[35469] in bugtraq
Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181
daemon@ATHENA.MIT.EDU (Russell J. Wood)
Thu Jun 24 12:59:50 2004
Date: Tue, 22 Jun 2004 11:49:46 +0800
From: "Russell J. Wood" <rjw@open-cpp.net>
To: bugtraq@securityfocus.com
Message-ID: <20040622034946.GA16308@main.open-cpp.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline
In-Reply-To: <LIEKJLEBDKKNBDDGIJAAAEBECFAA.fedhead@rogers.com>
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello,
I just scanned my dad's PC with Ad-aware 6 Personal and monitored that directory
whilst doing so. No files turned up at all, and the directory was removed after
the scan was complete.
Maybe these files are placed there before being moved to quarantine?
- Russell
On Sun, Jun 20, 2004 at 10:36:16AM -0400, fedhead wrote:
>Seems benign enough. Every night when it runs, after the first scan of the
>registry, it creates four files in the C:\Program Files\Lavasoft\Ad-Aware
>6\cache folder which Norton AV catches as trojan scripts:
>
>exploit.chm
>installer.htm
>shellscript.js
>shellscript_loader.js
--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFA16xa5WL5lrZ5g2cRAjwcAJ9NT5KuwAVAkbpUFe2A99BTiKPJ9wCeOp7O
lYfYG9n4pEV3oyglNobi2tY=
=uAKB
-----END PGP SIGNATURE-----
--gBBFr7Ir9EOA20Yy--
