Please tell me what this is...

Discussion in 'NOD32 version 2 Forum' started by qweex, Jun 14, 2006.

Thread Status:
Not open for further replies.
  1. qweex

    qweex Registered Member

    Jun 14, 2006
    Hello, I just came back from the TV, and saw this warning:
    The alert window screenshot

    The program "infected", is Trillian, and is used as an IM like (or instead of) MSN Messenger. I am 99.9% sure that Trillian is not infected by any virus, trojan or what-so-ever...

    When my friend had sent a message to me, this warning popped up. Telling me the e-mail adress of my friend was infected by "POLY.CRYPT.COM", which it also said was "a probably unknown virus".

    I have searched around for it on the net, but found nothing, except ONE post on this forum, telling me nothing. Does anyone even have any small clue of what it is, or can be?

    I may also say that the directory (D:\Program\Trillian\users\default\cache) does NOT exist, not even in the registry.
    And the file "" is the e-mail adress of my friend... And not a file with the type ".com"... Just a plain file with no extension. (If it had been a file, ofc :ouch: )

    The interesting thing with this, is that I can see a connection between "POLY.CRYPT.COM" and MSN (and hotmail), do you? Read the other post, and you will understand why...
    There they have the same problem, but with IMON instead of AMON, when they log off from hotmail!

    Anyways, I gotta go now... I hope you can help me,
    Thanks in advance /Patrik

    PS. Can this be some odd "protection" by Microsoft? I heard that they are afraid of hacks of IMs that would take over Windows, or something like that... Just a false rumor?
  2. YeOldeStonecat

    YeOldeStonecat Registered Member

    Apr 25, 2005
    Along the Shorelines somewhere in New England
    It should just be .PNG files in that for your skin.
  3. ASpace

    ASpace Guest

    I read carefully and deeply your post and I can tell you :
    I can't be 100% sure .

    The only thing that is known for sure is that NOD32 has really big detection rate , NOD32 is extremely good at detection unknown malware and that NOD32 rarely,really rarely displays false-positives(wrong alarms) .

    If you doubt something is malware or not , you can upload it to the free service VirusTotal and let it be scanned with almost all AVs.

    Another -> Open NOD32's Control Center
    NOD32 System Tools

    and add the suspected files there .
    Then , please , submit it for analyze to ESET using the options in the programs . If they are really wrong alarm , ESET will fix it in short time

    Make sure NOD32 is updated.
    NOD32's Control Center -> Update -> Update NOW

    For now , open Start-Programs-ESET-NOD32 ,
    make sure you configure it correctly as shown here
    perform full Scan & Clean

    It would be really good if you do it in Safe Mode
    How to boot your computer in SAFE MODE
    Do this by repeatedly typing F8 while Windows is starting before
    Windows logo appears.
    Then you'll open the Windows Advanced menu where you can choose to boot
    the hard drive in SAFE MODE
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Apr 25, 2005
    Along the Shorelines somewhere in New England
    Just got this e-mail from Snort about an update they had for IPCop (I've been fiddling with this as my router/firewall at home with Copfilter).

    "Microsoft Security Bulletin MS06-024
    Windows Media Player is vulnerable to a stack based buffer overflow condition that can be exploited by an attacker via a PNG image with a large chunk size.

    Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 6688 through 6701."

    Anyways..the recent MS update for the PNG overflow.
  5. gerrya

    gerrya Registered Member

    Oct 21, 2005
    Illinois, USA
    Off topic, but if you've been fiddling with Copfilter for IPCop, take a look at

    Endian Firewall. It has much of IPCops addons integrated.
Thread Status:
Not open for further replies.