• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
T.J.

Able to see traces but not threats?

2 posts in this topic

Hi,

 

I posted here, since I think it the most proper place, and am sorry if it was the wrong place.

 

I just finished scanning my system and got the result that I have two threats and 13 traces on it. When I continue on to checking the infected files, of which one is a cookie and twelve traces of Hotspotshield.

Shouldn't the threats be listed under the infected files as well? Or are they listed somewhere else? i have recently updated to Adaware Free Antivirus +.

 

With the version before this one, I detected a trojan the Win32.Backdoor Trojan Poison (I think I got the name right, that it was Win32.Poison I am sure of), and only adaware and Mbam was able to detect it. Now, it being a trojan I decided to check it a bit closer, and discovered that this one is said to be a particular nasty one, and have therefore worked hard to really make my system clean again, not wanting to leave it anywhere and letting it continue running on my computer. Anyway, I did a scan with mbam and it showed nothing, so Adaware being the other scanner to recognize it, was next in line in order to check and make sure.

 

This is also why I really would like to know what kind of threats the scan result is showing. I'm also surprised that these don't show up under infected files. As it doesn't, where can I view these threats?

 

Another question, the above mentioned trojan, can I really trust that Adaware managed to get rid of it? Just asking this, since it's said to be a particularly nasty infection that will reinstall itself when rebooting the system, and I also read on another site that it will try to remove a specific file, and make a similar copy in order to shut down Windows file check system, in order to install some other things. However, as both the scanners I used doesn't seem to show this after removing it the first time, it seems to me like I managed to remove it before any of these things happened. Given it's stated characteristics, this got me wondering. This, since I haven't noticed any of the stated tell-tale signs that it's at work. Still, I pose the question since I want to be sure, as its goal is to steal passwords, and especially creditcard info etc. I don't have such info on my computer, but sometimes buy things online, and thus must state my card number at such times. So far I have used another computer temporarily for such things as switching passwords on a couple of important sites, just in case. Still wondering though, as I don't see it in the infected files in Adaware, can I be sure it's been taken care of?

 

Oh, in case it matters, I'm running Win XP, sp3.

 

Hoping for a quick reply.

 

Thanks in advance!

 

/T.J.

Share this post


Link to post
Share on other sites

Hi T.J.,

 

I'm not sure how to explain it, please tell me if you don't understand.

 

The first threat is Hotspotshield. Hotspotshield made 12 changes in your system, that is new files and new/changed entries in the Windows' registry. These changes are called traces. The twelve Hotspotshield traces together make up the first threat. The second threat has only one trace and that is the cookie.

 

Regarding Win32.Poison, it depends on which file(s) that were infected by it and which variant of Win32.Poison. Maybe it only was a downloaded file, that was detected, and it had never been run in the computer (hasn't changed anything else in the computer). In this case it is only to remove the downloaded file and everything continues to be fine with the computer.

 

If the computer was infected with the variant of Win32.Poison, that is described on http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fPoison it is rather easy to get rid of it. Remove the registry entry and the file, and the infection is gone.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0