Eset trojan

Discussion in 'ESET NOD32 Antivirus' started by torrys, Aug 12, 2010.

Thread Status:
Not open for further replies.
  1. torrys

    torrys Registered Member

    Aug 12, 2010
    I have a PC in our office that's running ESET NOD32 Antivirus BUSINESS EDITION Product Version 3.0.695. This morning the user clicked on an email link which caused Eset to flag a trojan warning. See below:

    Name Threat Action Information
    ~ Link removed~ a variant of Java/TrojanDownloader.Agent.NAL trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
    ~ Link removed~ » ZIP » Main.class a variant of Java/TrojanDownloader.Agent.NAL trojan
    ~ Link removed~ » ZIP » url.txt

    My problem is the trojan still executed and loaded Spyware on the users PC and I had to revert to a backup to get things working. Any idea why Eset didn't stop the load of the trojan? Why am I running Anti-virus if it can't stop this?

    Thanks for your help.o_O
    Last edited by a moderator: Aug 12, 2010
  2. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    No security product will ever detect all new born threats from the very first moment and no product will ever have 100% detection of threats with a reasobable low number of false positives. Network administrators must take this into account and set up the appropriate policy on the mail server. I wonder why the user was able to receive such an attachment and run it, this implies insufficient security policy in their network environment.

    If possible, please submit the suspicious email to ESET per the instructions here or at least the link to the malware in question found in the threat log.
    Last edited: Aug 13, 2010
  3. volvic

    volvic Registered Member

    Aug 17, 2009
    Please do not rely on just Nod32.

    Consider MBAM (if it will run) or prevx.

    Also, you need local policies too.
Thread Status:
Not open for further replies.