Wilders Security Forums  

Go Back   Wilders Security Forums > Archived Forums > Closed Sub-Forums > Archived ESET Support Forums > NOD32 version 2 Forum
Reload this Page serious amon question
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old February 5th, 2007, 07:57 PM
realitybytez realitybytez is offline
Infrequent Poster
  
Join Date: Sep 2006
Posts: 30
Default serious amon question
ever since i installed nod32 on my network of 6 servers and 74 pcs, i have been getting sporadic messages similar to this:
NOD32: Virus Alert
5C4Q731@xxxxxxxxxx.com
To: me
2/5/2007 15:43:37 PM - AMON - File system monitor Threat Alert triggered on 5C4Q731: C:\DOCUME~1\marjorie\LOCALS~1\Temp\IH576.tmp is infected with probably a variant of Typer.704 virus.
so can someone tell me with any degree of certainty if this means: "hey we found a virus. we thought you'd like to know. oh and by the way, we didn't do anything about it. the file is still infected with the virus"?

because, that's how it reads to me.

do I need to go back to all of these computers and manually remove all these virusses?
  #2  
Old February 5th, 2007, 09:24 PM
Blackspear's Avatar
Blackspear Blackspear is offline
Global Moderator
  
Join Date: Dec 2002
Location: Gold Coast, Queensland, Australia
Posts: 15,114
Default Re: serious amon question
"probably a variant of Typer.704 virus."

Highlighted is heuristics in action, basically AMON is saving your bacon. It would appear that you have some form of dropper so I would get in contact with your local NOD32 support office and they will have you download 3 tools to help with analysis:

HijackThis from HERE

Autoruns from HERE

Lookinmypc from HERE

Then run each program and forward the logs from all three programs to me in a reply email together with the following:

1. Go to the NOD32 Control Centre
2. Click on Logs
3. Right Click on one of last completed full system scan logs.
4. Click on “Details”
5. Right Click anywhere on the scan log
6. Click on “copy all”
7. Right Click in the replying email to me.
8. Click on “Paste”

This will paste a copy of one of the scans you have completed.

Let us know how you go....

Cheers
__________________
"Illegitimis non carborundum"
translation:
"Don't let the bastards grind you down"
U.S. General Joseph W. "Vinegar Joe" Stilwell (1883-1946)
Two Photographers
  #3  
Old February 6th, 2007, 12:01 AM
Marcos Marcos is offline
Eset Moderator
  
Join Date: Nov 2002
Posts: 14,194
Default Re: serious amon question
It could be a false positive. If the file is located in quarantine, send the appropriate nqi/nqf file from the eset/infected folder to samples @ eset.com with a link to this thread in the subject.
  #4  
Old February 6th, 2007, 01:19 PM
realitybytez realitybytez is offline
Infrequent Poster
  
Join Date: Sep 2006
Posts: 30
Default Re: serious amon question
well, i wanted to come back here and at least report what i discovered.

when i went to the infected computer and looked at the threat log, i found that the file in question had been deleted by amon.

it sure would be nice if the email that was sent to me by amon would have reported that fact.
 

Wilders Security Forums > Archived Forums > Closed Sub-Forums > Archived ESET Support Forums > NOD32 version 2 Forum « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 11:07 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums