Results 1 to 6 of 6

Thread: Adaware complains about ip6fw

  1. 04-23-2007, 12:00 PM #1
    David Arnstein Guest

    Adaware complains about ip6fw

    I updated Adaware and ran it today. It complains about some registry
    entries that define a service named ip6fw. The description of this
    service (in my Windows registry) is "Provides intrusion prevention
    services for a home or small office network."

    Adaware classifies these registry entries as an installation of
    Win32.TrojanDropper.

    One additional oddity. I easily found the registry definition of this
    service in HKLM\SYSTEM\CurrentControlSet\Services\ip6fw. However, when
    I run Windows MMC panel My Computer\Manage\Services, I cannot find
    this service!

    I hesitate to blow away this service from the registry. Perhaps
    Adaware is making a mistake.
    --
    David Arnstein (00)
    arnstein+usenet@pobox.com {{ }}
    ^^
    Reply With Quote Reply With Quote
  2. 04-23-2007, 01:16 PM #2
    Default User Guest

    Re: Adaware complains about ip6fw

    On Mon, 23 Apr 2007 17:00:36 +0000 (UTC), arnstein@panix.com (David
    Arnstein) wrote:

    >I updated Adaware and ran it today. It complains about some registry
    >entries that define a service named ip6fw. The description of this
    >service (in my Windows registry) is "Provides intrusion prevention
    >services for a home or small office network."
    >
    >Adaware classifies these registry entries as an installation of
    >Win32.TrojanDropper.
    >
    >One additional oddity. I easily found the registry definition of this
    >service in HKLM\SYSTEM\CurrentControlSet\Services\ip6fw. However, when
    >I run Windows MMC panel My Computer\Manage\Services, I cannot find
    >this service!
    >
    >I hesitate to blow away this service from the registry. Perhaps
    >Adaware is making a mistake.

    This sounds like a false positive, or possibly a detection of a potential
    hijack. The ip6fw service is the Windows firewall service for IPV6
    communication and would only be used in the case where you used IPV6
    communication (very few people use IPV6, the normal standard for most
    people is IPV4.) The normal image path for ip6fw should be
    "system32\drivers\ip6fw.sys", if you have something different in your
    registry, then that may be the cause of the Adaware alert. At any rate it
    is not recommended that you delete the key from your registry, but you may
    need to modify it to correct a hijack attempt.
    Reply With Quote Reply With Quote
  3. 04-23-2007, 06:01 PM #3
    siljaline Guest

    Re: Adaware complains about ip6fw

    Update, again, David, as this was a false-positive detection.
    See http://www.lavasoftsupport.com/index.php?showtopic=8673

    Silj

    --
    siljaline

    "Arguing with anonymous strangers on the Internet is a sucker's game
    because they almost always turn out to be -- or to be indistinguishable from
    -- self-righteous sixteen-year-olds possessing infinite amounts of free time."
    - Neil Stephenson, _Cryptonomicon_


    Reply With Quote Reply With Quote
  4. 04-23-2007, 07:18 PM #4
    David H. Lipman Guest

    Re: Adaware complains about ip6fw

    From: "David Arnstein" <arnstein@panix.com>

    | I updated Adaware and ran it today. It complains about some registry
    | entries that define a service named ip6fw. The description of this
    | service (in my Windows registry) is "Provides intrusion prevention
    | services for a home or small office network."

    | Adaware classifies these registry entries as an installation of
    | Win32.TrojanDropper.

    | One additional oddity. I easily found the registry definition of this
    | service in HKLM\SYSTEM\CurrentControlSet\Services\ip6fw. However, when
    | I run Windows MMC panel My Computer\Manage\Services, I cannot find
    | this service!

    | I hesitate to blow away this service from the registry. Perhaps
    | Adaware is making a mistake.
    | --
    | David Arnstein (00)
    | arnstein+usenet@pobox.com {{ }}
    | ^^


    It is a hidden RootKit service and should be removed ASAP !

    You can use GMer or maybe CatchIt by Gmer or someother anti rootkit utility.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm


    Reply With Quote Reply With Quote
  5. 04-24-2007, 11:50 AM #5
    David Arnstein Guest

    Re: Adaware complains about ip6fw

    In article <v1cXh.8300$Fs6.2209@trnddc03>,
    David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:
    >It is a hidden RootKit service and should be removed ASAP !

    No, it is not a hidden root kit. It is a false positive returned by
    AdAware. AdAware posted an update yesterday. After that, it no longer
    complained about this service.

    >You can use GMer or maybe CatchIt by Gmer or someother anti rootkit utility.

    Thanks for that recommendation. I will carefully avoid GMer software in
    the future.
    --
    David Arnstein (00)
    arnstein+usenet@pobox.com {{ }}
    ^^
    Reply With Quote Reply With Quote
  6. 04-24-2007, 01:12 PM #6
    Default User Guest

    Re: Adaware complains about ip6fw

    On Tue, 24 Apr 2007 16:50:30 +0000 (UTC), arnstein@panix.com (David
    Arnstein) wrote:

    >>You can use GMer or maybe CatchIt by Gmer or someother anti rootkit utility.
    >
    >Thanks for that recommendation. I will carefully avoid GMer software in
    >the future.

    Dave may have been wrong about the rootkit, but his recommendations for
    Gmer and CatchME (not catchIT) are correct. Probably the best rootkit
    revealers out there.

    http://www.gmer.net/index.php
    http://www.gmer.net/catchme.php
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules