Hi,

Well, this is odd. I did not find any of those files you mentioned. I
didn't find a cache folder either. I updated Ad-Aware with the latest
definitions and then initiated a scan. It created a 'cache' folder
where you mentioned, although I didn't open it. I let it finish the
scan and then the 'cache' folder disappeared. I cleaned the 30 or so
'tracking cookies' it found and it created a cache folder again. I was
going to open it, but then I closed out Ad-Aware not even thinking and
the cache folder disappeared.

Then I opened Ad-aware, ran a scan.. it immediately created a 'cache'
folder but upon inspection, it's empty. I checked it multiple times
during the Ad-aware scan, and it stayed empty. This time upon
completion, before I could close Ad-aware, the 'cache' folder disappared.

Nothing unusual that I could find anyway.

Windows XP + SP1a + All critical/XP updates..

HTH.

fedhead wrote:

> Sorry about my previous post, Norton picked up the html code an filtered my
> e-mail. Here is the original post without the html flags
>
> Hello,

>
> Seems benign enough. Every night when it runs, after the first scan of the
> registry, it creates four files in the C:\Program Files\Lavasoft\Ad-Aware
> 6\cache folder which Norton AV catches as trojan scripts:
>
> exploit.chm
> installer.htm
> shellscript.js
> shellscript_loader.js
>
> In installer.htm, it appears to use one of the IE IFRAME exploits to
> download the java script files.
>

>
> The most unusual part is that it happens at the end of the registry scan in
> Ad-aware. A google search doesn't turn up any relation between this exploit
> and Ad-aware so it could be something unique to my system but at this point
> I am at a loss as to what it could be.
>
>
> Any info would be appreciated.
>
> Thanks,
> Matt
>
>
>
>
>
>
>

[ reply ]