Sign in to follow this  
Sinkhet

Ad-Watch and Radmin 3.2

Recommended Posts

Hello there!

I've lately purchased my copy of Ad-Aware 2010 PRO..
Anyways, I've stumbled upon a "minor" or better said a big problem for me..

I'm frequently using Radmin Server 3.2, for remote access to my computer.
Anyways, as soon I start this Radmin server 3.2, when Ad-Watch Live - Processes is turned on, I get a baloon tip, that a malicious process has starded, and Ad-Watch terminated it..
So I know under the "Edit Rules" button, I could give it to exceptions, ignore it, anything..

But the process just doesn't apear in there..
So you understand this is a big issue for me, as I need frequently to access my home computer from my workplace, but I don't want to have Ad-Watch - Processes turned off..

So if you have any suggestion, how to get it working.. please please help me as soon as possible..

Thanks in advance!

Share this post


Link to post
Share on other sites
[quote name='Sinkhet' post='115687' date='Jan 23 2010, 01:42 PM']Hello there!

I've lately purchased my copy of Ad-Aware 2010 PRO..
Anyways, I've stumbled upon a "minor" or better said a big problem for me..

I'm frequently using Radmin Server 3.2, for remote access to my computer.
Anyways, as soon I start this Radmin server 3.2, when Ad-Watch Live - Processes is turned on, I get a baloon tip, that a malicious process has starded, and Ad-Watch terminated it..
So I know under the "Edit Rules" button, I could give it to exceptions, ignore it, anything..

But the process just doesn't apear in there..
So you understand this is a big issue for me, as I need frequently to access my home computer from my workplace, but I don't want to have Ad-Watch - Processes turned off..

So if you have any suggestion, how to get it working.. please please help me as soon as possible..

Thanks in advance![/quote]

Thank you for reporting this to us.

Please do the following so that the matter can be investigated,:

1. If it's detected by running a scan, please upload the log file of the scan that detected the false positive. Log files (XP, Vista and 7) are located in:

Ad-Aware 2008 users:
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\logs\Ad-Aware<date information>.log

Ad-Aware AE users:
XP - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log
Vista and 7 - C:\ProgramData\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log

Ad-Aware 8.1 users:
XP - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log
Vista and 7 - C:\ProgramData\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log

To upload the file, click on the Browse button within your post, navigate to the log file's location, select the file then click the green UPLOAD button.

If you have access to the detected file, upload it as described above, however, please be sure to zip your file first - the forum will not accept the upload of .exe files or renamed .exe files. You could use an application like 7-Zip, ZipCentral or your preferred compression program to zip your file.

Thank you.

Share this post


Link to post
Share on other sites
No, the problem is that it hasn't been found during a scan..
It's found when Ad-Watch - processes is turned on, and I start Radmin server..

Everything that has been found during a full scan (and I know what it is, and it's not harmfull), i've moved to the Ignore section..
But as soon as I start Radmin Server, Ad-Watch terminates it..

So my problem is only that it doesn't appear in the Edit Rules menu, so I could allow it..

Share this post


Link to post
Share on other sites
Hello Sinkhet

Would it be possible for you to submit the file that is blocked so that we can have a closer look at the file. You can zip it and upload it here.

Also, may I ask what Ad-Watch is reporting when it blocks the file?

Do you have anything appearing in the "edit rules" list?



Regards
LS Anders

Share this post


Link to post
Share on other sites
I uploaded the file now..

What Ad-watch says..

1: If I start the Radmin Server [u]before[/u] I start Ad-Aware, it says:
Ad-Watch Live! detected that a malicious process is running and started a scan in background mode. You will be able to clean any infections safely after the scan is finished.

2: If I start Ad-Aware first, and [u]then[/u] the Radmin Server, it says:
Ad-Aware is now in background scan mode, allowing your PC to be scanned in the background as you continue to work. As a result, the scan may take longer since only your computer's idle resources are being used.

And the Radmin server just shuts down in the same time as any of those baloon tips comes up..

And in the "edit rules" list, there's absolutely nothing..


Also, when Ad-Aware scans "rserver3.exe", nothing is found.. Edited by LS CalamityJane
Removed file attachment, no longer needed

Share this post


Link to post
Share on other sites
Hello Sinkhet

Thank you for uploading the file. We re-investigated the file and was unable to reproduce any detection of it. However based on the description you have given it could be that there is something else being loaded along with the radmin server. What is happening is that Ad-Aware is doing a scan in the background. If you double click on the tray icon while the background scan is active you will see Ad-Aware scanning.

Could you please open this scan and then post the scanlog from that scan. This would help us to be able to pinpoint this problem.

Regards
LS Anders

Share this post


Link to post
Share on other sites
Yea, I know that Ad-Aware does it's "Smart Scan" when a "suspicious process" is found.. I've seen it..
Although, nothing is found there when it finishes..

Uploading the scan result..

Share this post


Link to post
Share on other sites
Hi Sinkhet,

I'm guessing that when Ad-Aware orginally detected the false positive file, it was added to your ignore list. When that ignored file was subsequently loaded into memory, Ad-Awatch determined it as suspicious and started a scan. We were able to recreate the scenario you describe based on that assumption and reported it to our development team.

We still have the issue of the file being detected in the first place, Since the radmin file originally uploaded is not being detected, as LSAnders mentioned in his post, something else is being loaded with the application. I suspect that its a file called "newtstop.dll" - would it be possible for you to locate it on your machine and upload this file for investigation? Thanks!.

Regards,

Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
Thank you for uploading the file. We will try to recreate the issue and try to solve the bug causing it.

No the process can not be added manually to ignore. In this case it is not Ad-watch Live that blocks it. It is a Ad-Aware scan (initiated by Ad-Watch) that kills it.


Regards
LS Anders

Share this post


Link to post
Share on other sites
It would be nice that a end-user could be able to add a process manually.. Maybe you should consider to adding this option in a upcoming update...

Anyways, I really hope that you can fix this problem somehow, as now I can't use either the Radmin server, or the Ad-Watch Live - process watch..

Share this post


Link to post
Share on other sites
Sign in to follow this