I downloaded Ad-Aware from the lavasoft's own site tonight and then updated it before running it. The link I used was (I think) the first in Lavasoft's list which took me to a further page that showed two other links, the first of which was dead. So the actual download came from the second link there

During the scan it found the following file in the following location.

Trojan Backdoor.motivftp.b

and the location was/is in Program Files\Adaware\Cache\Setup.exe.

AVG (Freeware) put up a warning giving the above file and location and saying to run AVG scan. When I did so it found nothing. I also ran a couple of trojan scanners and they came up empty as well. AVG is upto date with laest update (earlier today) as is my trojan scanners

When I tried to find the Ad-aware cache folder, the only time the folder was viewable was whilst running a scan but the folder would not open to enable me to see into it.

When I re-ran Ad-Aware it was found yet again. (I have retained the quaranteened file in Ad-Aware - 4 of them from four scans)

To get rid of it I went (had to go) into the registry and deleted the specified file entry there HK_Classes_Root:\shell\open\command (this is the folder I deleted form there (again retained for the moment) after doing that Ad-Aware found nothing.

How can I be certain that I am clean (or if there was an actual torjan installed with/by Ad-aware) when nothing except for Ad-aware showed this trojan?

I have blocked everything in ZA and set it to flag up any outgoing attempts. the only thing allowed to pass through is Opera.
I will notify Lavasoft in the morning as it is now 2am

http://forums.tomcoyote.org/index.php?showtopic=599

MJC
Thanks for the reply.

It looks like I had already done as suggested in your link.

Do you think I should send the file to AVG as it was not found by the anti-virus prog during my usual daily system scan?

MJC
Do you know of any other name that this virus goes under other than Backdoor.Motivftp.b as I can find no reference to this in symantics site.

Nothing in symantec by that name.Try google, got a few hits in google for 'Motivftp'.

Have now solved the problem. I have taken A-Aw off of my comp.

This was a false positive from A-Aw. This was confimed in the A2 forum. I do not know if A-Aw or AVG is resposible for this, but A-Aw is the only program to show infestation.

A total of about 11-12 A-virus and Anti trojan (installed, online and DOS boot) programs came up clean. Only program showing evidence of infestation was A-Aw. Have removed this for safety's sake. If it continued to throw up a warning in the future (as it was prior to un-installing it last night) I might ignore it when in fact there was something.

I sent a mail to A-Aw a few days ago but recieved no response. As far as their forum goes I AM infected. I think I will believe the other 11-12 programs instead of just A-Aw.

Ps. does anyone have an older version of A-Aw that I can try out to see if this would also throw up a warning?