I installed ClamWin, a windows version of ClamAV, which I’ve been using on my mail servers for a while. This brings my system to four spyware scanners, and two av scanners… However, ClamWin also didn’t detect the malware of the moment, so I submitted it to them…
Just got this from the ISC handler:
Blake,
you are right, the package drops two kinds of malware
%SYSTEMROOT%\msv.exe
Kaspersky calls this “not-a-virus.AdWare.WiAD.af“. Other vendors dont
seem to recognize it as malicious
%SYSTEMROOT%\javaiein.exe
This is recognized by several AV vendors as Trojan.Win32.Zapchast,
apparently a password sniffer, even though AV vendor information is
sparse.
I have contacted download.com to make them aware of the problem.
Thanks for your help!
-daniel
I wrote back to thank him for also noticing msv.exe, ’cause I hadn’t seen it, but it is there. I also wanted to make sure that I should consider av vendor notification handled at this point, so I don’t swamp everyone with duplicates.