Solved

How to identify the malicious process is running in Ad-Aware Live Icon Notification

Posted on 2012-04-07
11
632 Views
Last Modified: 2012-04-07
We keep getting a message in the Ad-Aware Live! Icon as follows:

Ad-Watch Live!
detected that a malicious process is running and started a scab in background mode. You will be able to clean any infection safely after the scan is finished


I click on it and nothing happens.

Hoe can we identify the malicious process is running?
0
Comment
Question by:rayluvs
11 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37818841
scan system with antispyware like spybot
http://www.safer-networking.org/en/download/

if you want to have better information and know about what process should run and what not then you can use utility

ProcessExplorer and ProcessMonitor
http://technet.microsoft.com/en-us/sysinternals/bb896645
http://technet.microsoft.com/en-us/sysinternals/bb896653

you can also run hijack this and find what all things are starting at startup.
http://sourceforge.net/projects/hjt/
0
 
LVL 9

Expert Comment

by:Ashok Dewan
ID: 37818851
Download this , I hope it will remove that adware

http://www.lavasoft.com/products/ad_aware_free.php
0
 

Author Comment

by:rayluvs
ID: 37818878
We have those apps, but we haven't been able to identify the malicious process that is running.  That is why placed the question.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37818900
You can try different Antivirus and Antispyware if you are not able to recognize which application or process is malicious or not.
0
 

Author Comment

by:rayluvs
ID: 37818906
We have AVG, Spy-Bot, Spywareguard, Spyware Blaster and Comodo installed.

We would like to know what exact process the Ad-Aware is saying is malicious.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37818909
Can you check in the logs of Ad-aware what process it found and what it has done to it.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37818911
logs will be somewhere in
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs

or in program files installation folder.
0
 

Author Comment

by:rayluvs
ID: 37818931
We have Windows 7.  What would be the folder (we are looking for that)
0
 
LVL 17

Accepted Solution

by:
Anuroopsundd earned 500 total points
ID: 37818937
0
 
LVL 38

Expert Comment

by:younghv
ID: 37818943
I suggest that you use one of the 'rogue process stoppers' before attempting any other actions.
If this is NOT some kind of false positive, it is doubtful that of the applications you listed are going to be able to handle the problem.

Is the "Comodo" you're running the AV or the Firewall?
If the AV, it may possibly conflict with your AVG.
If the firewall, it may possibly/probably conflict with your basic OS/network connectivity.

Read the details in these EE Articles and start your entire trouble-shooting process over. Post the logs that are generated by the names tools/scanners:
Rogue-Killer-What-a-great-name
Stop-the-Bleeding-First-Aid-for-Malware

You can substitute RogueKiller with TheKiller (more auto-fix functions than RK):

Download TheKiller to your Desktop
http://maliprog.geekstogo.com/explorer.exe

Note that TheKiller is renamed as explorer.exe
Run it by double click
Press OK button after program finish
Do not restart your system after this step, but immediately run the other tools/scanners.
0
 

Author Closing Comment

by:rayluvs
ID: 37819234
Thanx Lots!  We followed the links we have identify where the log is and was able to determine if  malicious or not.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question