spy1
February 17th, 2003, 08:46 AM
FI, my son was on the computer this past weekend while I was at work and the NOD32 Beta 2 popped him up a warning:
"NAME = " C:\\Documents and Settings\\ XXXXX XXXXXXX\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1AZ4PIR\\pup[1].htm"%ITYPE=FILE @ INFECT=susp@TYPE=Trojan@NAME=JS/NoClose.C@CLN=BAA %UINFO="Event occured on a newly created file."%INFECTED=%ACTION=AQ"
(Thought that was pretty cool - didn't even know it would catch JS/NoClose).
Then, the next day, I was playing with something I saw on DSLReports Security forum. Had it d/l'ed to my DeskTop in zipped form but hadn't done anything with it yet (besides send it to someone else) and NOD popped up a warning (apparently from AMON as it was chugging along checking things. NOTE: Did not receive any warning when I initially d/l'ed the file itself - that's by design, I guess?)
"NAME="C:\\Program Files\\TDS-3\\xDynamic\\TDS.Unpk\
hota.exe"%ITYPE=FILE @INFECT=inf@TYPE=Trojan@NAME=Win32/Spy.Small.B@CLN=BAA %UINFO="Event occured during attempt to access the file."%INFECTED= "
So I Erased the file off of the DeskTop without un-zipping it.
Anyway, just thought I'd let you know it's working here for me. Pete
P.S. - That all shows up in the main interface windows' "Virus Log" like this:
Time***Module***Object***Name***Virus***Action***Info
2/16/2003 13:08:55 PM***AMON***file***C:\Program Files\TDS-3\xDynamic\TDS.Unpk
hota.exe***Win32/Spy.Small.B trojan******
2/15/2003 20:06:53 PM***AMON***file***C:\Documents and Settings\Steven Yevchak II\Local Settings\Temporary Internet Files\Content.IE5\G1AZ4PIR\pup[1].htm***probably modified trojan JS/NoClose.C***quarantined***
"NAME = " C:\\Documents and Settings\\ XXXXX XXXXXXX\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1AZ4PIR\\pup[1].htm"%ITYPE=FILE @ INFECT=susp@TYPE=Trojan@NAME=JS/NoClose.C@CLN=BAA %UINFO="Event occured on a newly created file."%INFECTED=%ACTION=AQ"
(Thought that was pretty cool - didn't even know it would catch JS/NoClose).
Then, the next day, I was playing with something I saw on DSLReports Security forum. Had it d/l'ed to my DeskTop in zipped form but hadn't done anything with it yet (besides send it to someone else) and NOD popped up a warning (apparently from AMON as it was chugging along checking things. NOTE: Did not receive any warning when I initially d/l'ed the file itself - that's by design, I guess?)
"NAME="C:\\Program Files\\TDS-3\\xDynamic\\TDS.Unpk\
hota.exe"%ITYPE=FILE @INFECT=inf@TYPE=Trojan@NAME=Win32/Spy.Small.B@CLN=BAA %UINFO="Event occured during attempt to access the file."%INFECTED= "
So I Erased the file off of the DeskTop without un-zipping it.
Anyway, just thought I'd let you know it's working here for me. Pete
P.S. - That all shows up in the main interface windows' "Virus Log" like this:
Time***Module***Object***Name***Virus***Action***Info
2/16/2003 13:08:55 PM***AMON***file***C:\Program Files\TDS-3\xDynamic\TDS.Unpk
hota.exe***Win32/Spy.Small.B trojan******
2/15/2003 20:06:53 PM***AMON***file***C:\Documents and Settings\Steven Yevchak II\Local Settings\Temporary Internet Files\Content.IE5\G1AZ4PIR\pup[1].htm***probably modified trojan JS/NoClose.C***quarantined***