Just became a member (3 years) and really enjoy NOD32. Things are set and checked according to Blackspears guide. NOD32 picked up a variant of Win32/agent.OH trojan successfully. Afterwards however, when I look on my C drive I find a 3kb application (NTDETECT) which was created at exactly the same time as NOD32 picked up the trojan (checked the log). Do I need to worry, or is this application safe? Deja
Perhaps you should submit this to ESET? Or also upload it at VirusTotal and Jotti's online malware scan
I also agree , submit it to VirusTotal (but be patient) and then you may post the result here .This way if you use default settings VirusTotal will distribute this sample to all vendors which say no malware Also submit it to ESET's labs samples@eset.com If this is shown to be malware by many vendors , you can delete it. Update your NOD32 Open its Control Center -> Update -> Update now , The latest signature is 1.1705 Boot in Safe Mode Do this by repeatedly typing F8 while Windows is starting before Windows logo appears. Then you'll open the Windows Advanced menu where you can choose to boot the hard drive in SAFE MODE and as show here perform full Scan & Clean with the on-demand scanner When you have cleaned , you need to disable System Restore in Windows XP because it is really possible to have restore points infected which you don't need Turn System Restore OFF >>> Right click on My Computer->Properties->System Restore Check Turn off system restore and Click Apply . Then uncheck it and apply to enable it again
To be clear, the NT-based versions of Windows (NT, 2000, XP...) all have a C:\NTDETECT.COM file that is used when booting. However, this is usually a read-only hidden system file. Its date will usually be from the time you installed Windows on the computer, or maybe when you installed a new Service Pack on the computer. Any other NTDETECT file, such as NTDETECT.EXE, should be regarded with suspicion.