I believe I have recieved this message before, on the Ad-Aware Anniversary Edition. Lavasoft investigated it and found it to be a false positive. The other day I ran an anti-virus scan and Ad-Aware Anniversary Edition (AE) scan (both fully updated), this is awhile after the first detection, they found nothing. From the previous detection on Ad-Aware AE I placed the file in quarantine and kept it there, even after the all clear from Lavasoft. After the scans I downloaded and installed Ad-Aware (new version = 2010). Then I truned off the computer for a short time. I came back later, rebooted, updated both Antivirus and Ad-Aware. Then I ran a scan with both. The Antivirus did not detect anything, just like with previous detection by Ad-Aware AE. Then when I ran Ad-Aware (new version) It did detect the TR/Dropper. I can't remember if previous detection had the same exact name or not.
Did the older version's quaratine get removed during new installation and allow the file to go back to its previous location?
I always practice Extra-Safe activity on the computer, I never go online, except on school comp or during emergency on home comp. I usually only play video games on home comp.
Actually I found the name of the detection I had previously TR/LenaB
Full Version: TR/Dropper Trojan TAI 10
I have uploaded a copy of my quarantine file, if Lavasoft could test it and tell me if it is an issue or not, I would be very greatful. the detection should have been around 10/18/09, the old file that is still in quarantine from the previous event (which proved to be a false positive was from 5/09).
Also, The new detection is called TR/Dropper
the old detection was called TR/LenaB
I was also wondering if you know what the other files in the quarantine are/mean.
I was also wondering, if you had any info on what the files in the quaratine mean? I don't understand, why even though there were only 2 different detections, yet there are more than 2 files in the quarantine. I do understand, however, that they are split between the 5/09 and 10/09 dates, and not from different time periods other than the detections.
Also, The new detection is called TR/Dropper
the old detection was called TR/LenaB
I was also wondering if you know what the other files in the quarantine are/mean.
I was also wondering, if you had any info on what the files in the quaratine mean? I don't understand, why even though there were only 2 different detections, yet there are more than 2 files in the quarantine. I do understand, however, that they are split between the 5/09 and 10/09 dates, and not from different time periods other than the detections.
Here is the file, I had actually posted all of this on another forum, on 2010 one. Someone told me to post here.
I don't thinlk the file is working properly, I am going to have to re download it.
I don't thinlk the file is working properly, I am going to have to re download it.
Could you please go to this link for the file:
http://www.lavasoftsupport.com/index.php?showtopic=27451
For some reason when i upload the file it can't be opened, unless only you can open it. But it opens on above page. It is the third post from the top.
http://www.lavasoftsupport.com/index.php?showtopic=27451
For some reason when i upload the file it can't be opened, unless only you can open it. But it opens on above page. It is the third post from the top.
Hello Bigamer
Thank you for reporting this. We will re-investigate this issue. Could I also ask you to upload the log file from when the file was detcted.
Regards
LS Anders
Thank you for reporting this. We will re-investigate this issue. Could I also ask you to upload the log file from when the file was detcted.
Regards
LS Anders
Actually, you won't have to re-investigate. Its a new name TR/Dropper.
I hope you can still access that quarantine file on my other post. I still can't get it uploaded onto this post.
These 3 files were new, they were both found on the date of the detection (10/18/09):
1. A0049712.exe.a973c12fac1d4a174deeecc8c8a87d.aawqff
2. cvtres.exe.c868fcd61d7fc5db0b91cdec9d7dae.755da97ec9cab2c.aawqff
3. AAWQF20091018120246.aawqif
These were from the previous issue, which I belive was resolved, they told me they removed it from the scanner program so it wouldn't get detected anymore (5/12/09):
4. hphuni03.exe.a973c12fac1d4a174deeecc8c8a87d.aawqff
5. AAWQF20090512115010.aawqif
6. AAWQF20090512111947.aawqif
Iam supposing that numbers 4, 5, and 6 are all Ad-Aware related files. Number 4 was the file that was supposed to be resolved, I believe it is in relation to our HP printer. Numbers 1 and 2, on the other hand I have no idea about, these are the files I had on 10/18/09 (also number 3).
The file below should hold log files from the day of 10/18/09 and 10/20/09, for some reason I can't re access them from the post
, when i look at application data folder, through search its properties say hidden, and I can't upload straight from it. I can't find it when i use browse button.
I hope you can still access that quarantine file on my other post. I still can't get it uploaded onto this post.
These 3 files were new, they were both found on the date of the detection (10/18/09):
1. A0049712.exe.a973c12fac1d4a174deeecc8c8a87d.aawqff
2. cvtres.exe.c868fcd61d7fc5db0b91cdec9d7dae.755da97ec9cab2c.aawqff
3. AAWQF20091018120246.aawqif
These were from the previous issue, which I belive was resolved, they told me they removed it from the scanner program so it wouldn't get detected anymore (5/12/09):
4. hphuni03.exe.a973c12fac1d4a174deeecc8c8a87d.aawqff
5. AAWQF20090512115010.aawqif
6. AAWQF20090512111947.aawqif
Iam supposing that numbers 4, 5, and 6 are all Ad-Aware related files. Number 4 was the file that was supposed to be resolved, I believe it is in relation to our HP printer. Numbers 1 and 2, on the other hand I have no idea about, these are the files I had on 10/18/09 (also number 3).
The file below should hold log files from the day of 10/18/09 and 10/20/09, for some reason I can't re access them from the post
, when i look at application data folder, through search its properties say hidden, and I can't upload straight from it. I can't find it when i use browse button.
QUOTE(Bigamer @ Oct 23 2009, 09:27 PM) 
Could you please go to this link for the file:
http://www.lavasoftsupport.com/index.php?showtopic=27451
For some reason when i upload the file it can't be opened, unless only you can open it. But it opens on above page. It is the third post from the top.
http://www.lavasoftsupport.com/index.php?showtopic=27451
For some reason when i upload the file it can't be opened, unless only you can open it. But it opens on above page. It is the third post from the top.
Hi Bigamer!
The posted logfiles (Scan_2009-10-18-09-17-38.log, Scan_2009-10-18-10-56-45.log and Scan_2009-10-20-08-10-09.log) only show one detection in the "... Local Settings\Temp\4000007000cb396c7a37" folder e.g. "cvtres.exe" is detected as a TR/Dropper.Gen. The detection was made by the antivirus engine in Ad-Aware.
Q1: Did the older version's quaratine get removed during new installation and allow the file to go back to its previous location?
A1: No, quarantined files are not "restored" on the system, unless the user chooses to do so..
Q2: I was also wondering if you know what the other files in the quarantine are/mean.
A2: The ~1Kb files with the .aawqif extension contains the path to a file (.aawqff) that is encrypted (for safety reasons). Thereby a .aawqif file is assosiated to an encrypted .aawqff file. A .aawqif file opened for example with Notepad would reveal (in this example AAWQF20091018120246.aawqif):
Ad-Aware Quarantine Infection File 20091018120246
IFI=0|0|1|3|C:\Documents and Settings\Owner\Local Settings\Temp\4000007000cb396c7a37\cvtres.exe|C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\cvtres.exe.c868fcd61d7fc5db0b91cdec9d7dae.755da97ec9cab2c038b016c05ba15961.
aawqff|3|3572|0
Info from the uploaded logfiles:
Scan_2009-10-18-09-17-38.log:
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 0
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
Scan_2009-10-18-10-56-45.log:
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 1
(Description: C:\Documents and Settings\Owner\Local Settings\Temp\4000007000cb396c7a37\cvtres.exe Family Name: TR/Dropper.Gen Engine: 2 Clean status: Success Item ID: 0 Family ID: 0 MD5: 755da97ec9cab2c038b016c05ba15961).
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 0
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
Scan_2009-10-20-08-10-09.log:
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 0
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
Regards,
LS Pekka
Lavasoft Malware Labs
Hi Bigamer!
The file "cvtres.exe" is falsely detected as TR/Dropper.Gen by the antivirus engine in Ad-Aware and it will be removed from detection.
Regards,
LS Pekka
Lavasoft Malware Labs
The file "cvtres.exe" is falsely detected as TR/Dropper.Gen by the antivirus engine in Ad-Aware and it will be removed from detection.
Regards,
LS Pekka
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.