Been using NOD for a while but this is the first time I have had an alert.

I had a pop up telling me to send a copy of the file to NOD for evaluation. When I look in the threat log it comes up as a threat of the win32 trojan along with the link from the site ( I was looking to buy some software, cant find a UK supplier and google threw up a site that turned out to be warez >:( with no other details.
I then had the alert....this wasnt the the window with red in it...it was a bubble from the NOD taskbar icon. I have run a full scan and nothing shows up.

So has NOD blocked it or is it sitting on my PC somewhere and how do I find out...thanks in advance

submitted files are encrypted in the eset/cache folder.

Thanks, but that doesnt answer my question

{QUOTE->
So has NOD blocked it or is it sitting on my PC somewhere and how do I find out <-QUOTE}

What does your threat log say? Does it give a path to the file? Any more info?

if you have NOD32's IMON configured to protect you, it should have disconnected before downloading it - alternatively, AMON would have detected the file at access, and quarantined it, the prompted for submission.

Quarantined items are encrypted and therefore, rendered 'safe'.

My guess is that it downloaded it and quarantined it. Subsequent scans won't turn up your quarantined items - that would result in a LOT of stop-start for those that want to be told about everything found.

hth

Greg

Hi Huwge:

If you scroll to the right in the Threat Log, it should show under the "Action" column "Connection terminated". If this is the case, then the infiltration did not reach the hard drive.

{QUOTE-> Been using NOD for a while but this is the first time I have had an alert.

I had a pop up telling me to send a copy of the file to NOD for evaluation. When I look in the threat log it comes up as a threat of the win32 trojan along with the link from the site ( I was looking to buy some software, cant find a UK supplier and google threw up a site that turned out to be warez >:( with no other details.
I then had the alert....this wasnt the the window with red in it...it was a bubble from the NOD taskbar icon. I have run a full scan and nothing shows up.

So has NOD blocked it or is it sitting on my PC somewhere and how do I find out...thanks in advance <-QUOTE}

thats right, as you ppl said it, you always can check what happened with a threat in the threat log, connection terminated assures you that the infection was stopped at the move and did not reach your pc, i remember one time that i got into a page where i was attacked by like 5 w32trojan.downloaders and one did reach my pc, but i did not have to do anything cuz in inmediate action amon detected it twice, one on the temporary internet files and the other on system restore, and i was cleaned withouth doing a thing, so you dont have to worry about it then. ;D

The threat log has nothing in the action taken column. I didnt click on anything at the website.

Time Module Object Name Threat Action User Information
18/07/2005 18:01:38 IMON file www2.xmirror.us/download_plugin.exe a variant of Win32/TrojanDownloader.INService trojan YOUR-8QSS7CQGKG\Administrator

Thuis is what shows up on the threat log. I have taken out the http part so noone will click on it. It doesnt show up on the quarantine log and I didnt get the usual red warning window, just the bubble in the taskbar same as I getr when I download a new defenition.

So can anyone offer an explanation.....maybe from eset if no other ? ???

{QUOTE-> The threat log has nothing in the action taken column. I didnt click on anything at the website.

Time Module Object Name Threat Action User Information
18/07/2005 18:01:38 IMON file www2.xmirror.us/download_plugin.exe a variant of Win32/TrojanDownloader.INService trojan YOUR-8QSS7CQGKG\Administrator

Thuis is what shows up on the threat log. I have taken out the http part so noone will click on it. It doesnt show up on the quarantine log and I didnt get the usual red warning window, just the bubble in the taskbar same as I getr when I download a new defenition. <-QUOTE}

I got the red warning window.

In the Event log it shows:
Time Module Event User
7/20/2005 8:57:31 AM Kernel The file '
(edit)/download_plugin.exe' has been sent to Eset's labs for analysis.

Does your Event log show the same?

My event log shows this

Time Module Event User
18/07/2005 18:02:56 Kernel The file 'http://www2.xmirror.us/download_plugin.exe' has been sent to Eset's labs for analysis.

Im concerned that I didnt get any warning. NOD is set up as per Blackspears settings

{QUOTE->
Im concerned that I didnt get any warning. NOD is set up as per Blackspears settings <-QUOTE}

On the IMON Setup, HTTP tab under "Actions" do you have "Display warning window with action selection" marked?

Nope, deny download....does this mean no warning at all ?

{QUOTE-> Nope, deny download....does this mean no warning at all ? <-QUOTE}

With that marked you won't see the usual red warning window.

If you change it to "Display warning window with action selection"
you will get the red warning window.

Thanks Stan, much appreciated :D

Hi Huwge,

Glad to be of some help.