecting files in its folders.

Link to comment
Share on other sites

25 minutes ago, Marcos said:

It seems you have already contacted samples[at]eset.com as well where you've received a response.

The detection is correct. The reason why EOS couldn't delete the file could be that you have another AV installed which is protecting files in its folders.

Wait, so,this is not false positive?

This is an actual malware?

Is it dangerous?and how come it showed up now and not before during scan that I took a week ago (during this week I have not used PC at all and had it turned off).

So, do you recommend  me to uninstall Avast, remove detections and install another antivirus?

 

I managed to delete it during Safe Mode, if they will not show up now during normal scan, can I keep Avast?

Thanks

Edited by Salenai
Added info
Link to comment
Share on other sites

  • Administrators

Potentially unwanted and unsafe applications are not malicious in any way. 

According to https://support.eset.com/kb2629/:

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.

Potentially unsafe applications are legitimate applications that may be misused in the wrong hands (e.g. a process killer tool misused to kill AV).  The detection also covers certain toolbars. It is disabled by default which is probably why the app hadn't been detected until recently.

Link to comment
Share on other sites

13 minutes ago, Marcos said:

Potentially unwanted and unsafe applications are not malicious in any way. 

According to https://support.eset.com/kb2629/:

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.

Potentially unsafe applications are legitimate applications that may be misused in the wrong hands (e.g. a process killer tool misused to kill AV).  The detection also covers certain toolbars. It is disabled by default which is probably why the app hadn't been detected until recently.

Thanks a lot :)

 

so,they belong to avast,right?

i deleted them from safe mode, EOS doesnt find them anymore.

Link to comment
Share on other sites

Avast is a privacy nightmare. They do a lot of shady things in the background, make fool of their customers using constant annoyances, give them a false sense of danger and try to pursue users to buy their VPN, etc. They used to have a overseer.exe file that remained in the system even after uninstalling the product and it would send data to their server. What the hell!!! Their installer bundles Google Chrome in it too. In terms of protection it's a good product but I find those constant nagging, privacy issues unbearable. Avast itself feels like a PUP to me. Maybe it's better if you ditch their product and try other better products free from all these problems.

Edited by SeriousHoax
Link to comment
Share on other sites

  • Most Valued Members
21 hours ago, SeriousHoax said:

Avast is a privacy nightmare. They do a lot of shady things in the background, make fool of their customers using constant annoyances, give them a false sense of danger and try to pursue users to buy their VPN, etc. They used to have a overseer.exe file that remained in the system even after uninstalling the product and it would send data to their server. What the hell!!! Their installer bundles Google Chrome in it too. In terms of protection it's a good product but I find those constant nagging, privacy issues unbearable. Avast itself feels like a PUP to me. Maybe it's better if you ditch their product and try other better products free from all these problems.

I wouldn't like an AntiVirus software offering me to use Toolbars or some other unwanted things, or even offer me to install a specific Browser.. , If It was the Free Edition , then I would have understood that they might do that because it is the Free Edition , but when you are a paid customer , then I don't know why they do that.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...