Hi,
I don't know if I am really infected by a virus(es) or not, but each time I run Ad-Aware 1.06 r1 (with the latest updates), McAfee's "On access scan" finds trojans in the AAWTMP folder and deletes them. A re-scan gives the same result each time. I am running XP Home, with Service pack 2. I was logged in as "Joe", with admin rights. Am I really infected, or is this possibly a conflict between McAfee and Ad-Aware?
I have pasted the log from McAfee. It includes two separate Ad-Aware scans, about 12 minutes apart. Trojan names are in bold.

Regards, Joe



4/26/2006 12:14:02 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\2ACDB4\NewSecurityClassLoader.class Generic Downloader.v

4/26/2006 12:14:02 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\2ACDB4\NewURLClassLoader.class Exploit-ByteVerify

4/26/2006 12:14:02 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\321B83\Matrix.class JV/Shinwow

4/26/2006 12:14:02 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\321B83\Dummy.class Exploit-ByteVerify

4/26/2006 12:26:11 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\27D6B9\NewSecurityClassLoader.class Generic Downloader.v

4/26/2006 12:26:11 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\27D6B9\NewURLClassLoader.class Exploit-ByteVerify

4/26/2006 12:26:11 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\9BD48\Matrix.class JV/Shinwow

4/26/2006 12:26:11 PM Deleted DELL1\Joe C:\Documents and Settings\Joe\Local Settings\Temp\AAWTMP\C19645625\9BD48\Dummy.class Exploit-ByteVerify

Here is the most probable reason for this to happen...

http://www.lavasoftsupport.com/index.php?showtopic=26

To verify that this is the reason, you could run a scan with the option "Scan within archives" unchecked. If Ad-Aware doesn't look inside the archives, the AV application shouldn't trigger on those files...

Andreas

Hi Andreas,
I ran a scan with "Scan within archives" unchecked, and McAfee detected nothing, as you suspected it would. Then I deleted all quarantined items in Ad-Aware and ran another scan, hoping that McAfee would be happy, but alas, it came up with the same hits as before. Are there any other archives in Ad-Aware I can delete? And any other thoughts?
Later, Joe

Best thing to do here is simply delete the folders with the trojans in. However, you may have to turn off your McAfee resident scanner when you do this, as resident scanners tend to block any type of file access (including deleting as this is merely moving to another location (recycle bin) )
See if you can delete those folders with McAfee realtime scanner temporarily disabled.... thanks

//Steve

Thanks Steve. I'll delete the infected folders (The Ad-Aware temp folders). If it still messes up, I'll remove/reinstall Ad-Aware.

Seeeeeeeeeeeeeeeeeya, Joe

Hi Again,
I just wanted to let you know I finally located and deleted the infected files. It took some time, as I had to find them by running customized Ad-Aware scans until I zeroed in on them by process of elination.

The weird thing is that the files had been out there for quite some time (over a year). Apparently, they were only detected by McAfee during Ad-Aware scans because, I assume, that Ad-Aware unzipped them for examination, enabling McAfee to see the imbedded trojans.

Previously, I had been running Norton SystemWorks, which never picked up on this. And McAfee only found it when running Ad-Aware. Makes me wonder how good those two anti-virus products really are...

Thanks so much for your help !!!!!!!!!!!!!!!!

Regards, Joe

Pleased to help!

//moving this to resolved....