FraudTool.Win32.SpyAway

[Guest]

[Bracca]

New problem. Except that this happened to my dear friend. I came to his house and wondered why he was tearing his hair out from his head. He points at the screen and there it is. F-secure says that it has found an program called FraudTool.Win32.SpyAway Soo umm.. What is this then? Some people on the net say that it is extremely nasty program and others say that it has nothing to do with anything. Help?

[grayhair]

   Maybe this will shed some light on what it is:


http://www.threatexpert.com/report.aspx?uid=df6e0947-ce3c-49c9-936f-45e13599e547

  What are the particulars about the system your friend has?  I.E. operating system, service patch, firewall, AV, other security software, etc.

[Bracca]

Oookkayh... So that is a serious "health" risk to the computer? ö.ö And i will post the system specs once he returns to his home. What i understood, that is an program that is somesort of an trojan, which installs somesort of an non existing virus removal tool? Anyways. Is there any way to remove it?

[Kyle]

hey guys, I did a google search on this FraudTool.Win32.SpyAway and came up with some results about the program, much like grayhair has shown you - offering a removal tool "spyware detector" Don't download it it's meant to be another nasty.

[Bracca]

Right'o. We will keep that on mind. But still. Anyone know how we could get rid of this problem? i mean, other way than installing the whole damn system again.  It is driving my friend to insanity right about now. 

[grayhair]

   It will be a lot easier to advise on removal attempts once more is known about this computer.  When you get the info reply back.  Tell your friend not to go nutso just yet, and not to make an impulse "security" purchase.  Get the info posted here, and people here will try to help.

   Cheers,

 

[Bracca]

Thank you people. It is good to know that my and other peoples computers are well secured with guys like you willing to help us all. Thank you n.n 

[STCH]

Is it possible this could be a false positive? All of a sudden today I had over 10 PC's with F-secure report:

Spyware detected:
Type: riskware
Family:
Name: FraudTool.Win32.SpyAway
Object: C:\WINDOWS\system32\MSCOMCTL.OCX

I can't find any decent information about this. I ran MSCOMCTL.OCX from an "infected" PC through McAfee with the latest DATs and it came up clean. I'm stumped as to what's going on. I vaguely recall F-Secure giving me a false positive a while back. Any ideas?

[grayhair]

Is it possible this could be a false positive? All of a sudden today I had over 10 PC's with F-secure report:

Spyware detected:
Type: riskware
Family:
Name: FraudTool.Win32.SpyAway
Object: C:\WINDOWS\system32\MSCOMCTL.OCX

I can't find any decent information about this. I ran MSCOMCTL.OCX from an "infected" PC through McAfee with the latest DATs and it came up clean. I'm stumped as to what's going on. I vaguely recall F-Secure giving me a false positive a while back. Any ideas?

   It is possible it could be an FP.  You could submit the file to virustotal.com
   

[STCH]

Submitted the file to VirusTotal.com. Found nothing. I'm assuming a false positive on this. Pity it took the patient system offline for 2 hours! 

http://www.virustotal.com/analisis/1a0ff8978ceb04a5c99326b382ee4265

[grayhair]

Submitted the file to VirusTotal.com. Found nothing. I'm assuming a false positive on this. Pity it took the patient system offline for 2 hours! 

http://www.virustotal.com/analisis/1a0ff8978ceb04a5c99326b382ee4265

   Well, it seems to be good news.  Wouldn't hurt to scan the computer with whatever security programs you have, or others--some suggestions here:

http://forums.comodo.com/anti_virusmalware_productsother_security_products/list_of_antivirusantimalware_products_other_utilities-t24176.0.html


  Good luck, and a good weekend.       
   

[Tags:]