A-squared FP? +Ad-aware update problems!

Discussion in 'other anti-trojan software' started by Captain Caveman, Nov 16, 2005.

Thread Status:
Not open for further replies.
  1. Hi,

    After the latest a-squared update (15-11-1005), the file \WinRAR\Default.SFX is flagged as Trojan-Dropper.Win32.Agent.ig

    Is this a false positive? I've looked on the a-squared message board but there seems to be no info!

    I have also uploaded the file to Jottis online malware scan and the results were possibly infected, however, none of the AV's reported anything.

    Also, i've been trying to update the defs for ad-aware since yesterday but ad-aware keeps saying there's no update!

    So I downloaded the defs.zip file from the lavasoft site and checked the defs.ref md5 checksum with the one listed here by TeMerc http://www.wilderssecurity.com/forumdisplay.php?f=34 (Ad-Aware defs update)
    The md5's of the defs.ref file don't match!!! For anyone who thinks im looking at the defs.zip checksum i'm not.

    So i erased the file and did not update ad-aware with the downloaded file. At least until i know whether the md5 is correct or not. Any help?

    Thanks in advance
  2. Ahem! I meant to post this in the other anti-trojan software section.
    If a moderater could move this thanks ;)
  3. Tom772

    Tom772 Guest

    Hi C,

    As far as i can tell it is a false postive, I updated again today and i still get the same result , infected file; Trojan-Dropper.Win32.Agent.ig. I have scanned at VirusTotal. Ewido and Kaspersky file scanner all clean! One person has posted a question @ Emsisoft, so hopefully they will get a reply soon.


    I have left it for now, Hopefully a FP


  4. [ah]

    [ah] Guest

    Well ... in fact noone can tell you if its a FP or not without the file that was detected. So in fact you will have to wait for an answer until someone sends the file to ah_AT_emsisoft_DOT_com ;).
    Last edited by a moderator: Nov 18, 2005
  5. FanJ

    FanJ Guest

    About the MD5 checksum:

    I'm not sure whether I understand you right (sorry in case I didn't).
    I just downloaded the defs.zip file manually to another directory and unzipped it there.
    Then I let CryptoSuite calculate the MD5 of defs.ref and compared it with the MD5 of defs.ref which I got in my Ad-Aware directory.
    As you can see, both are the same and they match with the one posted by TeMerc.

    I downloaded defs.zip manually from :
  6. Thanks all.

    For a-squared: The FP was fixed with the new update :)

    For ad-aware:

    When i downloaded defs.zip - i used FCIV to calculate the MD5 for the defs.ref file. They did not match Terc's MD5 for the defs.ref file.

    Anyway, its seems irrelevant now, as for some reason my internal updater downloaded the defs file without any problem! This defs file checksum matched Terc's

    So alls well on both fronts!
    Captain Caveman
Thread Status:
Not open for further replies.