I have downloaded one aplication on my desktop computer were i have installed KIS 0.7. In fase of download KIS stopped the download because the file was infected with Ardamax Trojan.

On my laptop , were i have installed ESS , i tryed to download the same file , and ESS had non see anything.. I have send the infected file to virustotal and Jotty to analyse ,, there is the photo in att.

I runned the infected file, and ESS >nothing.???

In HJT log i found and clean a lot of infected temp files......

I feel disappointed.....:'(

Edit: Screenshot removed per the forum policy

Again, it's mostly an installer with encrypted files attached. It's very likely that the keylogger itself would be detected upon extraction when the files are decrypted.

-{ Quote: "Again, it's mostly an installer with encrypted files attached. It's very likely that the keylogger itself would be detected upon extraction when the files are decrypted." }-

Noup... i have installed the program,, nothing detected.

edit : sorry, now the infected files are detected......,, but is to late > i'm allready infected.....maad

-{ Quote: "I have downloaded one aplication on my desktop" }-Was that "aplication" the Ardamax Keylogger program (http://www.ardamax.com/) ?

Yap....

-{ Quote: "Noup... i have installed the program,, nothing detected.

edit : sorry, now the infected files are detected......,, but is to late > i'm allready infected.....maad" }-


Pictures say it all

http://www.ardamax.com/downloads/setup_akl.exe a variant of Win32/KeyLogger.Ardamax application connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Opera\Opera.exe.

-{ Quote: "but is to late > i'm allready infected.....maad" }-Is it now "detected" because you re-adjusted your settings to monitor Potentially unsafe applications, which is enabled by default ?

Is not that program , I have downloaded "Fraps" from Rapidshare. I'm not sure that i can post the link??? Rules.....maybe in private??

We can see the "thing" is detect . Boot in Safe Mode and run a scan (Start -> Program -> ESET -> ESET Smart Security) . Confirm with YES and the ESET Command line scanner will start scanning and cleaning

However , if you suspect something is undetected or there is a problem in its cleaning , send information to ESET ThreatLab -> samples@eset.com .

Can't boot in safe modeXP, because i have Dualboot with Vista ,and there is no options to enter in XP safe mod,, only Vista safe mod on which i have AVG free installed...

You can boot in XP Safe Mode:

1st way:
Just after you choose your OS (a.k.a. Microsoft Windows XP) , start pressing multiple times F8 , which will lead you to the Advanced menu where you can choose to enter Safe Mode . The fact you have mode than one OS installed doesn't really matter

2nd way:
Open Start -> Run -> type msconfig , press ENTER . In the "boot" tab , check "Safe boot" (you can change other options , too) , confirm the changes and restart . This way you'll enter Safe Mode . In order to start in Normal mode again , you must uncheck the "Safe boot" in msconfig.


Another way to clean the XP partition is to enter Windows Vista and run ESET Online scanner from www.eset.com/onlinescan
Make sure to first run IE7 as administrator