NOD32 not allowing actions on detected threats

[Tetranitrocubane]

Hi everyone. Please bear with me on this, as I've no idea what's going on.

I was browsing the web with Opera, and hit upon a site that's usually trusted. For some reason, though, it popped up an AMON Threat detection. The site also tired to redirect me to another website, but I think that either my HOSTS file blocked it, or I closed the page before it loaded. I'm not sure.

The Alert details are as follows:

----

File: C:\Documents and Settings\{My username}\Local Settings\Application Data\Opera\Opera...\op0XS46

Threat: SWF/TrojanDownloader.Agent.NAJ trojan

Comment:
Event occurred on a file modified by the application: C:\Program Files\Opera\opera.exe. This file was moved to quarantine. You may close this window.

----

(The actual file path was: C:\Documents and Settings\{My username}\Local Settings\Application Data\Opera\Opera\profile\cache4\op0XS46 )

The options to Copy to Quarantine, Submit for analysis, clean, delete, and rename are all greyed out. I can only check the 'Display warning window' button, and close the threat detection window.

I'm a little disturbed by this. I suppose it's possible that this site I was checking had been hijacked and infused with something malicious. The more pressing issue, though, is that I don't know why NOD won't let me clear or delete this file! There's no record of it in the control center Threat log, either. The file looks like it's in quarantine, but I'm wondering what the best course of action is now.

Did NOD catch this before it became a problem? Or should I take some more serious measures? A scan didn't come up with anything subsequent, but I don't know if the infection compromised NOD, seeing as I couldn't clean or delete the file after it was detected - I could only dismiss the Threat Detection window.

Any help would be appreciated. Thanks!

[Marcos]

You can install EAV v3 and switch the cleaning mode to No cleaning so that you're always prompted for an action when a threat is found.

[Tetranitrocubane]

Quote:

Originally Posted by Marcos

You can install EAV v3 and switch the cleaning mode to No cleaning so that you're always prompted for an action when a threat is found.

After a bit of investigation, it seems that this particular virus is actually just a malicious SWF file that's intended to be scareware. It doesn't install anything on it's own, so the only files that were infected seemed to be in the cache. I guess that's why there wouldn't be a 'fix' option, and NOD automatically must have quarantined the file. From what I saw, I thought it just found the file and wouldn't allow me to take an action, but I guess it was automatic!

I've also been meaning to look into v3 for a while now. Thanks for the advice.