i did scan with hitman pro and it found the admnfd.sys as a trojan… what is this?
Look on herdProtect -----> Malware scan of admnfd.sys (Windows (R) Win 7 DDK driver) 94b7d53ba447fc440920ddf13e215286760f4669 - herdProtect
And on Virustotal -----> VirusTotal
Are you sure it was detected as a Trojan and not possibly unwanted program? It seems to be part of privdog, it’s probably the driver that enables https support.
Because of the way that PrivDog enables HTTPS filtering I would agree with the PUP/riskware rating, but not Trojan.
Yes detected as a trojan i am sure…
The Bitdefender engine detected it…
Look on Virustotal VirusTotal
Is safe to use?
Ah, well I wouldn’t say it’s a trojan, unless they know something I don’t.
It may be safe to use or it may not be safe to use, however due to the way PrivDog supports HTTPS filtering (messing with the certificates) I would personally say it’s not worth it, there are other applications that does filtering as extensions in a less intrusive way.
Detection ratio: 22 / 57
If anything it’s suspicious and should make you question Privdog.
Yep, something’s fishy here. I wouldn’t just discard this as a FP.
I believe that Comodo has no ill intentions and that when examining the activity of PD no rogue behaviour will be found.
To me that shows that detections like Trojan Generic are a bit too generic for their own good. Assessment that it is riskware, potentially unwanted or adware are closer to the truth.
Can i use it without any risk for me?
I’d argue you can’t use any program at all without risk, although in the case of PrivDog the risk may be bigger.
Hi Sanya,
I guess the question could be a bigger risk than what?
I am certain there are more dangerous programs than PD out there.
Kind regards.
Iunno, figured bigger in general in contrast to software rated as safr, simply because it messes with the certificates, if a program can exploit PrivDog then it could potentially read HTTPS sites in clear text without replacing the certs itself and then we suddenly have two points of failure, the browser and PrivDog.
Now I can’t prove that and don’t actually know that if that can happen but I’d rather not find out by experience.
Off-topic I’d argue it’s worth it to uninstall PrivDog if only to see the original certificates in the browser, but that’s a subjective thing I guess.
The same would be true for av scanners which also has adapted this technique.
Off-topic I'd argue it's worth it to uninstall PrivDog if only to see the original certificates in the browser, but that's a subjective thing I guess.I haven't seen people advice to uninstall av programs because of this technique.
When having CIS installed, which may be true for a lot of PD users, it is hard to take over any program by malware.
I wouldn’t use any av scanner that uses this technique either, again that’s just my opinion.
I can only hope they don’t add this technique to CIS or if they do they give us a clear way to disable it.
The detection ratio dropped from 22 to 14…
Privdog is not a malware but an ad blocker which may also show selected ads. It is not a trojan or otherwise malicious.
Most of the detections are now for Adware, Grayware GrayWare[NetTool:not-a-virus], potentially unwanted program (yontoo.c), heurtistic detection, Artemis, that could be a false positive. Making it something people may not appreciate but not malware.
Knowing Privdog is not a malware I am confident to say that the two detections that classify it under generic trojan signatures are false positives. Let’s wait for people to report that to the av makers.