I have NOD32 Antivirus, 4.2.40.0, fully updated. The assault started today - every time I connect to the internet, NOD32 blocks an attack every few seconds, coming up with this message: ------------------------------------------------------------------- Object: ~Link removed~ Threat: a variant of Win32/Peerfrag.FU worm Information: connection terminated - quarantined ------------------------------------------------------------------- I did a full system scan using NOD32, it came up with nothing. Has anyone here seen this before? Is there a way of stopping these attacks completely? I know I can stop the error messages from appearing, but these attacks seem to be slowing my internet speed to a crawl. Any help would be appreciated.
See this KB article on how to submit files to ESET. http://kb.eset.com/esetkb/index?page=content&id=SOLN141 Don't post links to potential malware here.
depends when it happens on outbound your machine would be compromised and NOD should not only detect the malicious connection but also the culprit on inbound the address your machine trying to connect to would perhaps be compromised with malicious code, that would be the same address again and again - any indication of that? you may also try prevx, does not give real time protection in trial mode, but you can run a full scan see if it comes up with something. if you machine got infested already recommend to use the download link 'Download NowMalware infecting you now? Download a randomized filename' from here http://info.prevx.com/downloadcsi.asp
it does not sound like that the culprit is known to the user, a bit difficult to submit something in that case
Ah, filesharing huh... Anyway, thanks for the info. I fixed the problem by running Malwarebytes' Anti-Malware program.
To the best that I can determine, file sharing aka file sharing was, is the delivery method for this particular worm. You should also consider the additional options for infected machines although MBAM has given you a green light.