ADDAWARE keeps downloading trojan

[mstrspy]

Everytime I update and run Lavasoft Addaware My Norton Anti virus
picks up Trojan.ByteVerify. What isthis? Should Istop using Addaware?
I thought it was supposed to be good.
M

 

[David H. Lipman]

From: "mstrspy" <[email protected]>

| Everytime I update and run Lavasoft Addaware My Norton Anti virus
| picks up Trojan.ByteVerify. What isthis? Should Istop using Addaware?
| I thought it was supposed to be good.
| M

It has nothing to to do with Ad-Aware. It is only a coincidence.

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

4) Re-scan your system with NAV.

 

[Duane Arnold]

Everytime I update and run Lavasoft Addaware My Norton Anti virus
picks up Trojan.ByteVerify. What isthis? Should Istop using Addaware?
I thought it was supposed to be good.
M

I got Ad-Aware on my machine but I hardly use it. However, Ad-Aware does
have an Ignore list and I have used that a time or two.

Duane

 

[Noel Paton]

From: "mstrspy" <[email protected]>

| Everytime I update and run Lavasoft Addaware My Norton Anti virus
| picks up Trojan.ByteVerify. What isthis? Should Istop using Addaware?
| I thought it was supposed to be good.
| M

It has nothing to to do with Ad-Aware. It is only a coincidence.

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options -->
delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use
FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache -->
clear
or
Start --> settings --> control panel --> Java applet -->
general --> settings -->
delete files

4) Re-scan your system with NAV.

I wouldn't necessarily call it a coincidence, Dave - I had similar problems
for a while, and isolated the cause.
What it is, is that AdAware in full-scan mode opens compressed files to
test them - and it's the decompressed temp file that the AV then tags as a
virus (or whatever) - it can be a bitch to work out exactly which file is
causing the problem, as the temp file created by AdAware doesn't necessarily
have either a recognisable name, or source.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[David H. Lipman]

From: "Noel Paton" <[email protected]>


| I wouldn't necessarily call it a coincidence, Dave - I had similar problems
| for a while, and isolated the cause.
| What it is, is that AdAware in full-scan mode opens compressed files to
| test them - and it's the decompressed temp file that the AV then tags as a
| virus (or whatever) - it can be a bitch to work out exactly which file is
| causing the problem, as the temp file created by AdAware doesn't necessarily
| have either a recognisable name, or source.
|

I wanted to keep it simple. I didn't want to him to stop using Ad-aware. But you are
right.

As Ad-aware scans the system it is opening Java Jars and scanning .CLASS files and as the
are extracted from the Java Jars (ZIP type archive file) NAV's "On Access" scanner is
catching a .CLASS file that is the JS/ByteVerify Trojan and NAV is notifying the user.

I should have fully explained that instead of being lazy and not going into full detail.

Dumping the Browser and Sun Java caches will remove the Java Jars and thus mitigate further
NAV notifications.

 

[Trev]

I wanted to keep it simple. I didn't want to him to stop using Ad-aware. But you are
right.

The truth will out.

 

[Noel Paton]

From: "Noel Paton" <[email protected]>


| I wouldn't necessarily call it a coincidence, Dave - I had similar
problems
| for a while, and isolated the cause.
| What it is, is that AdAware in full-scan mode opens compressed files to
| test them - and it's the decompressed temp file that the AV then tags as
a
| virus (or whatever) - it can be a bitch to work out exactly which file
is
| causing the problem, as the temp file created by AdAware doesn't
necessarily
| have either a recognisable name, or source.
|

I wanted to keep it simple. I didn't want to him to stop using Ad-aware.
But you are
right.

As Ad-aware scans the system it is opening Java Jars and scanning .CLASS
files and as the
are extracted from the Java Jars (ZIP type archive file) NAV's "On Access"
scanner is
catching a .CLASS file that is the JS/ByteVerify Trojan and NAV is
notifying the user.

I should have fully explained that instead of being lazy and not going
into full detail.

Dumping the Browser and Sun Java caches will remove the Java Jars and thus
mitigate further
NAV notifications.

It's not that tightly-knit, actually!
I had a couple of zipped email attachments in a folder - which AVG couldn't
find anything wrong with.
When Ad-Aware came across them, AVG would pop up with an alert.
Neither on their own could detect the enclosed (Swen??) virus - but together
they could. - Seems that AdAware's unpacker was more effective than AVG's at
the time.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[David H. Lipman]

From: "Noel Paton" <[email protected]>


| It's not that tightly-knit, actually!
| I had a couple of zipped email attachments in a folder - which AVG couldn't
| find anything wrong with.
| When Ad-Aware came across them, AVG would pop up with an alert.
| Neither on their own could detect the enclosed (Swen??) virus - but together
| they could. - Seems that AdAware's unpacker was more effective than AVG's at
| the time.
|

That's possible.

Art ran a News Group experiment several weeks ago. He posted several URLs of sites posting
installers for various freebies. Each installer was tested and some AV couldn't see in the
files within these self extracting installation archive files. Kaspersky and NOD32 seemed
to do the best.

McAfee scored poorly and when I contacted McAfee/AVERT so they can add more decompression
algorithms to the Engine v5000 Beta they indicated that the infectors will be found when the
installer is executed as the files are extracted.

 

[Art]

Art ran a News Group experiment several weeks ago. He posted several URLs of sites posting
installers for various freebies. Each installer was tested and some AV couldn't see in the
files within these self extracting installation archive files. Kaspersky and NOD32 seemed
to do the best.

Actually, Dr Web was a distant second. No av was anywhere near as
effective as KAV for finding malware in installation files.

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Art" <[email protected]>


|
| Actually, Dr Web was a distant second. No av was anywhere near as
| effective as KAV for finding malware in installation files.
|
| Art
|
| http://home.epix.net/~artnpeg

Thanx for the clarification Art !

 

[Noel Paton]

Thanks, Art - and David - for the explication!!
If I see similar behaviour (sic) I'll be sure to report it - I'm about to
switch AV's in some of my VPC's.....


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[Peter Seiler]

David H. Lipman - 27.11.2005 16:18 :

David, if possible please do a favour posting normally with max. 72
character per line. Thanks.

 

[David H. Lipman]

From: "Peter Seiler" <[email protected]>

| David H. Lipman - 27.11.2005 16:18 :
|
| David, if possible please do a favour posting normally with max. 72
| character per line. Thanks.
|

Peter:

Please give it up !

 

[Roger Wilco]

David H. Lipman - 27.11.2005 16:18 :

David, if possible please do a favour posting normally with max. 72
character per line. Thanks.

Damn! That's what screwed me up in the first place. It was probably you that whined at me the first time. )

 

[Heather]

Damn! That's what screwed me up in the first place. It was probably
you that whined at me the first time. )

LOL!! It most likely was. I am posting this at 72 instead of 76, so
will see if it makes any difference.

Poor Peter.....all he contributes are typing lessons. )

Heather

 

[Magda]

... David H. Lipman - 27.11.2005 16:18 :
...
... David, if possible please do a favour posting normally with max. 72
... character per line. Thanks.

Every time someone complains about the length of my lines, I increase it by ten
characters.

 

[David H. Lipman]

From: "Magda" <[email protected]>

| On Sun, 27 Nov 2005 18:22:36 +0100, in alt.comp.anti-virus, Peter Seiler
| <[email protected]> arranged some electrons, so they looked like this :
|
| ... David H. Lipman - 27.11.2005 16:18 :
| ...
| ... David, if possible please do a favour posting normally with max. 72
| ... character per line. Thanks.
|
| Every time someone complains about the length of my lines, I increase it by ten
| characters.

I find that there are many instances where 72 chars, are just not enough such as posting a
..REG file where News Group line wrapping makes it more difficult for the reciopient to work
with the data. I can keep editing the configuration everytime I make such a post.

 

[Peter Seiler]

Magda - 28.11.2005 16:52 :

... David H. Lipman - 27.11.2005 16:18 :
...
... David, if possible please do a favour posting normally with max. 72
... character per line. Thanks.

Every time someone complains about the length of my lines, I increase it by ten
characters.

at least it's up to you.

BTW: finally it's up to you also how to quote. Your quoting markers
"..." instead of ">>" produce a total confusing and wrong repost as you
can see above. Your meaning could be: "Every time someone complains
about my quoting-markers "...", I increase it by ten". Ok, lets go on
with the chaos in usenet behavior.

 

[David H. Lipman]

From: "Peter Seiler" <[email protected]>

| at least it's up to you.
|
| BTW: finally it's up to you also how to quote. Your quoting markers
| "..." instead of ">>" produce a total confusing and wrong repost as you
| can see above. Your meaning could be: "Every time someone complains
| about my quoting-markers "...", I increase it by ten". Ok, lets go on
| with the chaos in usenet behavior.
|

Remeber...

There is order in chaos and there is chaos in order.

 

[Heather]

From: "Peter Seiler" <[email protected]>

| at least it's up to you.
|
| BTW: finally it's up to you also how to quote. Your quoting markers
| "..." instead of ">>" produce a total confusing and wrong repost as you
| can see above. Your meaning could be: "Every time someone complains
| about my quoting-markers "...", I increase it by ten". Ok, lets go on
| with the chaos in usenet behavior.
|

Remeber...

There is order in chaos and there is chaos in order.

And another "m" in remember, lol.