<<< Date Index >>>     <<< Thread Index >>>

Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181



Hi,

Well, this is odd. I did not find any of those files you mentioned. I didn't find a cache folder either. I updated Ad-Aware with the latest definitions and then initiated a scan. It created a 'cache' folder where you mentioned, although I didn't open it. I let it finish the scan and then the 'cache' folder disappeared. I cleaned the 30 or so 'tracking cookies' it found and it created a cache folder again. I was going to open it, but then I closed out Ad-Aware not even thinking and the cache folder disappeared.

Then I opened Ad-aware, ran a scan.. it immediately created a 'cache' folder but upon inspection, it's empty. I checked it multiple times during the Ad-aware scan, and it stayed empty. This time upon completion, before I could close Ad-aware, the 'cache' folder disappared.

Nothing unusual that I could find anyway.

Windows XP + SP1a + All critical/XP updates..

HTH.

fedhead wrote:

Sorry about my previous post, Norton picked up the html code an filtered my
e-mail. Here is the original post without the html flags

Hello,


Seems benign enough. Every night when it runs, after the first scan of the
registry, it creates four files in the C:\Program Files\Lavasoft\Ad-Aware
6\cache folder which Norton AV catches as trojan scripts:

exploit.chm
installer.htm
shellscript.js
shellscript_loader.js

In installer.htm, it appears to use one of the IE IFRAME exploits to
download the java script files.



The most unusual part is that it happens at the end of the registry scan in
Ad-aware. A google search doesn't turn up any relation between this exploit
and Ad-aware so it could be something unique to my system but at this point
I am at a loss as to what it could be.


Any info would be appreciated.

Thanks,
Matt