Virus cant fix

Discussion in 'ESET NOD32 Antivirus' started by ratboyJ, Jan 28, 2008.

Thread Status:
Not open for further replies.
  1. ratboyJ

    ratboyJ Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    6
    1/28/2008 10:51:36 PM HTTP filter file hxxp://comdomen.com/ldr2.exe probably a variant of Win32/Statik application connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.

    I get this ****, i get spammed like every 10 minutes with about 30 logs. Any way that i can fix this
     
    Last edited by a moderator: Jan 28, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,330
    Please send a log from ESET SysInspector to support[at]eset.com with this thread's url enclosed. We'll analyse it and let you know how to remove the threat.
     
  3. ratboyJ

    ratboyJ Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    6
    Never mind
     
  4. ratboyJ

    ratboyJ Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    6
    Ok, i sent the file to :support@eset.com: so you can hopefully tell me how i fix this
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Very strange, if you try to download the file you get the alert. If you turn off NOD, download it then scan it you don't get any alert.
     
  6. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I can't find W32/Statik in the def files when searching here: http://www.eset.com/support/updates.php

    It's rather strange indeed that you don't get any alert when first downloading the file (NOD32 turned off) and then scanning it manually. Can someone explain how this can be?
     
  7. ratboyJ

    ratboyJ Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    6
    I didnt go to any site and download this file, i was downloading music from limewire so that might be it.
    But i turned on the computer the next day and then straight away i got the--bad file, terminated , then this file was put in quarenteen, then i get log attacks (about 20) every 10 minutes. If i delete the file from quarenteen then it is back in there when i get the attacks
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,330
    Statik is new technology of heuristic detection which is currently being tuned up. Currently it's usually enabled only for IMON/web modules and further modules will follow as soon as the results are analysed and evaluated.
     
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Ahhh, makes sense now, thanks for the clarification Marcos. So this was an FP, but the Allaple one in the other thread was not, correct?
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,330
    Surely there was a threat listed in ratboyJ's log and the file ldr2.exe looks quite suspicious. I'll pass it to our vlab to make sure it wasn't FP.
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    appears so, especially on the un-stripped portion of the file. Sunbelt sandbox had an interesting read also.

    What Nod does not like it appears to me as an un-trained analyzer, is the last few entries that it strips from the original as noted in an UltraCompare file comparison :doubt:

     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Marcos, this is interesting. Could you elaborate on this a little more? Does NOD32 v2 have access to this heuristic?
    Do you want to work on a viruslab? :D
     
  13. ASpace

    ASpace Guest

    I personally have seens this kind of detection (Statik) with v2 , too , so v2 has it , too
     
  14. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    interesting detection (Statik)

    Marcos,

    If really it is a tool what of more it forces to the modules of the antivirus I support unconditional



    VT and Jotti nod32v2 database 2828 not detected virus file.


    Detection exclusive antivirus module :)
     
  15. ratboyJ

    ratboyJ Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    6
    So how would i go about removing this virus from my computer

    Is there a program that can do this for me or is there a list of files that i can remove from my computer that will fix the problem
     
  16. ASpace

    ASpace Guest

    Follow Marcos's advise and ESET representative will tell you what to do (post #2)
     
  17. ratboyJ

    ratboyJ Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    6
    I did a system restore back to the day that i know i didnt have any problems, and now the problem has been eliminated, Anyway thank you for your support..................PS --It wasnt the music i downloaded from limewire
     
Thread Status:
Not open for further replies.