PDA

View Full Version : False Positive or Real Trojan

TheKid7
October 8th, 2007, 11:32 PM
I clicked on a link this morning and NOD32 said that there was a Trojan injection attempt and that it was successfully stopped. I downloaded and installed McAfee Site Advisor (Free Edition) and Site Advisor says that the site is safe. I am thinking that Site Advisor may not have up-to-date information on that website.

Yahoo Search Results (Item No. 1 was the link that I clicked on.):

~Link removed~

I am too concerned to try clicking on the link on my PC that has McAfee Virus Scan Enterprise 8.0 on it to test it out again. Does anyone have any comment/opinion on whether or not this was a real Trojan injection attempt.

Thank you.

NOD32 Threat LOG:

Time Module Object Name Threat Action User Information
10/8/2007 6:33:46 AM IMON archive a variant of Java/ClassLoader trojan Connection
10/8/2007 6:33:43 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:42 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:41 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:40 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:39 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:38 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:38 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:37 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:36 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:35 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:34 AM IMON file probably a variant of Win32/Statik trojan
10/8/2007 6:33:33 AM IMON file [ probably a variant of Win32/Statik trojan

Links removed. No links to possible malware in the forums. - Ron
HURST
October 9th, 2007, 12:03 AM
Followed the link and NoScript blocked the site. I guess if NOD32 and NoScript blocked access to the site it may be a real threat.
lucas1985
October 9th, 2007, 02:21 PM
That IP belongs to an ISP known to host malware. I'd check that your system is clean.
webyourbusiness
October 9th, 2007, 02:42 PM
disable the links please - links to suspected malware are NOT allowed in the forum.
ronjor
October 9th, 2007, 02:59 PM
TheKid7,

No links to possibly shady sites please. Submit the files to Eset for examination.