RE: Unusual Activity in Ad-aware 6 Personal, Build 6.181

["fedhead" <fedhead () rogers com>]

I have tracked it down and Dave, your assessment seems to be correct for my
situation. Ad-aware was scanning an old Palm Attachment folder I had in my
profile which stored the attachments of e-mails I had synced with my Palm,
including my Bugtraq e-mail which contained Jelmer's zip of this IE exploit.

It would appear that Ad-aware stores the file its scanning into the cache
folder only fop the time length it takes to scan that file, thus when it
read the zip file, Norton AV also scanned the file and found the trojan.

Sorry for all the confusion everyone and thanks for the feedback.

Matt

-----Original Message-----
From: Dave [mailto:djm () mcoe k12 ca us]
Sent: June 22, 2004 10:58 AM
To: fedhead
Subject: Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181


What did the ad-aware LOG say?   I am also using ad-aware 6,  I have a
"Cache" directory while ad-aware is actively scanning my system.  When the
scan completed, the cache directory disappeared, probably because it had
nothing more to do other then remove cookies.

My best guess is AW is finding this trojan on your system, isolating it, but
not quarantining it.  I would suspect that Norton is finding it after its
found by AW.

This is not a shock, Norton has frequently not found active exploits in the
past until another program "reveals" the hidden objects.  Switch to Sophos
or McAfee, rescan your system to remove the exploit, and run Ad-aware
manually to see the logs of whats happening.