Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg A/v Now Says My Ad-aware Se Install .exe Is Trojan!


  • Please log in to reply
11 replies to this topic

#1 bloomcounty

bloomcounty

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 09 August 2007 - 05:14 PM

Okay, two days ago, I downloaded Ad-Aware SE Build 1.06r1 (Updated) from Softpedia, and the file is almost twice the size (4.62 MB) as the regular SE Build 1.06r1. I'm guessing this new version has some fix for the people who weren't able to use the auto-updater for the definition updates any more (it stopped working -- mostly Earthlink people, I think). Here's the link:
http://www.softpedia.com/progDownload/AdAw...load-13916.html

I downloaded the Softpedia Secure Download (RO) (Romania) because the US one was really slow for me on dial-up (stop and start).

I'm 95% sure I scanned it with AVG A/V free at the time, and it was fine. However when I merely opened my downloads folder today that had the file in it, AVG A/V suddenly popped up and said it was a TrojanHorse Downloader! Well, I freaked out, tried to get more info, but wasn't connected to the internet, the accidentally blocked AVG from connecting to the internet in ZA (besides I think it uses IE, because my default is Firefox, but the window that popped up that couldn't connect had an IE icon in it), then it had some kind of timer counting down in the AVG window, so I had to make a choice, and I accidentally hit "heal". It said it healed it, but what it did was delete the file from my computer (I assume -- it was no longer in the folder and not in the trash).

So, being curious, I popped in the cd I had all my downloaded programs on and scanned it with AVG A/V -- and, lo and behold, it flagged the same file on the cd the same way. This time I chose to put it in the virus vault -- the icon changed for a generic one for the program on the cd (obviously it couldn't delete it since it was on a cd) and I just popped the cd back out.

I went to AVG A/V Virus Vault and apparently it had also put the first one in there (or a copy of it) because it says it can't be healed. Here's the info from the Virus Vault on each:

First one, which was on my hard drive that I "healed":

Under the "T" column, it has a blue box with an exclamation point in it

Object name: aawsepersonal.exe
Object path: C:\Documents and Settings\Downloads\Spyware and Anti-Virus\
Discovery: Trojan hourse Downloader.Generic5.PIO
File size: 4.63 MB
Healable: No
Source: Backup Copy
Status: Infected


Second one, which was burned on the cd:

Under the "T" column, it has a red box with an exclamation point in it

Object name: aawsepersonal.exe
Object path: E:\Spyware and Anti-Virus
Discovery: Trojan hourse Downloader.Generic5.PIO
File size: 4.63 MB
Healable: No
Source: Moved Object
Status: Infected


Then I tried to download it from the US (instead of RO) link on Softpedia (showing that it's not just from that RO link):

Under the "T" column, it has a red box with an exclamation point in it

Object name: aawsepersonal.exe
Object path: C:\Documents and Settings\<Use Name>\Desktop
Discovery: Trojan hourse Downloader.Generic5.PIO
File size: 2.32 MB
Healable: No
Source: Moved Object
Status: Infected


...except this time, I didn't even have to scan -- AVG A/V immediately popped up once the file was done downloading. So I chose to move it to the Virus Vault like the last one. However, I'm not sure why this is only 2.32MB -- either the download crapped out or at some point flagged it before it finished downloading? (It did suddenly seem to finish awfully fast, then AVG immediately popped up.)

[Note: For some reason, I had to restart my computer according to AVG in order to carry out either the first or second one above -- I don't remember which. But it was only that way with one of them. Normal?]

Questions:

1. What the heck is going on? Obviously, there was some update to AVG that made this file get flagged this way when two days ago it didn't.

2. What do I do now? Do I wipe all three objects? Empty the virus vault? What?

3. Is this probably a false positive?

4. Should I not install this "(Updated)" version of Ad-Aware SE and just use my old program version with the updating problem? (I can still manually download definitions and put them in the program folder.)

5. I'm going to scan my laptop with the A/V now -- but do I have to scan also in "safe mode"? That'll take like three or more hours!

6. I placed the contents of that cd (which included that file) on the desktop of my new laptop (which does not have A/V yet). I have not installed the program or anything. Can I just go on there and delete the file from the desktop and call it good? If it is bad, it can't infect or do anything unless it's executed, right?

7. Does this mean, in any way, that the other programs I had on the cd (or in the folder with this one) are effected in any way? Or are they okay to continue to install/use? (I have already used two programs on the new laptop from that cd which also contains this Ad-Aware file -- PC Decrapifier and Norton Removal Tool -- is that an issue now for my new laptop?)

Man, it's one thing after another... :trumpet:

First that "music_now" thing and now this...

Please let me know, as my stress level is continuing to rise from all this computer stuff... :flowers:

Thanks! :thumbsup:

Edited by bloomcounty, 09 August 2007 - 05:19 PM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

BC AdBot (Login to Remove)

 


#2 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 09 August 2007 - 06:16 PM

Results of AVG A/V scan in normal mode:

C:\Documents and Settings\<User Name>\Local Settings\Application Data\Mozilla\Firefox\Profiles\a010xsd.default\Cache\100A6206d01
Found: Trojan hourse Downloader.Generic5.PIO
Status: Deleted


So it just found and deleted this on it's own.

8. I'm guessing this is something cached from when I downloaded the program again today?

Anybody know about any of this? Thanks again!

Edited by bloomcounty, 09 August 2007 - 06:18 PM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#3 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:01:57 PM

Posted 09 August 2007 - 10:49 PM

I just downloaded Ad-Aware Personal from Lavasoft, and I got the same virus warning from AVG. I'd also like to know if it's a trojan or a false positive. Has Lavasoft been hacked?

#4 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 09 August 2007 - 11:05 PM

I just downloaded Ad-Aware Personal from Lavasoft, and I got the same virus warning from AVG. I'd also like to know if it's a trojan or a false positive. Has Lavasoft been hacked?


Well, if that was the case, it would have had to of happened awhile back, I'd think, because the files at Softpedia are dated (I think) from April (at least, that's what it says was when the file was last updated). But, as I posted, the file was *not* flagged as such two days ago. Only starting today.

If I hear anything about it, I'll certainly post. In the meantime, hopefully we'll get some of the experts to stop by and fill us in and answer my ridiculously detailed and meticulous questions, and ease my extreme worrying! :flowers:

Thanks! :thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:10:57 AM

Posted 09 August 2007 - 11:14 PM

It looks like a false positive to me. I tried on both my windows machines and the wifes laptop. (Avast, Panda, and Nod32) I got no warnings.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:57 AM

Posted 09 August 2007 - 11:23 PM

It's a false positive being reported by AVG.
The problem has been reported to Grisoft.
There's nothing wrong with Ad-Aware.

Can't Download New Version Of Adaware At All
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 10 August 2007 - 12:04 AM

It's a false positive being reported by AVG.
The problem has been reported to Grisoft.
There's nothing wrong with Ad-Aware.

Can't Download New Version Of Adaware At All


Good to know -- thanks! I'll wait until morning to proceed. At least I've still got the file on my cd and don't have to redownload. And the fact that it's happening with various versions of Ad-Aware is a good sign!

Thanks for the piece of mind. If anyone gets any updates, please post. I'll also monitor that lavasoft thread.

Good night, all! :thumbsup:
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#8 Alan D

Alan D

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 August 2007 - 02:54 AM

This is one of those occasions when uploading the file to the Virustotal and Jotti online scanners would have reassured you immediately.

The question remains about the best way to do this when your antivirus is going nuts every time you try to do anything with the suspected file - I wish someone would come up with an answer: see my thread about it, here:
http://www.bleepingcomputer.com/forums/t/103414/using-multiple-online-file-scanners/

Edited by Alan D, 10 August 2007 - 02:56 AM.

Windows XP Home SP2; AVG 7.5 Internet Security Suite (AV/AS r.t.p, and firewall); Windows Defender (r.t.p on); SuperAntispyware Free; a-squared Free 3.5.0.15; Spybot 1.4 (Immunised, but no Tea-timer); AdAware SE Free; AVG Anti-Rootkit Free; Spywareblaster; MVPS Hosts file (with HostsMan); McAfee Site Advisor.

#9 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 10 August 2007 - 09:13 AM

Any idea how fast AVG will fix this issue? I'm hesitant to put it on the new laptop because of it catching the Ad-Aware .exe I've got on there (though I guess I can just delete it for now), but I've got to get this new laptop going because the days are running out before I have to decide if it's going to work out (as I'm having other issues with it). Thanks!
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#10 bloomcounty

bloomcounty
  • Topic Starter

  • Members
  • 672 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 10 August 2007 - 11:50 AM

I just updated AVG A/V for today... I'm only on dial-up though, anybody willing to download the Ad-Aware SE Build 1.06r1 (Updated) .exe from Softpedia here:

http://www.softpedia.com/progDownload/AdAw...load-13916.html
(the RO-Romania link, if you don't mind)

...and tell me if their AVG still flags it?

Thanks!

Edited by bloomcounty, 10 August 2007 - 11:51 AM.

My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010

#11 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:57 AM

Posted 10 August 2007 - 12:33 PM

From what I read, it looks like AVG is flagging the installer, not the program.
Disconnect from the internet, disable AVG, install Ad-Aware, burn the installer to a disc (if you want to save it, otherwise delete it), delete Ad-Aware installer from harddrive, then re-enable AVG.

.
.

Edited by tg1911, 10 August 2007 - 12:37 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#12 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:01:57 PM

Posted 10 August 2007 - 01:02 PM

I too had downloaded Ad-Aware a couple of days previously for another computer without any problems. Good to know that it's a false positive, which is what I suspected, but did not want to install it until it was confirmed. I told AVG to ignore it, so all should now be well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users