Is the nod32 smart scan accurate enough?

Just wondering. There was an advertisement on a website, which apparently was malicious. The threat came from *tituliaconnect.com* (It would be nice if someone would check if its indeed a threat dont know how to myself, lol). After that, I deleted the detected threats log and deleted the file from quarantine after deleting all the cache and history from my browser.

Now, I am doing a smart scan of my machine. Any idea if its accurate or not?

 

I believe ESET detection:

See:
Report 2011-05-23 10:23:16 (GMT 1)
Website tituliaconnect.com
Domain Hash 40d21e02fa6d38f18ff5780a64053dd0
IP Address 67.225.157.151 [SCAN]
IP Hostname host.xwhostserver.com
IP Country US (United States)
AS Number 32244
AS Name LIQUID-WEB-INC - Liquid Web, Inc.
Detections 1 / 23 (4 %)
Status SUSPICIOUS
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender UNRATED
Scanning site with: DNS-BH CLEAN
Scanning site with: DShield SDL CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts UNRATED
Scanning site with: joewein.de LLC CLEAN
Scanning site with: Malc0de CLEAN
Scanning site with: Malware Domain List CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MyWOT UNRATED
Scanning site with: Norton SafeWeb UNRATED
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SCUMWARE CLEAN
Scanning site with: SpamhausDBL CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: Trend Micro Site Safety Center DETECTED
Scanning site with: URIBL CLEAN
Scanning site with: VSCAN CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN

*

It is probably malicious.

 

Thank you for that. How come other AV programs didnt detect anything though?

On topic: I scanned my machine twice with smart scan, 0 infections. You think im safe?

 

I think you are safe.

 

Hi,

A copy of the Detected threats log would have been helpful here, but I see you deleted it. The threat was detected and stopped by real-time protection, the on-demand scan reveals no threats, it would appear your system is malware free

 

FWIW, from a test VM: 5/23/2011 3:30:00 PM HTTP filter file hxxp://tituliaconnect.com/ JS/TrojanDownloader.Iframe.NKC trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files (x86)\Mozilla Firefox\firefox.exe. - the detected element's in a <body> tag near the top of the document

 

Thank you for that, but whats the chance that it might be a false positive?


On topic:

A strange thing happened before. When I accessed this website through IE, it didnt get blocked. When I opened it on Opera, it immediately got blocked. After 3 smart scans, nothing was revealed.

 

imo, it's not a false positive. kaspersky is also detecting the threat - the iframe i mentioned contains a call to a remote server, which is currently offline. i found a few references to this particular host being used to deploy iframe exploits.

 

So if It got blocked, then I deleted the cookies and temp files from Opera, then deleted the file from quarantine and scanned 3 times, do you think Im safe?


How could this website infect me? By launching a process or something?

 

when the eset product detected it and quarantined the malicious javascript + iframe, you were safe. it prevent it from being executed by the browser and quarantined it. the ancillary scan wouldn't hurt, and if you're really paranoid you could also run a scan with malwarebytes or something else. personally, i wouldn't worry though since it successfully blocked the script before it could be executed.

probably doing something to leverage an exploit in an unpatched browser or plugin. since the iframe src's host is down, i have no idea what that particular mechanism would be. something bad, though

 

Thank you for the reply. However another strange thing, is how it all happened.

My dad has been browsing yesterday, and I just happened to randomly checked the browsing history. That website was there (He uses IE), in some sort of an advertisement form. I deleted the browsing history, and went to the website on my Opera browser, and hurray- It got blocked!

One question- How did it bypass the block on IE? Maybe my dad didnt really enter it, maybe it just appeared on the front page of some other website?

 

Bump please