Welcome Guest
« Go to Spyware Terminator Homepage Search | Active Topics | Members | Log In | Register
Trogan Horse - - - JS:ScriptSH-inf [Trj] Options · View
B123
Posted: Monday, May 18, 2009 11:43:42 PM

Rank: Rookie
Groups: Member

Joined: 5/18/2009
Posts: 2
Location: united states
This is where this trogan horse is located, spyware has "removed" it from my computer 3 times... Everytime i run a new scan it pops back up on my computer? Please someone help me remove this. If i were to restore my computer to an earlier time will is rid my compuer of this? Thank you for anyone who can help.
This is where it's located.


C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\clamav-1c59e8bbc0e3be87438a54cad29e8900.00000fb0.clamtmp\daily.ndb
XANA
Posted: Tuesday, May 19, 2009 12:33:38 AM

Rank: General
Groups: Beta, Member, Translator

Joined: 12/1/2006
Posts: 1,654
This is a false positive, as that file is ClamAV's virus database file (where all of it's most recent signatures are).
It will not be removed no matter how many times you try because it will wind up being re-downloaded again, and again.

When you say "Spyware has 'removed' this from my computer 3 times...." do you mean Spyware Terminator?
Are you saying that Spyware Terminator itself is flagging this as a trojan, or is it some other Spyware scanner detecting this?

If I were to hear that Spyware Teminator itself is finding this there, I would be shocked in disbelief, thinking that there is no way this is true.....!

Can you provide a screenshot to show what you keep finding, please?

I will post my email security subscriptions here, but only if they are interesting.
I'm in college now, but I'll try to come around every once in a while.

Dell Inspiron 5720
-Windows 7 Home Premium
-Quad Core 2.50GHz Processors
-8GB RAM
-1TB Harddrive


--My Own Safety Awareness :)
--Comodo Anitvirus
--Spybot SD2
--Comodo Firewall
--Toolwiz TimeFreeze
--Soluto
--Software Informer
--User Account Control
--Firefox / Opera
--University VPN Service
--K9 Web Protection
--SpywareBlaster
--NoAutorun
--TrendMicro RUBotted
--IOBit SmartDefrag2
--TuneUp Utilities 2012
--Trusteer Rapport
--Windows Update (Linked to University Update Server)


Spanish <-> English Translator / BETA Tester / Spanish Forum's Problem Solver (Translating Stopped, Other Tasks Still Ongoing.)
(I used to work with Idd00jea on this; he has been gone for some time now, if there is something you need you can ask me or I can try to get in touch with him).
rajeshontheweb
Posted: Tuesday, May 19, 2009 4:12:09 AM

Rank: General
Groups: Beta, Member, Threat Analyzer

Joined: 3/17/2007
Posts: 3,218
Location: Qatar
its avast i would think...

looks like it may not get solved so quickly ...   unless clamav acts on it???

http://forum.avast.com/index.php?PHPSESSID=0bcc56ea5b8f8d923fd932e0265af784&topic=45231.0


Secret of success: Accepting failure, but as the next ladder step towards your goal.

I have opened up a forum for general software issues Visit my forums
Kyuzo
Posted: Tuesday, May 19, 2009 12:47:11 PM

Rank: Corporal
Groups: Member

Joined: 10/2/2008
Posts: 22
Location: US
I had this exact same problem and contacted Avast's forum in hope of aid. Unfortunately, Avast's forum was unable to help. My reports to Avast concerning the false positive also didn't seem to help, either. Apparently, after last week's Spyware Terminator's ClamAV update, this script signature began triggering Avast's warnings. In frustration I temporarily removed Spyware Terminator after nearly 5 year's flawless service.  Unless the false positives are resolved I suppose the best plan is to use ST without the ClamAV component. I am currently mulling over re-installing ST without the Clam.

Hope this helps in any small way, Kyuzo.
B123
Posted: Tuesday, May 19, 2009 6:04:27 PM

Rank: Rookie
Groups: Member

Joined: 5/18/2009
Posts: 2
Location: united states
IT IS AVAST TELLING ME I HAVE A TROGAN IN MY PC, HOW DO I GIVE YOU A SCREEN SHOT? I THOUGHT IS WAS SPYWARE TELLING ME BUT WHEN I START THE SPYWARE SCAN IT'S AVAST TELLING ME THE TROGAN IS PRESENT. IT DOES SAY IT DELETING IT. BUT WHEN I RUN AN AVAST SCAN IT'S DEOSN;T DETECT IT DURING A SCAN. IT WEIRD I HAVE NEVER SEEN SOMETHING LIKE THIS BEFORE. AND NOT BE ABLE TO GET RID OF THE PROBLEM.
Kyuzo
Posted: Tuesday, May 19, 2009 7:07:59 PM

Rank: Corporal
Groups: Member

Joined: 10/2/2008
Posts: 22
Location: US
B123:

From what I gathered at the Avast forum, ClamAV apparently updated its signatures which ClamAV uses to detect viruses, trojans, and other malware.  Your and my Avast program "unpacks" or reads the Temp folder where these signatures are being stored. Avast apparently "thinks" the folder is corrupted because it has a sample of the script JS:ScriptSH-inf[Trj]. For some reason Avast seems to see this signature more than the others.

When I tried to delete or quarantine the "infected" file, another would appear. I don't know exactly why this happens. In the forum link which rajeshontheweb provided, a member of the Avast team seems to be saying the problem is Clam's fault because the folder where they store their signatures is not properly safeguarded to prevent Avast reading it and thinking there is actually a Trojan. I can tell you that when I posted about this issue on the Avast site, there was also a fellow having the same problem with Spybot Search and Destroy and another fellow with some other software.

In all the years I've used Avast and Spyware Terminator, this is the first time this has happened. You might also try posting on Avast's support forum, though they were no help to me at all. I've had much better luck here. Their general suggestion is to remove the ClamAV from Spyware Terminator, though I can't say whether that's the best route to go.

Good Luck, Kyuzo
rajeshontheweb
Posted: Wednesday, May 20, 2009 1:58:24 AM

Rank: General
Groups: Beta, Member, Threat Analyzer

Joined: 3/17/2007
Posts: 3,218
Location: Qatar
Quote:
their general suggestion is to remove the ClamAV from Spyware Terminator
i beg to differ.

THIS SHOULD NOT AFFECT WINCLAMAVSHIELD. i have not seen an ndb file created by ST? can devs confirm this?

i am very sure about this because: winclamavshield does not support incremental updates. these extraction of database, stuff happens only with direct clamav products like clamav for windows or clamwin .

as our product does not support incremental updates, this doesnt apply to us.

and  another thing,
Quote:
  Your and my Avast program "unpacks"
its not avast that unpacks, its just reading the data unpacked by clamav interface. which is detected as malicious because it contains unencrypted data , this is where clamav is being accused. from what i understand, avast team is saying that clamav's unencrypted Databse information which contains virus signature information is visible to antivirus vendors which might easily detect it as a virus itself!

Secret of success: Accepting failure, but as the next ladder step towards your goal.

I have opened up a forum for general software issues Visit my forums
Kyuzo
Posted: Wednesday, May 20, 2009 5:33:00 AM

Rank: Corporal
Groups: Member

Joined: 10/2/2008
Posts: 22
Location: US
Perhaps my terminology is incorrect as I am a general computer user and not a technophile, but it is based upon the information which I gathered (perhaps erroneously) from my time at the Avast forum. Which program unpacked what information was of little concern to me at the time, only that my Avast stop sending alarms at start-up. To be frank, I saw the whole thing as more of an Avast problem being that Avast was also flagging the same script signature in two other programs, including Spybot S&D.  My thread on the problem and the other fellow's all basically got little attention at the Avast forum and basically faded down the line.

In my case, after Last Monday's ST/ClamAV  update, my Avast would set off an alarm as soon as Spyware Terminator started up. I hated to remove ST, but it was the best short-term solution.

 Unfortunately there seems to be little consensus as to how to rectify the problem. I was hoping repeated submissions of the false positive would annoy someone into action, but apparently not. :(
Mimo
Posted: Wednesday, May 20, 2009 7:32:28 AM

Rank: Administration
Groups: Administration

Joined: 3/13/2007
Posts: 1,032
Location: Czech Republic
This file seems to be used in ClamAV integration to ST, so possible solution is to remove ClamAV from Spyware Terminator, till it will be solved by avast or clamav.
Kyuzo
Posted: Wednesday, May 20, 2009 8:34:03 AM

Rank: Corporal
Groups: Member

Joined: 10/2/2008
Posts: 22
Location: US
Thank you, Mimo. Temporary or permanent removal of the ClamAV section was what had been recommended to me on another security forum. I've used ST/ClamAV with Avast for years and never had conflict issues until now. Odd.

Perhaps this stopgap solution may help B123 until Avast and ClamAV reconcile.

Regards, Kyuzo.
rajeshontheweb
Posted: Thursday, May 21, 2009 3:58:18 AM

Rank: General
Groups: Beta, Member, Threat Analyzer

Joined: 3/17/2007
Posts: 3,218
Location: Qatar
sorry, my bad, then Sad
didnt realise that ST also uses the ndb file???

Secret of success: Accepting failure, but as the next ladder step towards your goal.

I have opened up a forum for general software issues Visit my forums
Kyuzo
Posted: Thursday, May 21, 2009 10:06:29 AM

Rank: Corporal
Groups: Member

Joined: 10/2/2008
Posts: 22
Location: US
Mimo:

Thanks for your suggestion. Apparently Avast doesn't have any problem with Spyware Terminator itself, just the ClamAV portion. I re-installed the ST program sans ClamAV and all worked well.  Thanks for your consideration. To be honest, ST feels somewhat crippled without ClamAV, but until Clam and Avast reconcile I suppose it will have to do.

Maybe B123 will also find this helpful. Thanks again!

Kyuzo.
Users browsing this topic
Guest

Forum Jump

Main Forum Rss Feed : RSS

Powered by Yet Another Forum.net version 1.0.0 - 2/22/2006
Copyright © 2014 Yet Another Forum.net. All rights reserved.
This page was generated in 0.311 seconds.