I have tracked it down and Dave, your assessment seems to be correct for my situation. Ad-aware was scanning an old Palm Attachment folder I had in my profile which stored the attachments of e-mails I had synced with my Palm, including my Bugtraq e-mail which contained Jelmer's zip of this IE exploit. It would appear that Ad-aware stores the file its scanning into the cache folder only fop the time length it takes to scan that file, thus when it read the zip file, Norton AV also scanned the file and found the trojan. Sorry for all the confusion everyone and thanks for the feedback. Matt -----Original Message----- From: Dave [mailto:djm@xxxxxxxxxxxxxx] Sent: June 22, 2004 10:58 AM To: fedhead Subject: Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181 What did the ad-aware LOG say? I am also using ad-aware 6, I have a "Cache" directory while ad-aware is actively scanning my system. When the scan completed, the cache directory disappeared, probably because it had nothing more to do other then remove cookies. My best guess is AW is finding this trojan on your system, isolating it, but not quarantining it. I would suspect that Norton is finding it after its found by AW. This is not a shock, Norton has frequently not found active exploits in the past until another program "reveals" the hidden objects. Switch to Sophos or McAfee, rescan your system to remove the exploit, and run Ad-aware manually to see the logs of whats happening.
