[Dshield] counter.class virus from Lavasoft Ad-aware6

Mike Beattie webmaster at erthdra.com
Mon Apr 26 18:38:06 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for the info, I will give spybot a try.
I managed to find some information at lavasofts website that indicated the
infection was inside an archive and avg detected it only when ad-aware
extracted the file but could not find it inside the archive when doing a
full scan.
I did find the file with pandasoftware/activescan which also disinfected it,
the archive was located under my winnt/documents and
settings/username/Application\Sun\Java\Deployment\cache\javapi\v1.0\jar\load
eradv68.jar-18b24b34-6b47935f.zip[Counter.class] 
I don't really know how it got there but I am sure glad it is gone : )
I also upgraded to version 1.4.2 of sun java.
Mike
 


- -----Original Message-----
From: Joseph Stahley 3rd [mailto:jestahley3 at cox.net] 
Sent: Monday, April 26, 2004 2:29 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] counter.class virus from Lavasoft Ad-aware6


I'm running the same setup and have not run across this. Make sure your
virus defs are updated along with lavasofts. You may also want to run spybot
as well. The best way to catch those items by the way, is to start your
workstation in safe mode and run ad-aware and spybot without many of the
dll's loaded up, just make sure before going to safe mode that all software
is up to date. I don't think AVG can be run in safe mode either, I've tried
to but because my drives are ntfs I think it has a problem in safe mode.

Joseph

- -----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Mike Beattie
Sent: Monday, April 26, 2004 8:08 AM
To: 'list at lists.dshield.org'
Subject: [Dshield] counter.class virus from Lavasoft Ad-aware6


I run ad-aware fairly often on a win 2k workstation with avg anti-virus by
Grisoft installed and this morning when I ran ad-aware avg detected a js
virus called counter.class. I unfortunately cannot seem to capture it
because ad-aware creates a directory called cache under it's install
directory when it runs but the virus does not appear until about when
ad-aware finishes the deep registry scan then it removes it and the cache
directory just as fast as it created it. The only information I have is the
avg alert that says run avg to remove the virus which is no longer there, I
even tried to scan the cache folder manually with windows explorer and a
right click scan with avg on the cache folder at the exact time the virus
gets created there but I am not fast enough to catch it. Has anybody else
experienced this, and if so what did you do about it? Should I try and
contact lavasoft ad-aware or just uninstall ad-aware, or is it a false alarm
from avg? Any thought's or suggestions would be greatly appreciated. Mike B.

- ---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.668 / Virus Database: 430 - Release Date: 4/24/2004
 
_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

- ---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.669 / Virus Database: 431 - Release Date: 4/26/2004
 

- ---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.669 / Virus Database: 431 - Release Date: 4/26/2004
 

_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

- ---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.668 / Virus Database: 430 - Release Date: 4/24/2004
 

- ---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.668 / Virus Database: 430 - Release Date: 4/24/2004
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkCNWLAACgkQFORW1YQtl8qZDQCfa5dCNtGtmWxjuhS4XxB/27E6
7G4AoJ0007LDp5HIDUUfjIlrEbCYmN25
=bO98
-----END PGP SIGNATURE-----



More information about the list mailing list