Win32:Adware-gen. [Adw] won`t go away

I`m using windows xp home edition. As well as avast home edition 4.6.665 0524-0, Latest updates

Avast detected:

Win32:Adware-gen. [adw]

The file location is:

Win32:Adware-gen. [Adw]" has been found in “C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\radio@uk\radiouk.exe” file.

I have sent it to chest twice but i keep get the avast warning alarm!

I have tried checking the file with jotti`s and i get the following message:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

If you are trying to upload it to Jotti from the chest (files are protected), that could be the reason. If so, move it out to a temporary folder and try again.

You may also need temporarily disable standard/web shield or it may alarm on the activity or ignore the alarm (do this only when you have established a connection with Jotti, enable as soon as the file is uploaded).

I restored the files from the chest, back on to the computer first! I then tried to upload it to jotti.

I suggest testing of firewall block and your browser settings.
Can you try to restore the file to a floppy, disable the Standart Shield and Internet Mail providers and send it from there?

Anyway, the file seems to be infected and handling it could bring trouble.
Better will be a boot-time scanning:
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.

:slight_smile: This sounds like spyware, that may be in your System
Restore !? Have you run any anti-spyware programs, and if
yes, what was the result ? P.S. A google search turned up
a listing of anti-spyware programs .

I managed to save the file on to a floppy disk, i uploaded the file to jotti (results below)

AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

should I still Schedule a boot-time scan?

if so, when avast finds the infected file/files-what option should I choose ie delete, delete all etc?

It is possible that this could be a false positive especially if this is something you have been using for some time.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You don’t have to schedule it… Seems a false positive like David said.
Maybe you can follow his instructions and wait untill next VPS update.
I have my false positives either (http://forum.avast.com/index.php?topic=14299.0) :-\ :cry:

I am having problems creating a password protected zip file:

I am using these instructions:

http://www.dslreports.com/faq/8730

when I “Right click on the file and select “Send To” and “Compressed (zipped) Folder”.

I get a message saying that the specified directory C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0a\radio@uk\radiouk.exe is empty, so compressed (zipped) Folders cannot add it to the archive.

What should I do now? Are there instructions to create a password protected file for winzip?

Edited as Igor’s instructions bellow :-[
In fact, I’ve asked Lukas if I could do that and, at that time, he said there is no problem :-\

e-mail has been sent to avast with the zip file!

Tech, your instructions are rather misleading, I’m afraid.
The e-mail address to use for false positives / viruses is only virus@avast.com.
There’s no point in sending them to Vlk, or even to Rypacek. The FTP is not monitored for uploaded files - it’s used as a backup way of transfter big files, only when specifically requested.

THis is the same problem that I may have however AVast has found a sample in Browserhelper.dll which I cannot delete. I ve everything to delete bowserhelper.dll
The message accsess denied or the disk may be full or write -protected.

I have used Spybot S&D and Ad aware and both have picked up nothing…

RejZoR’s AEC avast! External Control program has a section, ‘Advanced File Remover’ to remove files, try that.

You can also do this in HiJackThis, Config, Misc Tools, Delete a file on reboot…
Program & Tutorial - Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial

Hi Omar,

May I suggest you consider this link: http://www.inet-mates.com/articles/3_rm_adtomi.html If the name adtomi adware rings a bell with you, there is where your Browserhelper.dll came from.

greets,

polonus

I have stil have some problems with this !@@##$$#!^^& thing.

I have deleted it manually several times, but appears to be created on boot… a dynamic file.

Hijack this hangs after a scan and file is selected to delete/fix.

Your suggestions are all appreciated…

the registry shows no write that can be deleted
There must be some that this can be permanently deleted rather than scanning on boot everytime.

Hi dgdavid,

could you please do a scan with HijackThis! and post the log file for us to look at?

In a new thread please.

Instructions here:

http://www.bleepingcomputer.com/forums/tutorial42.html