Bugtraq mailing list archives
Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181
From: Steve Ryan <sirsteve () internetcds com>
Date: Tue, 22 Jun 2004 00:01:22 -0700
Hi,Well, this is odd. I did not find any of those files you mentioned. I didn't find a cache folder either. I updated Ad-Aware with the latest definitions and then initiated a scan. It created a 'cache' folder where you mentioned, although I didn't open it. I let it finish the scan and then the 'cache' folder disappeared. I cleaned the 30 or so 'tracking cookies' it found and it created a cache folder again. I was going to open it, but then I closed out Ad-Aware not even thinking and the cache folder disappeared.
Then I opened Ad-aware, ran a scan.. it immediately created a 'cache' folder but upon inspection, it's empty. I checked it multiple times during the Ad-aware scan, and it stayed empty. This time upon completion, before I could close Ad-aware, the 'cache' folder disappared.
Nothing unusual that I could find anyway. Windows XP + SP1a + All critical/XP updates.. HTH. fedhead wrote:
Sorry about my previous post, Norton picked up the html code an filtered my e-mail. Here is the original post without the html flags Hello,
Seems benign enough. Every night when it runs, after the first scan of the registry, it creates four files in the C:\Program Files\Lavasoft\Ad-Aware 6\cache folder which Norton AV catches as trojan scripts: exploit.chm installer.htm shellscript.js shellscript_loader.js In installer.htm, it appears to use one of the IE IFRAME exploits to download the java script files.
The most unusual part is that it happens at the end of the registry scan in Ad-aware. A google search doesn't turn up any relation between this exploit and Ad-aware so it could be something unique to my system but at this point I am at a loss as to what it could be. Any info would be appreciated. Thanks, Matt
Current thread:
- Unusual Activity in Ad-aware 6 Personal, Build 6.181 fedhead (Jun 21)
- Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181 Steve Ryan (Jun 22)
- Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181 Noone (Jun 22)
- Re: [security] Unusual Activity in Ad-aware 6 Personal, Build 6.181 Shawn McMahon (Jun 22)
- Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181 Russell J. Wood (Jun 22)
- <Possible follow-ups>
- Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181 Greg Kujawa (Jun 22)
- RE: Unusual Activity in Ad-aware 6 Personal, Build 6.181 fedhead (Jun 24)