A better way for Norton to delete Adware.Rugo?

Archive
21

I filled out the False Postive.

Hope this can get cleared up.

Thanks for the links floplot

22

Hello to all,

 

I did the same, submitted my latest Maxthon.exe file to Symantech for analysis and filed and request for "False positive" investigations. Wishing we get soon out of this trap.

23

Just another thought.  My program is the Norton Security Suite (5.1.0.79), downloaded from Comcast.  Perhaps if we all got our Norton's from Comcast, then maybe the problem has something to do with how Comcast has its edition configured???

24

Hi Flycaster,

Has I just posted on Maxthon Forum, the version of Norton you use, or provider, doesn't very much matters.

All are using the same virus-definition database, reason why I have the same problem on two machines using different anti-virus products from Symantec (Symantec Endpoint Protection on my corporate computer  Norton Internet Security on my own). On both machines, Norton associated Maxthon.exe to adware.rugo when such adware has never been part of it (confirmed by all test run on http://www.virustotal.com/index.html . Wishing that all false-positive requests for investigation will now end this frustrating situation.

25

Ran a search, but surprisingly came up with nothing.

 

Lately, my Comcast supplied Norton Security Suite has been detecting Adware.Rugo within mybrowser (Maxthon) with some regularity. I'm not sure which site is putting it on as both my wife and I use Maxthon. When detected, Norton offers a fix. But, unfortunately, the fix also deletes Maxthon.exe. So, every time this happens I have to load in a new maxthon.exe. Been happening so much that I now have just a maxthon.exe (2.5.18.1000) spare on file when needing to replace the deleted infected maxthon.exe. Interestingly, even though I have run Norton on both the Maxthon and IE9 folders, no Rugo has been detected...but yet when Norton does detect it and I OK a fix, maxton.exe gets deleted???

 

Can Norton be made to just block this adware when it sees it being loaded onto the computer.  And/or, is there a simpler way that Norton can delete the adware without deleting maxthon.exe?

26

Bear in mind, I am not a Maxthon user, but interested as I assist both here and on the Comcast Forums with the Norton Security Suite questions.  I agree that NSS is a takeoff of Norton 360 and have foudn very slight differences - most of which the casual user would not notice.  It is updated deifinition wise the same as all Norton products - thus all products would receive the same updates - I am running NSS on one system and NIS 2011 on 2 other systems and the definitions are the same.

 

Here is what I have done and found:

 

I decided to get brave, so I went to my maxthon download and selected OPEN.  I got a page that said DownloadMR would be my download manager and Downlaod MR does not host nor has any relation with the author of Maxthon.  I clicked Next to accept the Terms of Use and Privacy Policy.

 

I then got a screen asking me to use the Easy Install(default) which would Install Dealply and StartNow Toolbar in the default folder, includes StartNow Toolbar, Sets StartNow as search provider and also Homepage in your browser. 

 

There is also another "Advanced Installation (custom) available which when selecting places check marks in the choices to Install Dealply and StartNow Toolbar, Set StartNow as default search provider, and set startNow as default page in browser. 

 

So no matter which option you choice - you get the same installs.

 

Like a dummy (OK - brave soul) I left the selection on Default.  I ended up on another page and SUPER AntiSpyware immediately informed me of an attempoted Homepage HIJACK - as I had suspected.  I blocked the change. 

 

 At this point I chickened out and decided not to make a selection on the "pagerage" ad.  Sorry maybe one of you will go beyond this point.

 

Anyway, I backed out and cancelled the install.

 

So I guess the question I have is if any of you have seen this DownloadMR with your downloads or if I am the only one experiencing it.

 

FWIW - here is what is said about StartNow Toolbar:  http://www.systemlookup.com/CLSID/72681-Toolbar32_dll.html

 

Now, I am starting to wonder about an add-on (during the running of the install manager)  causing the detection - and as I did - traced it back to the maxthon download, because that's where the download manager (which really added it) came from originally.

 

I hope someone understands and that makes sense.

 

 

27

Yank, was this M2 or M3 that you were dl'g?  My problems are with M2.5.18.1000.  When I installed it, a while ago, I didn't use any download mgr, and never had a problem with it/Norton until around 7/21 or 22.  Don't believe that I ever saw the programs you referred to while dl'g/installing M2.

 

BTW, if you are correct about Comcast NSS and N360 being essentially the same, don't you think that this thread would get better attention if it was moved into the N360 forum?  I mean, is NSS really an "Other Norton Products?"

28

It was version 1.6.204.0 - I must have gotten ahold of an older download....so I guess none of what I said applies.  Sorry

 

I had the discussion with Norton Admin a few years ago in regards to NSS being on the Norton 360 Board and they were adamant that it was not the same product and thus had to be relegated to the Other Norton Products board.  I have seen over the last year or so that NSS does in fact receive attention on this board.  One of the main reasons is because NSS received upgrades on a different cycle than Norotn 360.  I am talking about version upgrades, not deifinitions - they are all the same and released at the same time.  As an example, version 5.0 of 360 was released in May and e never got NSS version 5 until June.

 

 

 

 

29

I just downloaded, installed and then removed both version 3.1.3.2000 and also version 2.5.18.1000 and did not encounter anything like I had before.  Both downloaded, installed and uninstalled nicely.

30

So, Yank, it seems more and more that Norton is the cause of our problems.  Wonder why Norton hasn't fixed it yet.  Must be that they don't like the Chinese as the Chinese are responsible for Maxthon???  Or maybe, they don't like the idea that their software causes false-positives.

31

I have Maxthon3  version 3.1.3.2000 and also Maxthon2 version 2.5.18.1000 installed on my computer. For the past couple of weeks I have made Maxthon3 the default so I could get accustomed to it.

Been using Maxthon for years and Maxthon2 has been installed since the first version. I have Norton 360 ver5 installed and have been using 360 for years.
I had both versions open this week when Maxthon2 was removed 3 times during an Idle scan.  I had only updated to the latest Maxthon2 version a few days previously so I thought it may have been something to do with the newer version. So instead of replacing it I went back to my previous version which was approx 6 months older. The same thing happened twice more so that lead me to believe it wasn't Maxthon but a Norton issue as Norton has been aware of Adware.Rugo for years and it hadn't been picked up before on earlier versions or with the Maxthon2 version I'd been using for approx 6 months. Plus the fact there were no issues when I was actually using the program, the removal only happened during an Idle Scan, when the program was minimised to the taskbar with no tabs being used.

 
32

Patara,

 

Exactly the same behavior on my computers. Since July 21st, Norton idle-scan reports adware.rugo and offer a fix that simply removes Maxthon.exe and related keys from the registries.

 

From my log report, I confirmed that; problem started July 21st.

Prior that date, I never had any single report from Norton.

 

I reported a false positive ticket and received, today, a request for additional information, letting me understand that Symantec team is working on the case.

 

Wishing they soon find what is the reason behind this and a fix.

33

Ditto here.  SAme Norton/Rugo/Maxthon experience for me, too.  Long time user of Mx and N360, but Rugo problem only started appearing 7/21.  Also, when Rugo "detected" within Mx, checking for signs of Rugo anywhere within my computer, failed to show its existance.  Good to see that N maybe finally admitting that it is their gdefinition problem.

34

I also received a request for more information as they said they couldn't replicate the problem.

It started happening to me on the 23rd as I hadn't used Maxthon2 for a couple of days.

On checking my scans it always happened on an Idle scan.

On going through my settings I was surprised and concerned that when I excluded Maxthon from being scanned I found Adware.Rugo was in the list of threats not to be scanned.

 

I decided to replicate the result so I could send in the info.

I removed Maxthon and Adware.Rugo from the exclude list. I opened Maxthon 2 and then left the computer. When I came back the warning box was there. And the same process as before. Adware.Rugo was found. Had no choice but to fix it.

I exported the Results of before Fix and after Resolved and attached to my email to Norton Security along with some screen captures. Adding I had been using it for years and there never has been an issue before.

Hoping it gets sorted. 

I'm happy to trust the browser but not happy that if I exclude Maxthon I'm also excluding the threat.

35

The same happens to all of us and the fact Norton associates adware.rugo to Maxthon.exe might be the result of an extrapolation of virus definition that associates Maxthon.exe to adware.rugo more that Maxthon.exe contains adware.rugo.

 

I sent Maxthon.exe to Norton for scan and verification and they confirmed the application was clean.

 

I hope with all information we provided to Symantec they will be able to identify why idle scan comes out with such warning.

36

Don't know what this may mean, but I updating Spywareblaster's definitions and for the very first time I noted that there were about 25 to 30 items (cookies and ActiveX) that were unprotected within IE explorer and Restricted site???  Of course, I enabled protection for all.  Would Adware.Rugo do this?

37

Take a look at their post here:

http://forum.maxthon.com/viewthread.php?tid=80628&extra=page%3D1

 

Kudos to Symantec for a rather fast reaction to this problem.  And, of course, to all of those who got them to recognize the problem.

38

I am not registered on the maxthon forum, so can not post, but according to this: http://www.symantec.com/business/security_response/definitions/certified/index.jsp

 

Adware.rugo detection has been modified in the July 26th definition update.

 

39

Before removing maxthon.exe and adware.Rugo from Exclusions, I dl'd the latest definitions.  The Norton Adware.Rugo alert came back???

40

Not sure if it is fixed for me. I read the posts here and in Maxthon forum  earlier so  placed a copy of the exe on my Desktop, removed Maxthon.exe from protection, ran live updates and rebooted the system. I was surprised to see my Maxthon icon had turned to the 'can't find icon' and when I clicked on it, message was, Program can't be found.  Maybe it moved instead of copied, not sure.  I replaced it again in my AppData folder.  I keep a shortcut to AppData on my desktop to give me easy access to it.

I then started the program, left it minimised and stopped using computer for an hour so Idle scans would run and when I came back there were no Norton Alerts.

Thought I better check if any scans had run but see the last Idle Scan was this morning. Before, every time I had Maxthon open and left the computer and came back the Idle Scan had ran and showed the alert.

So now uncertain if it is fixed, or it's because no scan was initiated this time.