NOD32 detected this file...

Discussion in 'NOD32 version 2 Forum' started by CJsDad, Jul 28, 2006.

Thread Status:
Not open for further replies.
  1. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Something called "smitRem"??

    This is what is shown in the threat log....

    Time Module Object Name Threat Action User Information
    7/28/2006 12:27:11 PM AMON file C:\Documents and Settings\****\My Documents\smitRem\Process.exe Win32/PrcView application deleted *******\**** Event occurred at an attempt to access the file by the application: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

    I decided to run a scan today as you can see using SUPERAntiSpyware and when it got to the file WIN32/PrcView, NOD popped up on the screen.

    Does anyone know if this file looks familiar or is this smitRem an actual virus?

    Thanks.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Malware type: Others
    Aliases: PRCVIEW.A, Tool.Win32.PrcView.3621
    In the wild: No
    Destructive: No
    Language: English
    Platform: Windows 95, 98, ME, NT, 2000, XP
    Encrypted: No
    Overall risk rating: Very Low
    Reported infections: Low
    Damage potential: Low
    Distribution potential: Low

    Description:
    This is a non-malicious tool that can be used for malicious intention.
    This tool is designed to display detailed information about processes that are running under the Windows system.
    Remote malicious users, through third-party applications, can use this utility to kill a running process or activate any application on a Windows system.

    This tool runs on Windows 95, 98, ME, NT, 2000, and XP.

    Have a look: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HKTL_PRCVIEW.A
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I too use this tool, so I had to exclude it from being scanned by AMON as I needed to leave PDA enabled.
     
  5. ASpace

    ASpace Guest


    This is pottentially dangerous application . These are not exactly viruses but if you don't how to use it or when to use it , you can fall victim of it . Also hackers may use it for bad purposes .

    Since it is in smitrem.exe (An application used to remove Smithfraud family malware) , this is probably going to be used with good purpose .

    However , during your scan with SAS , SAS tried to open it and scan it and NOD32 poped-up . Security softwares such as NOD32 can't know if this application is going to be used with bad or good purpose and that's why they are deleted

    You are protected! :thumb:
     
  6. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Thats just a component for Smitfraud Removal tool (SmitRem).
    Lot's of AVs are detecting potentially dangerous tools so all you have to do is just to exclude this file if you need to use SmitRem. If you don't, then just delete that folder.
     
  7. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Thanks for the help.
    I just deleted the folder, I dont use this program any more, matter of fact I forgot all about it but why would NOD detect it now when I used this program over a year ago?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Depends when detection was added for the tool, and when you placed a tick in detection of "Potentially Dangerous Applications".

    Cheers :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.