items detected, and quarantined, but not in threat log

[duijv023]

On a server of one of my customers, i see the following odd thing:
three files are quarantined, they seem to be infected:

javavm.exe - a variant of Win32/ServU-Daemon application
server.exe »RAR »clearlogs.exe - Win32/HackTool.Clearlog.A trojan
win.exe »RAR »javavm.exe - a variant of Win32/ServU-Daemon application

I uploaded the files to virustotal.com, and indeed these files seem infected.
BUT (which I think is very, very strange): I see no Threat log items about this

They were quarantined 23-01-2008 at around 17.45 (Dutch time, UTC+1)

scan results were the same then and now (using NOD32 version 2834 (20080130) NT)

Greetings from a rainy Holland

[duijv023]

In the mean time, I did an EICAR test, threat was logged tot threatlog as is should.
So the mechansim is working as it should

the password A hacktool was "detected, quarantined and deleted" earlier.
After that a full system scan (with all options on) was done and nothing found at that time.
Now a new (full system) scan is running (with defs 2835)

[duijv023]

scan is still running, but ready with C: disk

c:\windows\temp\INF7988.tmp placed in quarantaine
reason: a variant of WIN32/ServU-Deamon application

no further infections found.

As I see that JavaVM was not the latest version, i upgraded JavaVM to the latest version.

[duijv023]

after reboot, .tmp file (s) were deleted.
Additional scans did not show any infection anymore.

greetings from Holland

What a great monologue !

Greetings!

[duijv023]

Today again at customers; site:
nod23kernel service does not exist anymore

apparently there was an old virus active on the server before we installed NOD32.
I cannot see another explaination. I've installed hundreds of dekstops and numerous servers and never seen this before.

Well that's all for now; going to work, reinstall and hopefully kill the basterd

[proactivelover]

Are You Need Any Help Or Just Telling Us Your Stories