Was surfing and all of a sudden.. everything is in the quartine folder. Ran a scan and Nod said it deleted 2 infections but thats it. What should I do... 6/13/2009 12:01:05 PM Real-time file system protection file C:\WINDOWS\st_1244921286.exe Win32/BHO.NOE trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. 6/13/2009 12:01:05 PM Real-time file system protection file C:\WINDOWS\st_1244922868.exe Win32/Tinxy.AD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE. 6/13/2009 11:48:50 AM HTTP filter file ~Removed~ Win32/Tinxy.AD trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe. 6/13/2009 11:48:49 AM HTTP filter file ~removed~ Win32/BHO.NOE trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe. 6/13/2009 11:11:57 AM HTTP filter file ~Removed~ Win32/Tinxy.AD trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe. 6/13/2009 11:11:55 AM HTTP filter file ~Removed~ Win32/BHO.NOE trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe. 6/13/2009 11:09:44 AM Real-time file system protection file C:\WINDOWS\sysguard.exe a variant of Win32/Kryptik.TC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\LOCALS~1\Temp\install[2].exe. 6/13/2009 11:09:44 AM HTTP filter file ~Removed~ Win32/Tinxy.AD trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe. 6/13/2009 11:09:40 AM HTTP filter file ~removed~ Win32/BHO.NOE trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe. 6/13/2009 11:09:30 AM Real-time file system protection file C:\DOCUME~1\LOCALS~1\Temp\install[2].exe a variant of Win32/Kryptik.TC trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\QE3ER220\install[2].exe.
Personally I would do a manual in-depth scan with NOD first. Then, to be sure, download a copy of Malwarebytes Anti-malware (the free version). Perhaps use an alternative browser if you have one installed. Just Google for their website where you can download the latest version. Install this, then do a full scan of your system. I usually find that a combination of a NOD scan and a Malwarebytes scan usually removes any nasties. Andy
go to one of the dedicated sites to help you remove it all. listed at the bottom of the link https://www.wilderssecurity.com/showthread.php?t=42148
So just clicking delete in the quarantine area. Doesnt remove the issue? or is just removing the notes On some of those entries it says its removed.. But when I turn on the computer I get two Nod alerts.. for ~Links removed. No need to post links to possible malware here.~
Obviously something remains on your system. You could boot into Safe Mode then scan with NOD there to see if it removes the infections, but Malwarebytes Anti-malware should remove everything in normal mode, maybe requiring a reboot to completely remove them. Hence my suggestion to use both products. NOD is not alerting you to malware that it has quarantined. It is alerting you because it hasn't been able to remove every piece of malware properly and keeps finding it.
If C:\WINDOWS\ld08.exe is not detected, send it to samples[at]eset.com with this thread's url in the subject. In the mean time, rename it and restart the computer so that the malware is not loaded in memory and running.