Do not use Baidu AV

[Deleted member 21043]

Hey @marg.

While I do agree with what @Cowpipe has said, this may be a False Positive like @Malware suggested above. I will try to explain best I can at why it may have detected it injecting etc, and doing things similar to Malware activity (hooking etc,.. injections,...) because you are not a developer, especially in Security software or in a Avast team and may not understand if I go into coding and explain it (so I'll stay text based this time ).

Spoiler: My Reply

Anti-virus/Anti-Malware products will use techniques such as code/injection, API hooking and other things like TerminateProcess(), pskill() etc to actually stop malware/viruses. Yes, those techniques may be used by malware/viruses themself, but to stop them you must also know how they are built, how they work, and be able to do the same things to stop them.

The injections to e.g. the browser could actually be done to prevent adware from doing browser redirections (extension/software based controlling), or to protect the users homepage from being tampered with. On the other hand, very bad Antivirus and is done incorrectly, it can cause the browser to crash (as in close or freeze) or leave things damaged. Then, with saying that, if it is also a bad antivirus and has very unethical ways of working, it could use that to a advantage to carry out malicious behaviour, not to stop threats but to be one. Like @Cowpipe suggested, about PUP software etc. It could use it's advantages to TAMPER the browser homepage or do URL redirection.

Another example of code injection could be to stop a process from using TerminateProcess() which is used to stop all threads etc and I/O etc and close a process (remove it from memory). Malware can use that as a advantage point to attack Anti-virus software, and with that close services etc, or the system files in general.

^ With that, they could do API hooking to detect this. The functions to allow this can be found in kernel32.dll and some others. I won't go further with accessing the functions and entry points to do this all.

 

[Kent]

ADWcleaner found Baidu AV injections on my PC Don't Use Baidu...!

Yes............... But Virustotal uses Baidu

 

[alexp79]

Hello
It's a false positive; mcafee site advisor have the same FP on latest beta baidu antivirus product
I use now the lastest baidu 5 (beta), it's great and really light on my system: i kinda like it very much; the first product except microsoft which don't eat my ressources on window 8.1
All products spy, US one also

 

[BERROHO]

baidu is a malware source in all his product

 

[Deleted member 21043]

@Everyone @marg @alexp79 @Kent @anyone else on this thread lol.

Everyone is saying this is a False Positive, and yes, while I do agree with that opinion* (yes opinion), technically, it isn't a False Positive and the tool is doing what it is meant to do. It found a injection, and if that injection IS valid and not fake (which I highly doubt... ), it's not a false positive because it's a real injection and the purpose of whatever the OP was using (I'm not scrolling up, I'm writing here ) did it's job to find the injections.

Yes, the app is a Anti-Malware and there is more above from @Cowpipe about their unethical ways with adware/PUPs, however the injections are real (so I hope) therefore it is not a false positive. It's only a fp in the sense that it is a "Anti-Malware" product. That isn't correct, because it set a injection (for whatever purpose, I mentioned some suggestions and spoke about that above), and it was caught.

It's like saying Emsisoft detecting Baidu is a false positive. YES, that would be a false positive because it is a AV, not a threat, however the behaviour analysis would have detected it due to it's ways of working, permissions, hooking/injecting (well I assume injecting because of the web shield, as far as I know many AVs/Anti-malware products inject the browser (looking at you Panda, yes, I know all about it @Cowpipe PM me ASAP, I have something to show you about Panda, you'll be over the moon what I found hidden )), and access to read-only files (I guess this could count)... Even reading/writing to registry to prevent new changes/edits... So technically, Emsisoft would have done it's job at detecting that file for the right reasons.

^ That was a example I made. I'm not saying Avast is detected by Emsisoft but technically it could be for the right reasons. Same for Avast detecting Emsisoft, or with any other AV/AM with a GOOD behaviour blocker/HIPS.

So yes, you can count it as a FP but it's a FP which can stay there because the tool IS doing it's job.

 

[marg]

False Positive my XXXXXX.! The video's on the right hand side of this Forum are now gone..! The thing is I uninstalled Baidu quite a while back. 360 TS is very good but, not good at catching this crudola.!

 

[Deleted member 21043]

False Positive my XXXXXX.! The video's on the right hand side of this Forum are now gone..! The thing is I uninstalled Baidu quite a while back. 360 TS is very good but, not good at catching this crudola.!

I missed the video. Would you mind sending me a PM containing it for me to look at, as if you uninstalled it awhile back I might actually be able to diagnose why it is still there.

Spoiler: For Cowpipe and Marg

I don't know if it will work this time but I'll spend some time looking over some... Classified *coding documents* on my Secret Agency disk (Only joking @Cowpipe) and see if I can find a suitable reason to see why this is the case... But I can't promise because the new version is different to previous versions (@Cowpipe ).

I know everyone who isn't Cowpipe and Marg will open this...

Another reason could be because you installed a beta and beta's have bugs. This could be one of them, which may have been fixed now.

Thanks

 

[Cowpipe]

@marg ~ Just out of interest.. This wouldn't have anything to do with the seeming abundance of GIF movies that got trolled in the shoutbox (on the right hand side of the forum) earlier would it? Note that the shoutbox does clear every so often hence they would have disappeared? Just a thought though

Roger that Agent Kram

 

[marg]

They were random video's on the right side of this forums page. I did not record them. Adwcleaner listed them as Baidu adware. I uninstalled it using Adwcleaner. They are gone now.!

 

[Cowpipe]

This kind of thing? @marg

 

[marg]

I missed the video. Would you mind sending me a PM containing it for me to look at, as if you uninstalled it awhile back I might actually be able to diagnose why it is still there.

Spoiler: For Cowpipe and Marg

I don't know if it will work this time but I'll spend some time looking over some... Classified *coding documents* on my Secret Agency disk (Only joking @Cowpipe) and see if I can find a suitable reason to see why this is the case... But I can't promise because the new version is different to previous versions (@Cowpipe ).

I know everyone who isn't Cowpipe and Marg will open this...

Another reason could be because you installed a beta and beta's have bugs. This could be one of them, which may have been fixed now.

Thanks

Yes Cowpipe thats exactly where they were in the shoutbox..!!

 

[Cowpipe]

Yes Cowpipe thats exactly where they were in the shoutbox..!!

I believe the detections may have come from the fact that these images were hosted on a site that has some kind of advertising relationship to Baidu. I'll look into it further for you so we can get to the bottom of this

 

[Cowpipe]

Having looked into it, I believe the problem may come from the fact that some of the 'video images' posted were hosted at something called Amazon CloudFront. This service has been known to cause false positive detections in groups such as "potentially unwanted program" and "adware". I think that the Baidu infection you suffered was separate, possibly the Baidu toolbar or remnants of it which Adwcleaner picked up on and cleaned away. Just a theory though, but my advice is not to panic, especially as you're reporting everything seems fine now, which is a great sign @marg

 

[marg]

Yes Cowpipe everything is fine now. I am not getting any more videos in the shout box.

 

[jackuars]

The product is certified 100% clean by Softpedia ?

Make sure you downloaded the product from a clean source.

for qihoo:
" Device information. We may collect device-specific information, including your operating system version, system language, and IMEI number.

• Log information. When you use our Services and Software, we may automatically collect and store certain information on our servers related to your use of our website or Services and Software to help us improve the quality of our products and service. This may include:
• The manner in which you use our website or Services and Software, including how frequently you install, use or uninstall our Software and its features.
• IP address.

• Information collected relating to installed programs scanned by Software features. The information uploaded onto our 360 cloud security center ("360 Cloud Security Center") servers for virus scanning include: file paths and MD5 checksums of the executable files, installed software names, package names, software signature certificates, and software URLs in conjunction with our filtering feature, which we apply to suspicious URLs when you use 360 Internet Protection (this information is processed with encryption).
• URL information. URLs of websites that you visit will be uploaded to 360 Cloud Security Center servers for phishing and online fraud analysis. Any Personal User Information will be removed from the URLs before they are uploaded. The information is processed with encryption before the upload.

All antiviruses have a privacy policy. Here's the very long list of Avast's privacy policy.

• Unique Serial numbers. When you use certain services, they might have a unique 360 serial number. This serial number and certain information about your installation (for example, the type of operating system on your device) may be sent to Qihoo 360 when you install or uninstall Software or when Software periodically contacts our servers, such as in a check for automatic updates.
• Local storage. We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches. Such information includes: user settings, file whitelist and blacklist used to accelerate file scanning.

Soooo goooood ...

Source : http://www.360safe.com/privacy.html

Every antivirus has it's own privacy policy. Here's the very long list of Avast's privacy policy.

Like MikeV mentioned, every software makes use of users private/non-private data in some way or the other.

@Everyone @marg @alexp79 @Kent @anyone else on this thread lol.

Everyone is saying this is a False Positive, and yes, while I do agree with that opinion* (yes opinion), technically, it isn't a False Positive and the tool is doing what it is meant to do. It found a injection, and if that injection IS valid and not fake (which I highly doubt... ), it's not a false positive because it's a real injection and the purpose of whatever the OP was using (I'm not scrolling up, I'm writing here ) did it's job to find the injections.

Yes, the app is a Anti-Malware and there is more above from @Cowpipe about their unethical ways with adware/PUPs, however the injections are real (so I hope) therefore it is not a false positive. It's only a fp in the sense that it is a "Anti-Malware" product. That isn't correct, because it set a injection (for whatever purpose, I mentioned some suggestions and spoke about that above), and it was caught.

It's like saying Emsisoft detecting Baidu is a false positive. YES, that would be a false positive because it is a AV, not a threat, however the behaviour analysis would have detected it due to it's ways of working, permissions, hooking/injecting (well I assume injecting because of the web shield, as far as I know many AVs/Anti-malware products inject the browser (looking at you Panda, yes, I know all about it @Cowpipe PM me ASAP, I have something to show you about Panda, you'll be over the moon what I found hidden )), and access to read-only files (I guess this could count)... Even reading/writing to registry to prevent new changes/edits... So technically, Emsisoft would have done it's job at detecting that file for the right reasons.

^ That was a example I made. I'm not saying Avast is detected by Emsisoft but technically it could be for the right reasons. Same for Avast detecting Emsisoft, or with any other AV/AM with a GOOD behaviour blocker/HIPS.

So yes, you can count it as a FP but it's a FP which can stay there because the tool IS doing it's job.

Said it definitely right. When you scan an antivirus with another one, you're probably going to see some "False Positives". I did't want to make a long post about it. Thank god you did it.

Mod notice: Please don't triple post. Posts merged.

 

[Rahadian Putra]

Actually, many Av's program flagged adwcleaner as malicious file, as we already know adwclaner is clean, but why most of Av's flagged as dangerous? from my personal opinion probably it was due the very fact that adwcleaner look deep into our system in order to detect and cleaning persistent adware, some of them (or probably most) are very bad, persistent and hard to clean, this kind of behaviour detected as suspicios by whatever Av you use, I often face this usually when adwcleaner release a new version, I often use this tool to help cleaning my friends Pc/laptop, also this tool is considered dangerous and can make your system unstable if user didn't use it properly and didn't know what to do, I think it is why many Av's detected as suspicious.

And regarding Baidu Av, I'm not using it either nor trust it, but that doesn't mean most of Chinese's software are bad, doesn't mean all of related to Chinese are bad, some of Chinese's softwares are good and I'm even using it some of them, every Av collecting user's data, no matter what they came from, if we don't trust it then the best way to do that is just don't use it at the first place. from my humble opinion, is just about who is bite you the very least, or..who is gonna bite you to the place you don't mind

 

[BERROHO]

mmmm baidu is a virus not antivirus ; tray to uninstall and you will see your system .....

 

[Ulikedat]

You always say Badiu instead of Baidu!

This just made my day, thanks M1!

 

[Deleted]

ADWcleaner found Baidu AV injections on my PC Don't Use Baidu...!

Never trusted them from the start...

 

[Cowpipe]

I had requested Baidu comment on this thread after I posted my analysis above. No response. I think that sums it up. If they are refusing to defend their product, their company against these claims. They do not have my recommendation, nor my support.