Strange NOD32 Behavior

[DrFix]

Hi,
everyday NOD32 pops-up telling me it bocked a connection:

03/02/2012 18:25:57 HTTP filter file ~Link removed~ HTML/ScrInject.B.Gen virus connection terminated - quarantined NT AUTHORITY\NETWORK SERVICE Threat was detected upon access to web by the application: C:\Windows\SysWOW64\uniime32.exe.

Yes, thanks NOD, but I scanned the whole system and it doesn't find any HTML/ScrInject.B.Gen virus.... so I really don't know what to do.

It seems me to be the only one experiencing this sisutation... there's something opening a connection to a virus site but NOD doesn't help me finding WHHAT is opening the connection...

[Marcos]

I'd suggest uploading C:\Windows\SysWOW64\uniime32.exe to VirusTotal as it could be malware. If it is, copy & paste here the MD5/SHA1 hash of the file.

[DrFix]

Yes it's malware!!! 7 / 43

Here is the sha
4f8f2f9a848d658e07fbb1fa965f2a3d446fcb430952417821cb5acd5c196bcd

What could I do now?

[future]

It may be necessary to remove the link?

[DrFix]

Ok, sorry...
I'll rename the file but I don't think thath would be enough to remove the trojan...

[future]

Quote:

Originally Posted by DrFix

Ok, sorry...
I'll rename the file but I don't think thath would be enough to remove the trojan...

Thank you The reason is that some people can click on the link

[2570windsor]

So is ScrInject.b.gen a virus or not? According to microsoft.com Threat Encyclopedia it is an alias for the Trojan JS/BlacoleRef.A. Ever since I got hit with the ScrInject.B.gen (eset currently shows no infections) my machine has started acting crazy.

[tipo]

do a scan with malwarebytes and/or hitman pro and see what they find.