Author Topic: AOL MiniBug Transport  (Read 2461 times)

0 Members and 1 Guest are viewing this topic.

Offline Chim

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1151
AOL MiniBug Transport
« on: June 16, 2008, 04:40:03 AM »
I just finished doing a quick Manual Scan of only all my AOL Folders so as to get quickly to the 2 AIM Files of which I spoke in another thread.  These 2 AIM Files are the ONLY Malware that avast! has ever tagged in my computer since I've had avast! since last October.  However, avast! ALWAYS tags these 2 same AIM Files as Infected ... even after I have done immediate Manual Scans straight off of Total Windows Reinstalls on my computer.

Here is what avast! found a while ago in that Manual Scan:

C:\AOL Instant Messenger\AIM.exe\%MAINDIR%\MiniBug Transport
Win:32: Adware-gen [Adw]

As usual, as avast! always finds ... there were 2 of the above found.
The difference between the two is that at the end ...
One says --- [Embedded #13b50]
And the other says --- Wise0008.bin

The Virus Database Update is:  080615-0
avast! 4.8.1201 Home Edition

IMO, these 2 alleged AIM "Infected Files" cannot per se be Infected since they come straight off of my 2004 AOL 9.0 Security Edition Installation CD.  Of course, I guess there's nothing to prevent them from already being "Adware-gen" starting off from when they're in the CD ... right?

Dell Optiplex 780 / Core 2 Duo E8400 3.00 GHz / 4 Gig RAM / Windows XP Pro 32-Bit SP3 / Panda Dome  Free 18.07.00 / MBAM / SAS / NetZero Dial Up / Maxthon MX5 5.2.5.4000

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: AOL MiniBug Transport
« Reply #1 on: June 16, 2008, 08:36:31 AM »
Hi Chim,

How to deal with false positives: [Mini Sticky] False Positives
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Chim

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1151
Re: AOL MiniBug Transport
« Reply #2 on: June 17, 2008, 12:34:40 AM »
Hi Chim,

How to deal with false positives: [Mini Sticky] False Positives

Thanks for that, Frank.  There are however, 2 problems I'm encountering.  One of those 2 AIM Files, I can't even successfully move to the Virus Chest.  Only the smaller File.  The larger File, I thought maybe if I increased the size Setting for File to be moved or whatever that Setting is ... that I'd be able to move it to the Virus Chest.  But, still no dice.  The other problem is that with the long File Path, I don't believe the - C:\AOL Instant Messenger\AIM.exe\%MAINDIR%\MiniBug Transport --- that I previously mentioned, is the entire File Path.  Both in the Manual Scan Virus Alert Window and the subsequent Scan Results Little Spreadsheet thing, they seem to chop off part of the File Path.  Yesterday I did a Windows Search for that AIM File in question above and found nothing.

So, considering that I really don't know the entire File Path for the 2 alleged Infected AIM Files tagged by avast! ... AND that one of them cannot even be moved to the Virus Chest ... how do I go about FINDING the entire File Paths for these 2 AIM Files so as to check them out at VirusTotal and VirusScan Jotti?

BTW, when y'all mention zipping Suspect Files and sending them to avast!, what utility are you using to zip the Files with?  I used the WinZip Trial version years ago, which I obviously don't even have right now.  Can't the Suspect Files be sent to avast! from WITHIN the Virus Chest without any need to zip or password protect, Etc.?  If that's the case, I can at least move the ONE Suspect AIM File to the Virus Chest that does allow itself to be moved and send that ONE File to avast.
Dell Optiplex 780 / Core 2 Duo E8400 3.00 GHz / 4 Gig RAM / Windows XP Pro 32-Bit SP3 / Panda Dome  Free 18.07.00 / MBAM / SAS / NetZero Dial Up / Maxthon MX5 5.2.5.4000

Offline Chim

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1151
Re: AOL MiniBug Transport
« Reply #3 on: June 17, 2008, 06:07:49 AM »
Hi Chim,

How to deal with false positives: [Mini Sticky] False Positives

I finally found where those elusive 2 AIM Files were.  I wasn't thinking yesterday.  Hello!!!!  They're in the Instant Messenger Folder.   ;D  True, they're NOT out in the open.  There's only ONE File in that Folder ... the AIM Application File.  So, the 2 alleged Infected Files as per avast! are obviously embedded in that one AIM Application File.  I scanned that 1 File with avast! and Yep!  It had the 2 AIM Files in there.

I then started up VirusTotal on AOL.  About 3 minutes into the upload process, the Window blanks out!  Grrrrrrrrrrr!   >:(  Abort!  I had to start over.  I decided to this time use my New Faster Opera 9.50 to which I barely upgraded this morning.  No more blanking out.  But ... when the upload process got to the very end ... just when I was expecting the scanning and verdict to take place, I get this on my screen:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request POST /vt/en/recepcion.

Reason: Error reading from remote server


Talk about infuriating!!!!   >:(   About 1 Hour and 7 Minutes WASTED!

Any ideas?  Was some Setting set improperly on my Opera 9.50?
Dell Optiplex 780 / Core 2 Duo E8400 3.00 GHz / 4 Gig RAM / Windows XP Pro 32-Bit SP3 / Panda Dome  Free 18.07.00 / MBAM / SAS / NetZero Dial Up / Maxthon MX5 5.2.5.4000