I've received two warnings by NOD32 that a trojan (Trojan Dropper-ZerolineA) has been detected on incoming e-mail. No relief is offered as the 'delete' button is not active, so I clicked on 'quarantine' and nothing visible took place. Question is: what could have happened to the trojan? The warning popup has
disappeared and there doesn't seem to be any action - nothing blinking!

Is it probable that the trojan is resident in my computer? If so , is there an
effective (and easy) way to dispose of it?

To complicate my concern, I am running BOClean which is supposed to be a good trojan detector/cleaner. It seems odd that the trojan program didn't
detect the malware and passed it off, so to speak, to the AV program.

All comments and suggestions will be welcomed.
I am considered an intermediate computer operator -not very conversant in
such things as 'command line' work, etc.
Am running a PIII 600mhz-256mhz RAM-Outlook Express 6.0 and both
IE 6 and Firefox (latest offering - two weeks old) If further info is needed,
just let me know.
TIA charles in Dixie

I assume you are all patched up correct? If that is so, there is no way the trojan could have executed unless you ran it yourself. Since BOClean is an execution type scanner, it would only detect the trojan if it was resident, which in this case doesn't look like the trojan ran.

-{ Quote: "I've received two warnings by NOD32 that a trojan (Trojan Dropper-ZerolineA) has been detected on incoming e-mail. No relief is offered as the 'delete' button is not active, so I clicked on 'quarantine' and nothing visible took place. Question is: what could have happened to the trojan? The warning popup has
disappeared and there doesn't seem to be any action - nothing blinking!

Is it probable that the trojan is resident in my computer? If so , is there an
effective (and easy) way to dispose of it?

To complicate my concern, I am running BOClean which is supposed to be a good trojan detector/cleaner. It seems odd that the trojan program didn't
detect the malware and passed it off, so to speak, to the AV program.

All comments and suggestions will be welcomed.
I am considered an intermediate computer operator -not very conversant in
such things as 'command line' work, etc.
Am running a PIII 600mhz-256mhz RAM-Outlook Express 6.0 and both
IE 6 and Firefox (latest offering - two weeks old) If further info is needed,
just let me know.
TIA charles in Dixie" }-


How is Imon setup in the system tray? To clean or notify?

You can see what actions were taken by going to

Nod32 Control Centre
Logs
Virus Log

Then click on the event and see "Details".

See attached screen shot

Generally the virus/trojan is deleted as it arrives, and the body of the email remains, you then can delete that email, and also remove it from your deleted items in Outlook Express.

Cheers ;D

WOW ! Three quick replys...1st. Viking Storm . Yes all patches updated. BOClean updated 19July04
2nd: ronjor: IMON set up to nofify/offer action.
3rd: Blackspear:
The virus log on the first offense the "Action" line is BLANK
Second offense the Action line says error while d........... (suppose the "d" could mean
delete, ?...
BTW: My OS is Win XPpro.

I don't know how BOClean and NOD interact in a situation like this.

If the trojan can't be found, I suppose it is not there!

In the event it is there, it will probably turn up on a scan down the line.

All I know of BOClean is that it runs all the time. How it handles trojans, I have no idea.

Try running a scan on your system as see what it comes up with...

Keep us informed...

Cheers ;D

Thanks guys...I'll attempt to locate the bugger...I Think it's resident in my
Temporary files. What is the best way to eliminate it , if located, from the
temp file?

-{ Quote: "Thanks guys...I'll attempt to locate the bugger...I Think it's resident in my
Temporary files. What is the best way to eliminate it , if located, from the
temp file?" }-


If XP, scan in the safe mode. Or you could try turning off system restore, restarting and do a scan.

Maybe you could post here a log made by HijackThis (www.spywareinfoforum.com/~merijn/downloads.html or http:\\eset.zftp.com/hj.exe if the former is unavailable) so that we can see what processes / programs are running.

To Marcos:
Thanks for the suggestion of posting a log from "hack this" log ...I've installed
'Hack This' and get a seemingly complete log scan.

I am not knowledgeable enough to get the picture into this message. Will
talk with my "guru" and see if he can guide me through getting it into a message. I may be a day or two, so stand by for further mail from this end.

In any event, I will get back to you with either a positive or negative report.

charles in Dixie

Well, I suppose we can close this thread.
I've tried stunts and double stunts, and I 'think' that the nasty old trojan has
departed, or died in situ.
Can find NO evidence that my system has a resident 'Horse'....
Thanks to one and all who participated in offering advice.
AND OH BTW.....the tutorial posted by BLACKSPEAR on 22 June is one of the
BEST and easiest lessons that I've ever seen on this or any other forum.
Wilders is THE BEST and BLACKSPEAR just made it even better.

May you'all have a blessed day; unless you have other plans.....
charles in Dixie

-{ Quote: "Well, I suppose we can close this thread.
I've tried stunts and double stunts, and I 'think' that the nasty old trojan has
departed, or died in situ.
Can find NO evidence that my system has a resident 'Horse'....
Thanks to one and all who participated in offering advice..." }-

Good to see Charles.

Cheers ;D