Just got this pop-up from NOD a few minutes ago while running an AA scan (which came out clean, BTW).

Perhaps someone can clue me in to what it actually means?

{QUOTE-> Just got this pop-up from NOD a few minutes ago while running an AA scan (which came out clean, BTW).

Perhaps someone can clue me in to what it actually means? <-QUOTE}


Hello Pete

I dug around and found this.

It could be a false positive as you know.

On my machine, I would rename that file.


This VBScript trojan simply alters the default start up page that Internet Explorer uses. Running this script results in the creation of an HTML application being created in the WINDOWS STARTUP folder. This .HTA file alters the following registry key to change the default start page that IE uses:
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page

This trojan exists as VBScript code contained in a .VBS, .VBE, or .HTA file

Okay. Thanks for the info. I'm just going to let it ride for the moment (running other scans). Pete

mitch from the AA forum was nice enough to point me to this thread:
http://www.lavasoftsupport.com/index.php?showtopic=14501 which somewhat explains what I'm seeing - I still don't understand why it just now has started happening, unless it's a heuristics issue with NOD, or a FP by NOD due to a recent update. Pete

{QUOTE-> mitch from the AA forum was nice enough to point me to this thread:
http://www.lavasoftsupport.com/index.php?showtopic=14501 which somewhat explains what I'm seeing - I still don't understand why it just now has started happening, unless it's a heuristics issue with NOD, or a FP by NOD due to a recent update. Pete <-QUOTE}


Pete

I also have NOD32 and Ad-aware and haven't had this warning. I don't run Ad-aware real time however. I just use it to scan at times.

Good info.

Okay, I was able to reproduce the whole thing again this morning with another AA scan and I found that the "dummy" referred to in the result ("hit" from NOD) was simply something hinky in my Java temp folder.

(Apparently, AA reads inside that and NOD doesn't unless AA opens it for AMON to scan).

I cleaned out all the Java cache stuff, re-ran AA and did not get any more alerts from NOD.

Good enough. Pete

i get that msg as well...but i dont get the option to delete the file...maybe i gotta change my settings?

Hi veles, welcome to Wilders.{QUOTE-> i get that msg as well...but i dont get the option to delete the file...maybe i gotta change my settings? <-QUOTE}There is a thread here (http://www.wilderssecurity.com/showthread.php?t=37509) on tweaking Nod32.

Hope this helps...

Cheers ;D