peterdevlin
May 5th, 2009, 12:26 PM
I'm a new NOD32 Business user (60 seats) and I've just found an AV issue within a few hours of installing. The problem is summarised below:
{QUOTE-> Column Name Value
Column Name Value
Threat Id Threat 14
Client Name Custard
Computer Name Custard
MAC Address 001143d2b176
Primary Server Dangermouse
Date Received 2009-05-05 15:31:08
Date Occurred 2009-05-05 15:26:18
Level Critical Warning
Scanner Real-time file system protection
Object file
Name C:\windows\system32\user32.dll
Threat Win32/Pinit virus
Action
User NT AUTHORITY\SYSTEM
Information Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
Details Ready
<-QUOTE}
I have made multiple scan and remove attempts with NOD32 and even MalwareBytes' Anti Malware. No luck removing (and the latter won't even detect it). It appears as though NOD32 cannot deal with this file.
As this is a live production server I have limited options for taking the server down.
Could this be a false positive? Any recommendations as to next steps?
{QUOTE-> Column Name Value
Column Name Value
Threat Id Threat 14
Client Name Custard
Computer Name Custard
MAC Address 001143d2b176
Primary Server Dangermouse
Date Received 2009-05-05 15:31:08
Date Occurred 2009-05-05 15:26:18
Level Critical Warning
Scanner Real-time file system protection
Object file
Name C:\windows\system32\user32.dll
Threat Win32/Pinit virus
Action
User NT AUTHORITY\SYSTEM
Information Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
Details Ready
<-QUOTE}
I have made multiple scan and remove attempts with NOD32 and even MalwareBytes' Anti Malware. No luck removing (and the latter won't even detect it). It appears as though NOD32 cannot deal with this file.
As this is a live production server I have limited options for taking the server down.
Could this be a false positive? Any recommendations as to next steps?