Info on Win32/Spy.Agent.NES trojan

I would like more information on a recent activity log I received from a user's computer.

First I am unable to learn anything about this particular threat, what it is, what is does, etc.

Second, as you can see I am unable to determine the location of the attempted infection. It says "invalid_name". If I knew more info on this particular malware I might know where to look for it.

My biggest concern are the dates listed. It looks like it was detected during computer shutdown and again when the computer was booted the following morning. My concern is that something has infected the computer and is now being detected, but unable to remove. I am unable to reboot the computer at this time and will have to wait to see if this situation repeats itself.

Any feedback appreciated.

Column Name Value
Alert Id Alert 548
Client Name ******
Primary Server xxx.xxx.xxx.xxx
Date 2008-07-24 16:07:47
Received 2008-07-25 06:52:46
Module IMON
Object archive
Virus Win32/Spy.Agent.NES trojan
Name invalid_name
Action connection terminated
Info
Log Details Ready
Comment

Log Details
invalid_name
invalid_name »ZIP »INVOICE_8712.exe - Win32/Spy.Agent.NES trojan

 

Hello,

When IMON terminates the connection as it did in your case, it was stopped before it got on the machine.

BFG