Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181
From: Steve Ryan (sirsteve_at_internetcds.com)
Date: 06/22/04
- Previous message: SGI Security Coordinator: "SGI Advanced Linux Environment 3 Security Update #4"
- Next in thread: Greg Kujawa: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Maybe reply: Greg Kujawa: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Maybe reply: Noone_at_Nowhere.com: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Maybe reply: Russell J. Wood: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Jun 2004 00:01:22 -0700 To: bugtraq@securityfocus.com
Hi,
Well, this is odd. I did not find any of those files you mentioned. I
didn't find a cache folder either. I updated Ad-Aware with the latest
definitions and then initiated a scan. It created a 'cache' folder
where you mentioned, although I didn't open it. I let it finish the
scan and then the 'cache' folder disappeared. I cleaned the 30 or so
'tracking cookies' it found and it created a cache folder again. I was
going to open it, but then I closed out Ad-Aware not even thinking and
the cache folder disappeared.
Then I opened Ad-aware, ran a scan.. it immediately created a 'cache'
folder but upon inspection, it's empty. I checked it multiple times
during the Ad-aware scan, and it stayed empty. This time upon
completion, before I could close Ad-aware, the 'cache' folder disappared.
Nothing unusual that I could find anyway.
Windows XP + SP1a + All critical/XP updates..
HTH.
fedhead wrote:
> Sorry about my previous post, Norton picked up the html code an filtered my
> e-mail. Here is the original post without the html flags
>
> Hello,
>
> Seems benign enough. Every night when it runs, after the first scan of the
> registry, it creates four files in the C:\Program Files\Lavasoft\Ad-Aware
> 6\cache folder which Norton AV catches as trojan scripts:
>
> exploit.chm
> installer.htm
> shellscript.js
> shellscript_loader.js
>
> In installer.htm, it appears to use one of the IE IFRAME exploits to
> download the java script files.
>
>
> The most unusual part is that it happens at the end of the registry scan in
> Ad-aware. A google search doesn't turn up any relation between this exploit
> and Ad-aware so it could be something unique to my system but at this point
> I am at a loss as to what it could be.
>
>
> Any info would be appreciated.
>
> Thanks,
> Matt
>
>
>
>
>
>
>
- Previous message: SGI Security Coordinator: "SGI Advanced Linux Environment 3 Security Update #4"
- Next in thread: Greg Kujawa: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Maybe reply: Greg Kujawa: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Maybe reply: Noone_at_Nowhere.com: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Maybe reply: Russell J. Wood: "Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
