locked
Live Onecare reports my home system clean - external drive shows "Adware.WebDir" at work RRS feed

  • Question

  • How is it that Live OneCare on my personal computer says my system (including external drives & memory keys) are clean, yet when I went to work and plugged in  my external drive, Symantec says its found "Adware.WebDir" and deletes a file from my external drive?  Is Symantec prone to false postives?  These things are embarassing, to say the least.  Thanks.

     

    Friday, January 30, 2009 2:06 PM

Answers

  • It is impossible to say the Symantec found a false positive or that OneCare missed an infection, but it would not be unheard of to say that OneCare missed the infection during a scan - either because it didn't see the infection or because it didn't scan the file or location where Symantec found it.

    Since it has been removed by Symantec, there isn't much that can be done, but normally, you can use the information below to report a missed infection or a suspected false positive report by OneCare: 

    Follow the instructions in this post, http://social.microsoft.com/Forums/en-US/onecareanti-virus/thread/6a1361cb-ae28-4d0b-94df-ae2ae890de29 , to report a virus that is not detected by OneCare and to get help in removal or to report a suspected false positive - a threat detected by OneCare in error.

     

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Friday, January 30, 2009 4:18 PM
    Moderator

All replies

  • It is impossible to say the Symantec found a false positive or that OneCare missed an infection, but it would not be unheard of to say that OneCare missed the infection during a scan - either because it didn't see the infection or because it didn't scan the file or location where Symantec found it.

    Since it has been removed by Symantec, there isn't much that can be done, but normally, you can use the information below to report a missed infection or a suspected false positive report by OneCare: 

    Follow the instructions in this post, http://social.microsoft.com/Forums/en-US/onecareanti-virus/thread/6a1361cb-ae28-4d0b-94df-ae2ae890de29 , to report a virus that is not detected by OneCare and to get help in removal or to report a suspected false positive - a threat detected by OneCare in error.

     

    -steve


    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Friday, January 30, 2009 4:18 PM
    Moderator
  • Prairieperson said:

    How is it that Live OneCare on my personal computer says my system (including external drives & memory keys) are clean, yet when I went to work and plugged in  my external drive, Symantec says its found "Adware.WebDir" and deletes a file from my external drive?  Is Symantec prone to false postives?  These things are embarassing, to say the least.  Thanks. 



    The Symantec Antivirus at work was configured to scan removable drives for potentially malicious files, whether they are really active or not. This causes a large amount of overhead and delays access to the removable device. OneCare normally looks at all files on all attached drives only if you run a full Tune-Up, so it wouldn't detect the file otherwise unless you clicked directly on that file.

    In any case, this particular detection appears to be nothing more than "an Internet Explorer Browser Helper Object that will modify specific URLs to include an affiliate ID". In other words, it steals affiliate clicks to make that creator pennies that should go to someone else. Though this may not be a 'nice' thing, it's not really something that would concern me personally, since it does nothing that would affect my own security.

    There are literally millions malware and their variations that exist now and to keep your PC from being crushed by the load of checking for all of them, security software must make decisions about which detections to include. Intelligent anti-malware distributes detections only for those malware which truly have an impact on the user/computer and/or still exist in wide distribution. So it's possible that this detection might not even exist in OneCare, though the only way to be certain would be to force it to scan the drive in question to see if it is detected.

    OneCareBear


    Windows OneCare Forum Moderator
    Friday, January 30, 2009 5:28 PM
    Moderator