spyware.acext

Discussion in 'Trojan Defence Suite' started by infra-greg, Sep 23, 2004.

Thread Status:
Not open for further replies.
  1. infra-greg

    infra-greg Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    6
    hi all

    I did a search on the forums, but nothing came up, so I don't know if I'm the only one experiencing this issue.

    After a full scan with Norton Antivirus it comes up with having found "spyware.acext"

    A few thousand instances of them. Normally I'd hit delete and be done with it. In fact the first time I did I think. Next TDS-3 update was a biiiiiig one, which made me think.

    Lo-and-behold, the "spyware.acext" was in my TDS-3 folder, xdynamic/TDS.unpk

    Basically in this folder i have like 3000 files with names such as a0073361.exe and an example of the Norton message is: The file C:\Program Files\TDS3\xDynamic\TDS.Unpk\a0073361.exe is a Spyware threat

    The Norton website states that "spyware.acext" is a spyware program that contacts a predefined server for tracking purposes and Installs itself to %Windir%\ie_32.exe, by default.

    Thankfully I don't have ie_32.exe anywhere on my system or in my registry but I'm still baffled by it all o_O

    Anyone know what is going on?

    Thanks heaps :)

    I-G
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hiinfra-greg, The TDS-3 folder, xdynamic is where TDS unpacks files for inspection. It is important that your AV resident monitoring is switched off when doing a full TDS3 scan as your AV could block it from doing it's job properly which sounds like this is the case here.
    To be sure disable the resident part of your AV and re-do the TDS scan.

    HTH Pilli
     
  3. infra-greg

    infra-greg Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    6
    Hi Pilli

    Thanks for the response...

    Just to clarify though...its Norton Anitvirus that is picking up the spyware as being in the TDS xdynamic folder...

    Are you saying that TDS is unpacking files into the xdynamic folder for inspection, but might not be able to do it properly due to Norton AV?

    I'm a bit confused o_O Sorry :(

    Howcome Norton is picking up spyware in the folder though? Or is it being mistaken?

    i-g
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes, If Norton is running as TDS3 unpacks for checking Norton jumps in and tries to stop the process as it sees the unpacked malware, just to grab the glory from TDS3's hard work :)
     
  5. infra-greg

    infra-greg Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    6
    hey Pilli

    thanks again...

    just two more questions..sorry

    1. is it safe to delete the files in TDS xdynamic folder? Or at least the ones apparently contain spyware.acetxt?

    2. do the files in my TDS xdynamic folder actually contain spyware.acext?

    is that 2 questions, 2.5 questions or 3? :)
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    The files in the Unpk folder can be deleted if you want, you did submit a copy of one of them to submit@diamondcs.com.au if TDS didn't beep on them, did you?
    Normally TDS deletes them after scanning or after the next scan. You can delete them manually if you like. On my system they're always deleted automatically.
    Remember those are copies of originals elsewhere on your system, so if your other scanner is alarming on them only in that Unpk folder it can mean the original elsewhere on your system no longer excists or the other scanner sees only the unpacked version in the Unpk folder.
    If there are files alarmed on which TDS doesn't, certainly do submit it to be sure.

    Names like a0073361.exe could be copies of the system restore, so it could be your old copies contain the possible infection. This is what i mean with your Norton maybe not alarming on the normal system restore files.
    If the infection is found in the current restore points and only there you'll have to clean them out but first let us know if there are alarms in other places and what they are.
    After your TDS full system scan let us know what TDS found.


    Like Pilli said and we write each time:
    When scanning your system make sure all other scanners are temporary disabled completely including their resident protection, to enable the other scanner to do it's job properly and access all files.
    The only exception is TDS can keep being loaded including it's exec protection hook but don't have TDS in a full system scan while scanning with one of the other scanners at the same moment.
     
  7. infra-greg

    infra-greg Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    6
    cool :)

    thanks for that...much appreciated...

    good to learn new things too...

    till later

    i-g
     
Thread Status:
Not open for further replies.