|
|
#1
July 6th, 2010, 07:13 PM
|
|||
|
|||
Post title modified
I have NOD32 Antivirus, 4.2.40.0, fully updated.
The assault started today - every time I connect to the internet, NOD32 blocks an attack every few seconds, coming up with this message: ------------------------------------------------------------------- Object: ~Link removed~ Threat: a variant of Win32/Peerfrag.FU worm Information: connection terminated - quarantined ------------------------------------------------------------------- I did a full system scan using NOD32, it came up with nothing. Has anyone here seen this before? Is there a way of stopping these attacks completely? I know I can stop the error messages from appearing, but these attacks seem to be slowing my internet speed to a crawl. Any help would be appreciated. Last edited by ronjor : July 6th, 2010 at 07:25 PM. Reason: Link to possible malware removed |
|
#2
July 6th, 2010, 07:26 PM
|
||||
|
||||
|
Re: Post title modified
See this KB article on how to submit files to ESET. http://kb.eset.com/esetkb/index?page=content&id=SOLN141 Don't post links to potential malware here.
|
|
#3
July 6th, 2010, 07:31 PM
|
||||
|
||||
|
Re: Post title modified
depends when it happens
on outbound your machine would be compromised and NOD should not only detect the malicious connection but also the culprit on inbound the address your machine trying to connect to would perhaps be compromised with malicious code, that would be the same address again and again - any indication of that? you may also try prevx, does not give real time protection in trial mode, but you can run a full scan see if it comes up with something. if you machine got infested already recommend to use the download link 'Download NowMalware infecting you now? Download a randomized filename' from here http://info.prevx.com/downloadcsi.asp Last edited by vtol : July 6th, 2010 at 07:41 PM. |
|
#4
July 6th, 2010, 07:37 PM
|
||||
|
||||
|
Re: Post title modified
Quote:
|
|
#5
July 6th, 2010, 07:50 PM
|
||||
|
||||
|
Re: Post title modified
Eset has access to the information.
|
|
#6
July 6th, 2010, 10:36 PM
|
||||
|
||||
|
Re: Post title modified
__________________
siljaline MS MVP Alum . MVPS HOSTS . Rename Hosts . ESET for Business . 10 Immutable Laws of Security . System Lookup . ESET Threat Blog . MBAM |
|
#7
July 6th, 2010, 10:50 PM
|
||||
|
||||
|
Re: Post title modified
Good info Randy.
 |
|
#8
July 6th, 2010, 10:59 PM
|
||||
|
||||
|
Re: Post title modified
Thanks, Ron
Always willing to help, where I can.
__________________
siljaline MS MVP Alum . MVPS HOSTS . Rename Hosts . ESET for Business . 10 Immutable Laws of Security . System Lookup . ESET Threat Blog . MBAM |
|
#9
July 7th, 2010, 06:25 AM
|
|||
|
|||
|
Re: Post title modified
Quote:
Ah, filesharing huh... Anyway, thanks for the info. I fixed the problem by running Malwarebytes' Anti-Malware program.  |
|
#10
July 7th, 2010, 12:17 PM
|
||||
|
||||
|
Re: Post title modified
To the best that I can determine, file sharing aka file sharing was, is the delivery method for this particular worm.
You should also consider the additional options for infected machines although MBAM has given you a green light. Quote:
__________________
siljaline MS MVP Alum . MVPS HOSTS . Rename Hosts . ESET for Business . 10 Immutable Laws of Security . System Lookup . ESET Threat Blog . MBAM |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
