I am presently running Nod 32, v 2.12.3 with latest updates on XP Pro machine. AMON continues to find the following:

Time Module Object Name Virus Action User Info
11/10/2004 5:42:04 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\21A3EC\ Win32/TrojanDropper.Bridge.A trojan

Time Module Object Name Virus Action User Info
11/10/2004 5:42:04 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\244AD9\Win32/PSW.Delf.CT trojan

11/10/2004 5:42:03 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\32657\Win32/TrojanDownloader.IstBar.ER trojan

11/10/2004 5:42:03 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\F770D\ Win32/Bionet.405 trojan

Nod 32 cannot, quarantee, delete or rename.

The following programs do not find the above, TDS3, Tauscan, Spy Sweeper, SpyBot, Adaware se Pro, and Pest Patrol.

My question is why aren't the trojans being detected by the anti trojan programs and removed? Are the trojans false reports? If not, why are not the other programs detcting them? How can I get rid of them? Any light and info will be most appreciated.

squire

Hi Squire, just empty you Temp folder by doing the following:

Open up Internet Explorer

Click on Tools

Internet Options

General TAB

Temporary Internet Files

Delete Files

Delete All Offline Content

Then run a further scan with Nod32, it should come up clean.

Let us know how you go...

Cheers ;D

{QUOTE-> Hi Squire, just empty you Temp folder by doing the following:

Open up Internet Explorer

Click on Tools

Internet Options

General TAB

Temporary Internet Files

Delete Files

Delete All Offline Content

Then run a further scan with Nod32, it should come up clean.

Let us know how you go...

Cheers ;D <-QUOTE}

Blackspear,

Worked like a charm. THANK YOU! ;)

Hi Squire,
please make sure you're using the latest version (2.12.3) with the HTTP scanner available on our website and that you have your browsers set to higher efficiency mode. If you have it set so, those trojans would have certainly be intercepted by IMON before they had been written to the disk.

It was because they were in the adaware unpacking folder


I presume NOD flagged them when adaware was doing a scan

the reason NOD can't delete them is because the files are locked by adawre whilst it is scanning them

this advice on the adawre support forums explains it completely
http://www.lavasoftsupport.com/index.php?showtopic=14501

to clear them completely do this

but I think that they will be gone already because adaware empties that folder normally when it finished scanning
Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.

then go to C:\windows\temp and select EVERYTHING except temporary internet files, cookies and history folders and delete all that and then do the same for C:\temp

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive if you wish to

to do a little experiment to prove it do this
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
then navigate to

C:\DOCUMENTS AND SETTINGS\jerk\LOCAL SETTINGS\Temp and see that there is no \AAWTMP temp folder listed

start adaware and do a scan and that folder with a numbered sub folder will appear as if by magic and as soon as adaware stops scanning and is closed then that folder is deleted automatically

{QUOTE-> Hi Squire,
please make sure you're using the latest version (2.12.3) with the HTTP scanner available on our website and that you have your browsers set to higher efficiency mode. If you have it set so, those trojans would have certainly be intercepted by IMON before they had been written to the disk. <-QUOTE}
Marcos,
Please excuse my ignorance, but I don't understand, I am using Firefox 1.0PR as my browser and have NOD32 v 2.12.3. How do I set to higher efficiency mode and the scanner available on the website. I'm sorry, but I'm not following you.

Under Imon, http, setup, click where the pointer is located and it will change modes.

Blackspear, Marcos, dvk01, and ronjor;

Gentlemen, thank you each for your prompt reply and assistance. Not only have you solved my problem, but you have helped me set up NOD to perform at its full capability. Without your help, this would not have happened. A sincere THANK YOU to all of you.

squire ;D

{QUOTE-> Blackspear, Marcos, dvk01, and ronjor;
Not only have you solved my problem, but you have helped me set up NOD to perform at its full capability. <-QUOTE}
Didn't know if you have seen this great thread by Blackspear about how to setup NOD to it's fullest capicity. Very nice read.

Thanks,

Chris

{QUOTE-> Blackspear, Marcos, dvk01, and ronjor;

Gentlemen, thank you each for your prompt reply and assistance. Not only have you solved my problem, but you have helped me set up NOD to perform at its full capability. Without your help, this would not have happened. A sincere THANK YOU to all of you.

squire ;D <-QUOTE}

You're welcome squire. :)

{QUOTE-> Didn't know if you have seen this great thread by Blackspear about how to setup NOD to it's fullest capicity. Very nice read. <-QUOTE}
http://www.wilderssecurity.com/showthread.php?t=37509

Thanks ronjor I don't know what happened to my link but thanks for putting it up :)

Thanks,

Chris

{QUOTE-> I don't know what happened to my link <-QUOTE}
Chris12923

You're welcome.

{QUOTE-> Didn't know if you have seen this great thread by Blackspear about how to setup NOD to it's fullest capicity. Very nice read.

Thanks,

Chris <-QUOTE}
Yes I have read and printed it for future reference. Thanks. This forum sure has a bunch of great guys willing to help!

squire ;D

{QUOTE-> Yes I have read and printed it for future reference. Thanks. This forum sure has a bunch of great guys willing to help!

squire ;D <-QUOTE}
Yeah a good bunch here Squire.

Great to see you had a good result.

All the best...

Cheers ;D