It DOES actually catch things, you know

Discussion in 'NOD32 Early v2 Beta' started by spy1, Feb 17, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    FI, my son was on the computer this past weekend while I was at work and the NOD32 Beta 2 popped him up a warning:
    "NAME = " C:\\Documents and Settings\\ XXXXX XXXXXXX\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1AZ4PIR\\pup[1].htm"%ITYPE=FILE @ INFECT=susp@TYPE=Trojan@NAME=JS/NoClose.C@CLN=BAA %UINFO="Event occured on a newly created file."%INFECTED=%ACTION=AQ"
    (Thought that was pretty cool - didn't even know it would catch JS/NoClose).

    Then, the next day, I was playing with something I saw on DSLReports Security forum. Had it d/l'ed to my DeskTop in zipped form but hadn't done anything with it yet (besides send it to someone else) and NOD popped up a warning (apparently from AMON as it was chugging along checking things. NOTE: Did not receive any warning when I initially d/l'ed the file itself - that's by design, I guess?)

    "NAME="C:\\Program Files\\TDS-3\\xDynamic\\TDS.Unpk\
    hota.exe"%ITYPE=FILE @INFECT=inf@TYPE=Trojan@NAME=Win32/Spy.Small.B@CLN=BAA %UINFO="Event occured during attempt to access the file."%INFECTED= "

    So I Erased the file off of the DeskTop without un-zipping it.

    Anyway, just thought I'd let you know it's working here for me. Pete

    P.S. - That all shows up in the main interface windows' "Virus Log" like this:

    Time   Module   Object   Name   Virus   Action   Info
    2/16/2003 13:08:55 PM   AMON   file   C:\Program Files\TDS-3\xDynamic\TDS.Unpk
    hota.exe   Win32/Spy.Small.B trojan      
    2/15/2003 20:06:53 PM   AMON   file   C:\Documents and Settings\Steven Yevchak II\Local Settings\Temporary Internet Files\Content.IE5\G1AZ4PIR\pup[1].htm   probably modified trojan JS/NoClose.C   quarantined   
     
Thread Status:
Not open for further replies.