April 30, 2005

I installed ClamWin, a windows version of ClamAV, which I’ve been using on my mail servers for a while. This brings my system to four spyware scanners, and two av scanners… However, ClamWin also didn’t detect the malware of the moment, so I submitted it to them…

Just got this from the ISC handler:

Blake,

you are right, the package drops two kinds of malware

%SYSTEMROOT%\msv.exe
Kaspersky calls this “not-a-virus.AdWare.WiAD.af“. Other vendors dont
seem to recognize it as malicious

%SYSTEMROOT%\javaiein.exe
This is recognized by several AV vendors as Trojan.Win32.Zapchast,
apparently a password sniffer, even though AV vendor information is
sparse.

I have contacted download.com to make them aware of the problem.

Thanks for your help!
-daniel

I wrote back to thank him for also noticing msv.exe, ’cause I hadn’t seen it, but it is there. I also wanted to make sure that I should consider av vendor notification handled at this point, so I don’t swamp everyone with duplicates.

Leave a Reply