Virus cant fix

Discussion in 'ESET NOD32 Antivirus' started by ratboyJ, Jan 28, 2008.

Thread Status:
Not open for further replies.
  1. ratboyJ

    ratboyJ Registered Member

    1/28/2008 10:51:36 PM HTTP filter file hxxp:// probably a variant of Win32/Statik application connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.

    I get this ****, i get spammed like every 10 minutes with about 30 logs. Any way that i can fix this
    Last edited by a moderator: Jan 28, 2008
  2. Marcos

    Marcos Eset Staff Account

    Please send a log from ESET SysInspector to support[at] with this thread's url enclosed. We'll analyse it and let you know how to remove the threat.
  3. ratboyJ

    ratboyJ Registered Member

    Never mind
  4. ratboyJ

    ratboyJ Registered Member

    Ok, i sent the file to so you can hopefully tell me how i fix this
  5. flyrfan111

    flyrfan111 Registered Member

    Very strange, if you try to download the file you get the alert. If you turn off NOD, download it then scan it you don't get any alert.
  6. Stijnson

    Stijnson Registered Member

    I can't find W32/Statik in the def files when searching here:

    It's rather strange indeed that you don't get any alert when first downloading the file (NOD32 turned off) and then scanning it manually. Can someone explain how this can be?
  7. ratboyJ

    ratboyJ Registered Member

    I didnt go to any site and download this file, i was downloading music from limewire so that might be it.
    But i turned on the computer the next day and then straight away i got the--bad file, terminated , then this file was put in quarenteen, then i get log attacks (about 20) every 10 minutes. If i delete the file from quarenteen then it is back in there when i get the attacks
  8. Marcos

    Marcos Eset Staff Account

    Statik is new technology of heuristic detection which is currently being tuned up. Currently it's usually enabled only for IMON/web modules and further modules will follow as soon as the results are analysed and evaluated.
  9. flyrfan111

    flyrfan111 Registered Member

    Ahhh, makes sense now, thanks for the clarification Marcos. So this was an FP, but the Allaple one in the other thread was not, correct?
  10. Marcos

    Marcos Eset Staff Account

    Surely there was a threat listed in ratboyJ's log and the file ldr2.exe looks quite suspicious. I'll pass it to our vlab to make sure it wasn't FP.
  11. Bubba

    Bubba Updates Team

    appears so, especially on the un-stripped portion of the file. Sunbelt sandbox had an interesting read also.

    What Nod does not like it appears to me as an un-trained analyzer, is the last few entries that it strips from the original as noted in an UltraCompare file comparison :doubt:

  12. lucas1985

    lucas1985 Retired Moderator

    Marcos, this is interesting. Could you elaborate on this a little more? Does NOD32 v2 have access to this heuristic?
    Do you want to work on a viruslab? :D
  13. ASpace

    ASpace Guest

    I personally have seens this kind of detection (Statik) with v2 , too , so v2 has it , too
  14. nodyforever

    nodyforever Registered Member

    interesting detection (Statik)


    If really it is a tool what of more it forces to the modules of the antivirus I support unconditional

    VT and Jotti nod32v2 database 2828 not detected virus file.

    Detection exclusive antivirus module :)
  15. ratboyJ

    ratboyJ Registered Member

    So how would i go about removing this virus from my computer

    Is there a program that can do this for me or is there a list of files that i can remove from my computer that will fix the problem
  16. ASpace

    ASpace Guest

    Follow Marcos's advise and ESET representative will tell you what to do (post #2)
  17. ratboyJ

    ratboyJ Registered Member

    I did a system restore back to the day that i know i didnt have any problems, and now the problem has been eliminated, Anyway thank you for your support..................PS --It wasnt the music i downloaded from limewire
Thread Status:
Not open for further replies.