Starting with the latest update of the software and data file (080727-0) I’m getting an error every time I run Aol 8.0a I get this error:
A Virus Was Found
File name: c:/program file/america online 8.0a/AdminChk1.exe
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
If I delete it or Move to chest, the problem isn’t fixed. It happens every time I run AOL or minimize certain windows within AOL.
I can’t find anything about this virus anywhere. A Google search turns up nothing under that name. If it’s a virus, Avast can find it but not permanently fix it. How do I go about fixing this problem?
I am having the same exact problem, it started last night.
I downloaded the latest Avast! updates, scanned all files, rebooted, and the problem still occurs. Every time I try to sign into AOL, I get the Avast! security screen, and I move the offending item to the chest. Once I sign in to AOL again, it shows up. I am able to go into AOL via Windows Explorer, without the issue.
Any help you can offer is much appreciated. Thanks!
I am having the same experience on 2 computers. I also thought it was a FP, but it really acts like malware, keeps coming back. I have uninstalled and reinstalled AOL 8.0 (including a clean uninstall) and have scanned before and after launching AOL. AdminChk1.exe is not there before I launch AOL. After I launch, it shows up, if I try to rename it, I get the warning again, associated with the new name file. Does not matter what the extension is, either. I found it hiding in a restore-point file, but since there is no DOS Kernel in XP, I don’t know how to delete that restore point, or rename ot or whatever. I think that is a unwelcome copy, and not the source of the Trojan. I think it is lurking in some other file, and I have no clue how to trace it back there.
Also, following up on the links about FP, I did send this to Avast and also checked it on the other sites: Antivir, GData, Panda, and Webwasher-Gateway all think its a virus, or something bad on Virustotal.com. On the other site it was only Avast, Antivir and F-Secure that thought it was suspicious, and that site rated these programs as prone to False Positives. Kaspersky doesn’t think its a virus.
Acts bad, IMO, you should be able to shitcan it without having it come back.
The indicated file AdminChk1.exe is an AOL file required by the AOL 8 browser (not in 9 or 9VR, as far as I know), to enable the browser to perform it’s actions.
You cannot delete it, as it is a self-rebuilding file. So it may be a case of waiting until Avast sort out the problem at next update.
I personally just click the ‘Take No Action’, as it it the ‘Resident Protection’ which is showing the indication of a Trojan and adding the item to the ‘Exclude’ list only stops it being picked up in an actual manual scan.
I have also noted some slowing of the computer and freezing in AOL 8 browser (no effect on AOL 9VR or IE), when an action is selected. These seen happenings in AOL 8 browser, do look very much like a real Trojan effect, so I will accept if I get told my post here is totally incorrect.
You should confirm the detection before taking any action.
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
The Take No Action as suggested above won’t work as all that means is don’t delete it or take any of the listed actions, but avast won’t let what it considers an infected file ‘run’ it will always stop it from running, no matter how many times you click No Action. So that I guess would still stop the AOHell browser running ???
Looks like Avast decided this wasn’t a virus after all. As of today (jul-29-08) it’s no longer flagged as a virus.
I looked at the data within the file, and I believe that adminchk1.exe is part of the ‘spyzapper’ function in AOL 8.0. It’s a temp file built by AOL while looking for malware itself, which is what I think fooled Avast.
Sorry. I did not explain myself well in my post, did I.
As the mentioned file rebuilds itself to carry out it’s AOL function, while running. If you try to delete or anything else, the file rebuilds and is reported by the Avast pop-up message again and again.
By choosing the ‘Take No Action’ option, it just stopped the constant repeat indications or seemed to, because SpyZapper would itself run and check anything opening in the AOL 8 browser.
I do lots of help on the AOL message boards, name ‘SpidersWebHelp’, but must say my first post on this forum seems to have failed for good content and helpfulness.
Still. Good work by Avast has resolved the problem within a day, so I have no complaint with that. As I said in one of my AOL board posts, any service can have a problem update. You know of AOHell, by the use of the word, we are still waiting for AOL problems to be resolved for cgi-bin functions nine months later.
Any executable is intercepted by avast and first scanned to ensure it is clean, if it is it is allowed to run, if not it is blocked and avast pops-up the alert, choosing no actions doesn’t release the block, it just doesn’t take any of the actions available in the alert, but leaves the file in place (but still blocked). I hope this explains exactly what avast does relating to on-access detections.
I simply can’t understand how spyzapper can run it the executable file responsible for running it is detected as infected, avast should effectively intercept any time it attempts to run. So personally I don’t think the spyzapper requires AdminChk1.exe to run or it would be constantly intercepted.
That was exactly what was happening, Avast was continuously intercepting the adminchk1.exe file. In one AOL session Avast would pop up a warning maybe 5 to 10 times. I think it’s unlikely we were ever dealing with a virus. I ran it through Virustotal, and none of the biggies (McAfee, etc.) detected it as a virus. As of this morning on Virustotal Avast doesn’t either.
You’re right though, we’re beating a dead horse, it’s fixed.