Ran a search, but surprisingly came up with nothing.
Lately, my Comcast supplied Norton Security Suite has been detecting Adware.Rugo within mybrowser (Maxthon) with some regularity. I'm not sure which site is putting it on as both my wife and I use Maxthon. When detected, Norton offers a fix. But, unfortunately, the fix also deletes Maxthon.exe. So, every time this happens I have to load in a new maxthon.exe. Been happening so much that I now have just a maxthon.exe (2.5.18.1000) spare on file when needing to replace the deleted infected maxthon.exe. Interestingly, even though I have run Norton on both the Maxthon and IE9 folders, no Rugo has been detected...but yet when Norton does detect it and I OK a fix, maxton.exe gets deleted???
Can Norton be made to just block this adware when it sees it being loaded onto the computer. And/or, is there a simpler way that Norton can delete the adware without deleting maxthon.exe?
Been mucking around with this problem and here's what I came up with.
To my surprise, Windows Defender does have many Rugo blocks, but it was disabled on one of my computers...and I don't ever recall disabling it. Anyway, I enabled, dl'd the latest definitions (as I had also done with SpywareBlaster), and ran a full scan. Nothing found. Also, again checked resgistry for signs of Rugo, nothing. Welllet's hope that I've got this thing under control...for now.
Just spoke with Norton/Comcast about how to handle the problem. Here’s what they had me do: open NIS>settings>antivirus>scans & risks>exclusion/low risk> items to exclude from scans…add maxthon.exe and backout items to exclude from auto-protect and SONAR detection…add maxthon.exe (be sure to uncheck subfolders and to click apply)>backout. As I couldn’t fully understand the Norton rep, I do have some concerns that what he told me to do will now stop Norton from recognizing maxthon.exe…as maxthon.exe is being excluded from the scan??? But the Norton reps tells me that adware.rugo will be recognized, but the fix won’t entail deleting maxthon.exe??? Can anyone sort this for me?
I went thru the settings you mentioned (on my NSS) and they sound OK and should work like the Norton/Comcast tech said. I am not sure it will still detect the adware.rugo, but from what I read about W32adware.rugo, it is not actually a part of maxthon but drops it's own registry entries and other files, which means it should be detected.
Windows Defender has been the subject of discussioln for a few years as to the validity of Norton turning it off when Norton is installed. Norton's position is to leave it off (Norton does not want any other programs running in real-time that could cause conflicts with it) - however there are some folks that can run it without any conflicts. So I guess it is to each their own, just be aware that if you start getting weird results from either WD or Norton the casue could be WD enabled.
All that's left is for you to add the exclusion, run a scan and see what happens.
Please kep us posted as it may help someone else in the future if we know it worked.
Maxthon team claims that Maxthon 2 is safe and that Norton is reacting to a false-positive but so far it is impossible to get a clear answer from Norton.
Using the method you suggested (exclude Maxthon 2 from the scan) may work but not for users that are not administrator security account and not having the possibility to access such setting. In my case it is very frustrating to be in between two chairs while Maxthon 2 has perfectly worked for me for many years and never caused any problem.
In addition to that, I re-installed Maxthon 2, scanned my disk with two trustful anti-malware and none found any trace of Mister Rugo but Norton still consider Maxthon 2 to contain adware.rugo.
Any chance for the Norton team to investigate this case?
I also updated Windows Defender and ran it. Nothing was found.
After Maxthon was stopped 3 times in a row and removed I decided to exclude it for the present.
I see flycaster was also told to do that.
I received no warnings after I excluded.
Norton's doesn't make it very clear. Like flycaster I was wondering if by excluding Maxthon then I would also be excluding Adware.Rugo as well. I haven't had the browser open today but I will see what happens.
Still not getting any mention of Maxthon 3 which has been open all the time.
What I still don't understand is while I was using the browser there was no notification from Norton. By using I mean it was open on my computer and was either maximised or minimsed. But as soon as I walked away, with the browser minimised to the taskbar and my computer went to idle and screen turned off, Norton then must remove the file because each time I came back and woke the screen, up popped the message to say it had been removed.
I have now several times, after Norton deleted Mx2 and I re-installed, checked my system with various Malware-detection software and never found anything.
Whatsoever, Norton still claim "adware.rugo" found in Mx2 and taking action to block-it by deleting Mx2.
Wishing somebody from the Norton team addresses this issue ASAP to avoid such situation.
Although I am not eveb close to having any real computer expertise (I'm just a browser and email client tweaker who follows the advise of others), I, for one, never thought that Maxthon ever came with malware. When Rugo started showing up, my thought was that Maxthon was, in some manner, its recipient. Why would Rugo start showing up all of a sudden on our computers that have been running Maxthon (and all kind of antivirus programs) for many years? But, then again, how come this rash of maxthon-related Rugo reports within the last week or two? Has Norton updated NIS with new definitions that are causing this problem? Seems that way...
"Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour."
Guess that was overlooked? The fact that a malware misused the exe name to get past user detection, does of course not mean that the original is then a malware too.
If we're going to use that logic than anti-virus/malware software et al could equally well be called malware ...since there's a gadzilion out there trying to mimic virus scanners or malware protection programs just to get some poor sap infected.
Here is something that is interesting to me. I downloaded Maxthon.exe and this is the popup I got from Norton after it downloaded. Once the admin/mod approve the screenshot it will appear.
I'd say that it soley has to do with Norton's coding. I think we all got it at about the same time...maybe the same time Norton fed us definitions update, eh?
