Jump to content
Salenai

Bundled.Toolbar.Google.D is this false positive please?

Recommended Posts

Hello,

My Avast license has expired, once that happened, after couple of days I decided to scan my computer as I always do, with Eset, Roguekiller, Malwarebytes, Mbar, and Avast. I scan with only one thing at a time.

Eset for some reason (almost certainly false positive) found this:

C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe    Win32/Bundled.Toolbar.Google.D potenciálne zneužiteľná aplikácia    chyba pri mazaní (Prístup odmietnutý)
C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-94f.vpx    Win32/Bundled.Toolbar.Google.D potenciálne zneužiteľná aplikácia    chyba pri mazaní (Prístup odmietnutý)

So,according to this, there is Bundles.Toolbar.Google.D and it cannot be deleted by Eset Online Scanner.

(for info, I use Eset Online scanner only as a one time use, IMO it shows better results than regular Eset).

I also scanned files with virustotal and nothing shows up:

https://www.virustotal.com/gui/file/52aa6ad3ac357075d8ff55cca5931cc8388966a840302a2b484c79f3c4d104d4/detection

and

https://www.virustotal.com/gui/file/52aa6ad3ac357075d8ff55cca5931cc8388966a840302a2b484c79f3c4d104d4/detection

 

I had my computer turned off during last couple of days, and last time I had it turned on I also scanned it, it was at the time I had Avast License,and nothing was found. So,basically, it was turned off, there was nothing that could have infected it since last scan. Only Avast license has expired,and antivirus/antimalware programs, including Eset Online Scanner received updates. So this probable false positives came with new update for Eset Online Scanner.

I attached Eset report file and also packed both files that show up as positive.

 

Is this please false positive? Thanks

 

 

 

eset.txt pack.zip

Share this post


Link to post
Share on other sites

It seems you have already contacted samples[at]eset.com as well where you've received a response.

The detection is correct. The reason why EOS couldn't delete the file could be that you have another AV installed which is protecting files in its folders.

Share this post


Link to post
Share on other sites
Posted (edited)
25 minutes ago, Marcos said:

It seems you have already contacted samples[at]eset.com as well where you've received a response.

The detection is correct. The reason why EOS couldn't delete the file could be that you have another AV installed which is protecting files in its folders.

Wait, so,this is not false positive?

This is an actual malware?

Is it dangerous?and how come it showed up now and not before during scan that I took a week ago (during this week I have not used PC at all and had it turned off).

So, do you recommend  me to uninstall Avast, remove detections and install another antivirus?

 

I managed to delete it during Safe Mode, if they will not show up now during normal scan, can I keep Avast?

Thanks

Edited by Salenai
Added info

Share this post


Link to post
Share on other sites

Potentially unwanted and unsafe applications are not malicious in any way. 

According to https://support.eset.com/kb2629/:

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.

Potentially unsafe applications are legitimate applications that may be misused in the wrong hands (e.g. a process killer tool misused to kill AV).  The detection also covers certain toolbars. It is disabled by default which is probably why the app hadn't been detected until recently.

Share this post


Link to post
Share on other sites
13 minutes ago, Marcos said:

Potentially unwanted and unsafe applications are not malicious in any way. 

According to https://support.eset.com/kb2629/:

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.

Potentially unsafe applications are legitimate applications that may be misused in the wrong hands (e.g. a process killer tool misused to kill AV).  The detection also covers certain toolbars. It is disabled by default which is probably why the app hadn't been detected until recently.

Thanks a lot :)

 

so,they belong to avast,right?

i deleted them from safe mode, EOS doesnt find them anymore.

Share this post


Link to post
Share on other sites
Posted (edited)

Avast is a privacy nightmare. They do a lot of shady things in the background, make fool of their customers using constant annoyances, give them a false sense of danger and try to pursue users to buy their VPN, etc. They used to have a overseer.exe file that remained in the system even after uninstalling the product and it would send data to their server. What the hell!!! Their installer bundles Google Chrome in it too. In terms of protection it's a good product but I find those constant nagging, privacy issues unbearable. Avast itself feels like a PUP to me. Maybe it's better if you ditch their product and try other better products free from all these problems.

Edited by SeriousHoax

Share this post


Link to post
Share on other sites
21 hours ago, SeriousHoax said:

Avast is a privacy nightmare. They do a lot of shady things in the background, make fool of their customers using constant annoyances, give them a false sense of danger and try to pursue users to buy their VPN, etc. They used to have a overseer.exe file that remained in the system even after uninstalling the product and it would send data to their server. What the hell!!! Their installer bundles Google Chrome in it too. In terms of protection it's a good product but I find those constant nagging, privacy issues unbearable. Avast itself feels like a PUP to me. Maybe it's better if you ditch their product and try other better products free from all these problems.

I wouldn't like an AntiVirus software offering me to use Toolbars or some other unwanted things, or even offer me to install a specific Browser.. , If It was the Free Edition , then I would have understood that they might do that because it is the Free Edition , but when you are a paid customer , then I don't know why they do that.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...