PWsteal.Firum trojan.

D

Derek F

Each time I run Ad-aware 6.0, Norton Anti Virus 2003 pops up with a virus
alert for PWsteal.Firum. It says that it unable to repair the file and at
that point Ad-aware stops working. If I disable auto protect ad run Ad-aware
again it finds a few files that I can delete but the Trojan does not seem to
be among them. When I run a virus scan with Norton it does not find the
Trojan. Norton is up to date and their web site shows a date in October when
that Trojan was included in their updates.
What should I do?
Derek.
 
N

null

Each time I run Ad-aware 6.0, Norton Anti Virus 2003 pops up with a virus
alert for PWsteal.Firum. It says that it unable to repair the file and at
that point Ad-aware stops working. If I disable auto protect ad run Ad-aware
again it finds a few files that I can delete but the Trojan does not seem to
be among them. When I run a virus scan with Norton it does not find the
Trojan. Norton is up to date and their web site shows a date in October when
that Trojan was included in their updates.
What should I do?
Derek.
Click to expand...

If you followed the directions here:

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.firum.html

(scanned in Safe mode and deleted the files NAV found, if any) then it
seems NAV is false alarming on some AdAware process in memory. So do
what you did. Leave the the auto protect off when using AdAware. If it
would make you feel better, see my web site for Sysclean and Antidote
av scanners. See if they find anything.


Art
http://www.epix.net/~artnpeg
 
N

Nick FitzGerald

Derek F said:
Each time I run Ad-aware 6.0, Norton Anti Virus 2003 pops up with a virus
alert for PWsteal.Firum. It says that it unable to repair the file and at
that point Ad-aware stops working. If I disable auto protect ad run Ad-aware
again it finds a few files that I can delete but the Trojan does not seem to
be among them. When I run a virus scan with Norton it does not find the
Trojan. Norton is up to date and their web site shows a date in October when
that Trojan was included in their updates.
What should I do?
Click to expand...

You should report the problem to the Ad-aware folk.

The odds are _very high_ that they have a "plain-text signature" problem.
This used to be a bad problem in the AV industry more than a decade ago -- I
guess the "Johnny-cum-lately" anti-adware, anti-spyware, etc folk have a few
lessons they seem to prefer to learn the hard way...
 
D

Derek F

Nick FitzGerald said:
You should report the problem to the Ad-aware folk.

The odds are _very high_ that they have a "plain-text signature" problem.
This used to be a bad problem in the AV industry more than a decade ago -- I
guess the "Johnny-cum-lately" anti-adware, anti-spyware, etc folk have a few
lessons they seem to prefer to learn the hard way...
Click to expand...
I have sent an E-Mail to them but doubtful if I will get a reply.
Derek.
 
D

Derek F

If you followed the directions here:

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.firum.html

(scanned in Safe mode and deleted the files NAV found, if any) then it
seems NAV is false alarming on some AdAware process in memory. So do
what you did. Leave the the auto protect off when using AdAware. If it
would make you feel better, see my web site for Sysclean and Antidote
av scanners. See if they find anything.


Art
http://www.epix.net/~artnpeg
Click to expand...
I scanned in safe mode and it was clear. Right after I ran Ad-aware with
Norton active and again I had the warning for the PWsteal trojan.
Derek.
 
D

Derek F

Nick FitzGerald said:
You should report the problem to the Ad-aware folk.

The odds are _very high_ that they have a "plain-text signature" problem.
This used to be a bad problem in the AV industry more than a decade ago -- I
guess the "Johnny-cum-lately" anti-adware, anti-spyware, etc folk have a few
lessons they seem to prefer to learn the hard way...
Click to expand...
I reported it to Ad-aware and they replied:
Derek.

Hello ,
While performing a scan with Ad-aware, a background antivirus monitor may
issue an alert, stating that a virus has been found in a subfolder of the
Ad-aware folder.



During a scan, Ad-aware will temporarily decompress files to scan their
contents. Some antivirus applications include an option to quarantine
infected files, and when Ad-aware decompresses these quarantined files, the
antivirus background scanner detects the virus moving outside the quarantine
area.



Either remove the quarantined files via your antivirus application, or have
Ad-aware ignore the antivirus program's quarantine folders/files during a
scan.



Official Lavasoft Support Forums:
http://www.lavasoftsupport.com/

Ad-aware Knowledge base:
http://www.lavahelp.com

With kind regards,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

acl.exe...Trojan? 3
Virus? 1
AVG months behind other anti-virus programs 7
Norton AntiVirus 2004 cannot find Trojan 2
eMachine real slow 4
latest detection rate URL for AV programs? best SECOND malwareengine, stand-alone is? 13
Trojan bifrose removal? 38
MSN My Photos virus 6

Top