I recently updated Ad-aware SE to the latest version, downloaded the latest file definitions, and ran a full system scan as per LavaSoft's advice. About half way through the scan, the AMON module of NOD32 reports that Ad-aware is trying to load a dummy trojan, and quarantines the file. (details below)
This happens each and every time I run Ad-aware. I have turned off heuristics in NOD32 to check in case it was a false positive, with no change.
I have also submitted this enquiry to Lavasoft. Has anyone experienced anything similar?

OzBoz

Time Module Object Name Threat Action User Information
26/01/2006 11:08:18 AM AMON file C:\DOCUME~1\BRIANB~1\LOCALS~1\Temp\AAWTMP\C8981921\20D5C8\Dummy.class Java/Dummy trojan quarantined - deleted 5JYNC1S\Brian Bosley Event occurred on a new file created by the application: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.

never heard a AV have so muxh fale positive like nod32.
Hope they will fix it.

Very constructive post, Axel :-X

Well ... about the threat detected by Nod32, when you perform a scan with Adaware, it use temporary files to extract some archives it scans, and then in those files extracted, Nod32 (AMON) will catch something.
Nod32 say it is Adaware which create the file because it is Adaware which perform a full scan of your sytem.
Hope it makes sense ...

{QUOTE-> never heard a AV have so muxh fale positive like nod32.
Hope they will fix it. <-QUOTE}

What false positives are you talking about?

I have used NOD32 on 2 machines for the last 2 1/2 years and am yet to see this happen.
I also run Ad Aware SE,have the latest version and latest definitions,again on 2 machines and without any false positives.
-------------------------------------------------

OzBoz, can you send the quarantined files to Eset and ask their opinion?

{QUOTE-> What false positives are you talking about?

I have used NOD32 on 2 machines for the last 2 1/2 years and am yet to see this happen.
I also run Ad Aware SE,have the latest version and latest definitions,again on 2 machines and without any false positives.
-------------------------------------- <-QUOTE}

Yeah no kidding. We have thousands of installs out there (many many Enterprise Edition networks)...the ONLY time I've seen it hiccup on a legit file was with Webroots SpySweeper...and that was only during a couple of weeks and fixed quickly with an update.

Zashita, thank you for the explanation. The quarantine entry now makes sense. I take it that I am still secure, and there has been no compromise. But did NOD allow Ad-aware to do it's job properly, and not just quarantine something I need? I am still unfamiliar with the expression "dummy" when applied to trojans. The next question is, How do I prevent this happening every time I use Ad-aware? Will I have to disable NOD each time?

Upasaka, thanks for your response. I have emailed eset with a copy of the file quarantine attached, but I thought maybe someone here had come across the problem before, and I could maybe get a quick answer.

Cheers

OzBoz

It is not a FP but a legitimate detection of an exploit in the java VM that can potentially infect the machine
the file that was deleted was a copy of a java applet not teh original applet

do this
Removing Java trojans That your antivirus has found
If you still are using JAVA 1.4 or earlier
open control panel, select java plug in control panel, select cache and then press clear cache

That gets rid of the trojans
If you are using 1.5 version it's slightly different so read here

http://www.java.com/en/download/help/5000020300.xml

Then if you haven't got the latest version of JAVA
go to www.java.com & download the latest version of java 1.5.0.6

install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java

{QUOTE-> never heard a AV have so muxh fale positive like nod32.
Hope they will fix it. <-QUOTE}

I don't think NOD gets a lot of false positives. But even if it did, wouldn't you rather err on the side of caution? I would much rather flag something as a virus that is not then not flag something as a virus that is.

{QUOTE-> It is not a FP but a legitimate detection of an exploit in the java VM that can potentially infect the machine
the file that was deleted was a copy of a java applet not teh original applet

do this
Removing Java trojans That your antivirus has found
If you still are using JAVA 1.4 or earlier
open control panel, select java plug in control panel, select cache and then press clear cache

That gets rid of the trojans
If you are using 1.5 version it's slightly different so read here

http://www.java.com/en/download/help/5000020300.xml

Then if you haven't got the latest version of JAVA
go to www.java.com & download the latest version of java 1.5.0.6

install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java <-QUOTE}



Thank you for that information,very helpful,something else learnt!

{QUOTE-> wouldn't you rather err on the side of caution? I would much rather flag something as a virus that is not then not flag something as a virus that is. <-QUOTE}
well no thanks, because if it is a very important -program or file that i really need it to be installed, and nod32 shows its a virus, but its a false positive, then i dont know what to do, because i can not wait one minut and think i will send it to them and it can take weeks.
And dont say that nod32 dont show's false positive, just take a look at the nod32 topic's in this forum only, and you will see...

{QUOTE-> well no thanks, because if it is a very important -program or file that i really need it to be installed, and nod32 shows its a virus, but its a false positive, then i dont know what to do, because i can not wait one minut and think i will send it to them and it can take weeks.
And dont say that nod32 dont show's false positive, just take a look at the nod32 topic's in this forum only, and you will see... <-QUOTE}

I can only speak from my experience. I haven't had a single false positive. I see that others have. But what is to say that they wouldn't have the same false positive with other AV products?

But the solution is very easy. If you aren't pleased with NOD, then switch to an AV that does please you. I have had Norton, PC Cillin, and NOD32. Of those 3, I am most pleased with NOD.

Never seen a false positive with NOD32 since I've been using it.

I think whoever this is that calls himself axel, Notti or whatever name that comes into his mind is nothing but a troll and has been trolling this forum for quite some time.

I see this type of thing at several forums, security forums are plagued by people that have nothing better to do than spread FUD.

{QUOTE-> Event occurred on a new file created by the application: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window. <-QUOTE}

This is NOT a false positive. The file is indeed malware.

There's no room for trolling here, please stop this or the thread will be closed.

False positives have always been remedied quickly, usually with the next update after they'd been reported. And frankly, the number was really not that large. I'd say not more than 4-5 per week.

{QUOTE-> and this is also what i am talking about, everytime we speak about nod32- false positive, the nod32-fan's must start a discussion about other AV's, so "Pathetic"
This is a nod32 forum and not a Pc cillin...
And to answer your question, how do you know that Nod32 dont show's so many false positive then other AV's. We all know Nod32 is a very good AV's against other's but we also know nod32 shows mostelly false positive against other AV's!!!!!!!!!.
Byeee!. <-QUOTE}

I don't really understand your comment. My main point is that there really is no reason to complain. Why not just let your actions speak for themselves?

If you are happy with NOD32, stick with it. If you aren't happy with NOD32, then find an AV that makes you happy. I simply don't see the purpose of complaining about it.

Best not to feed the trolls. Simply ignore them. This is a support forum, not an opinion forum.

{QUOTE-> I guess more rules will be applied as the forum grows and I and the other moderators learn what rules are needed, but at this time I have only one ... "Don't use the forum to trash other antivirus products." <-QUOTE}

http://www.wilderssecurity.com/showthread.php?t=4383