adware_memwatcher?

K

koreninja

New member
Hello,

I just used Trend Micro 6.6 today and the only thing it found was ADWARE_MEMWATCHER which caused concern for me since I keep my system really clean.

After doing some searches it would seem that this is simply a false positive found by TM that has to do with Spybot's Tea-Timer. Is this the actual case, because the stuff that I had read wasn't definitive enough for me to just ignore.

So.. Can anyone give me a clear 'Yes' or 'No' on if this is indeed just a false positive because of some conflict between the two.

I used the search function but didn't find anything that was clear, it was all vague.

It's leading to
C:\windows\system32\drivers\etc\hosts\127.0.0.1

NOD32 and Spybot s&d pick up nothing.. Trend Micro isn't the greatest so I'm assuming false positive? I did a test and ran TM 6.6 on my mothers pc which also has Spybot on it and Trend Micro found the same thing there. On her pc she has AVG and it found nothing also.

Thanks in advance.
KN


P.S I posted this in a other section of the forums but no one responded, I'm assuming it was due to my posting in the wrong forums. Sorry for that, thanks again.
 
hello,

the Trend Micro Housecall seems to falsely detect parts of the hosts file immunization as threats. It is very likely that other versions of Trend Micro do the same. To check this you can undo the host file immunization and see if Trend Micro still picks this up.
If possible try to get a more detailed message from your Trend Micro installation (immunize the hosts file again). You can compare the Trend Micro result with the items listed in your hosts file which can be opened with a text editor.
C:\windows\system32\drivers\etc\hosts
is the path to the hosts file, it does not have a file extension.
A line like
Code: 
127.0.0.1	007guard.com
will redirect the listed host to your local computer and thus block access to it.
 
Adware_memwatcher

Yodama said:
hello,

the Trend Micro Housecall seems to falsely detect parts of the hosts file immunization as threats. It is very likely that other versions of Trend Micro do the same. To check this you can undo the host file immunization and see if Trend Micro still picks this up.
If possible try to get a more detailed message from your Trend Micro installation (immunize the hosts file again). You can compare the Trend Micro result with the items listed in your hosts file which can be opened with a text editor.
C:\windows\system32\drivers\etc\hosts
is the path to the hosts file, it does not have a file extension.
A line like
Code: 
127.0.0.1	007guard.com
will redirect the listed host to your local computer and thus block access to it.
Click to expand...

Hi Yodama
I also ran Trend Micro 6.6 and got this detection twice. I would like to follow the instructions above but they are a little complicated for me. I need a more step by step instructions. How can I undo the host file immunization?
I went to C:\windows\system32\drivers\etc\hosts and the first two entries are 127.0.01 007guard.com and 127.0.0.1 www.077guard.com. So what does this mean in plain English? What do I do with this information? Could you please help.
Thanks, Amy
 
Last edited:
hello Amylogamy,

to undo the hostfile immunization with Spybot S&D 1.5 do the following:
  1. navigate to the immunization screen
  2. uncheck all, then check the entry 'Global (Hosts)' at the bottom of the list
  3. click 'Undo'

I went to C:\windows\system32\drivers\etc\hosts and the first two entries are 127.0.01 007guard.com and 127.0.0.1 www.077guard.com. So what does this mean in plain English? What do I do with this information? Could you please help.
Click to expand...

127.0.0.1 is an IP address, this specifies your own computer (a so called loopback). IP addresses are used between computers to communicate, lets compare it to a phone number.
With modern phones you assign a phone number to a name, the same applies to IP addresses the name is called a hostname. In this case 007guard.com and www.007guard.com are such hostnames. With these to entries in the hostsfile, the hostnames are directed to your own computer. The result is that the 2 007guard hosts are not reachable, since your computer searches for them on itself.
 
You must log in or register to reply here.
Back
Top