Ad-aware SE 1.06 pro yesterday found entries of w32.trojan.agent and bargainbuddy in my registry. It cleaned them out, and has not detected any more, since I've run it twice now since them, even with today's new definitions. However, it was my understanding that registry keys in and of themselves are merely pointing to the file they want to activate. So I'm wondering, does anyone have any info on what the names of the files could be on the system? I searched google and came up with pretty much nothing. Not even the symantec database had anything. Does this virus go by another name, perhaps?

The other thing that concerned me was why didn't ad-watch catch the registry additions?

I also ran a virus scan with Norton antivirus 2006 (which I know, isn't very good. I'm debating on what AV program I should migrate to, since I've heard about a million different suggestions. AVG, Avast, Normon, McAfee.) In addition, I ran windows defender and that also picked up nothing.

Please help! I dont know if my system is really free of this threat! since it only caught the registry keys, and my ineffective AV didn't find anything.

In addition, does ad-aware search for firefox cookies and temp files, too?

Hi thingie

Apologies for the late reply, we've been quite swamped in here as you can probably see.

That detection was a false positive in a new update on the day you posted.

It has since been fixed.

Remember that all programs can have false postives from time to time, especially if you get a new detection right after an update for something you know you didn't have before. It's always best to check when in doubt. You can always check in this forum:
http://www.lavasoftsupport.com/index.php?showforum=93
which is where the false positive reports are usually seen.

Hope that helps

Hi CJ,

thingie has a recent thread here: http://www.lavasoftsupport.com/index.php?showtopic=3508

Perhaps they could be merged (hope I got the descriptions right in my last post there)

Regards,

Spike

Hi spike-nz,

Yes, I saw the other thread. Since this was an entirely different question I thought I would leave it here, but thanks for noticing

Thanks for that. I appreciate it. Sorry for posting again.

I have also gotten both w32.trojan.agent and Bargain Buddy, detected by Ad-Aware. Neither one is found by Norton AV 2006, nor Spybot, nor Zone Alarm Pro. I "removed" both with Ad-Aware and the Trojan does not come back. But, every time I go back to the internet, Ad-Aware detects Bargain Buddy again. If I understand comments in this forum, w32.trojan.agent is a false positive. I have run Symantec Bargain Buddy remover when Ad-Aware was still showing it as present and it is not detected by the Symantec removal software and is still not detected by either Spybot or Zone Alarm. Is Bargain Buddy a false positive or is it a problem?

Those are likely false postives, JimT

What is the date of your latest Ad-Aware reference file update?

The current one is: SE1R124 19.09.2006

If you do not have that one, please update your Ad-Aware and scan again. Let us know if that resolves the problem.

Thanks very much, Calamity Jane. I did have the latest and after a scan, came out clean. I hope it stays gone.
I hope this gets posted. I'm having trouble trying to figure out how to reply to your message.

Yep, it got posted Glad to hear that resolved your problem.

FYI the board software can be confusing on the reply button. If you just scoll down a little bit and use the button that says Add Reply and not the one with a quote mark "reply then you won't have the quote box added in your reply. See this illustration