Received high suspicious files, didn´t execute them but Eset has warnings

Discussion in 'ESET Smart Security' started by Rubix, Apr 24, 2009.

Thread Status:
Not open for further replies.
  1. Rubix

    Rubix Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    16
    Hi,

    that´s right received 4 high suspicious file (scanned with virus total see ~Snip. VT images removed per Policy~) , pretty sure didn´t execute them but Eset now has warnings like this when today start windows xp sp3:

    4/20/2009 5:14:05 PM Real-time file system protection file F:\Documents and Settings\Dontcare\Desktop\server.exe probably a variant of Win32/PSW.Agent trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: F:\WINDOWS\Explorer.EXE.
    4/20/2009 5:13:09 PM Real-time file system protection file F:\WINDOWS\Temp\server.exe probably a variant of Win32/PSW.Agent trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: F:\WINDOWS\Explorer.EXE.
    4/20/2009 5:02:37 PM Real-time file system protection file F:\WINDOWS\TEMP\server.exe probably a variant of Win32/PSW.Agent trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: F:\WINDOWS\system32\WgaTray.exe.
    4/20/2009 5:02:27 PM Startup scanner file F:\WINDOWS\system32\WgaTray.exe probably a variant of Win32/PSW.Agent trojan unable to clean DONTCAREPC\Dontcare

    Could it be coincidence?
     
    Last edited by a moderator: Apr 24, 2009
    Rubix, Apr 24, 2009
    #1
  2. Rubix

    Rubix Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    16
    Anyone? if one don´t execute the files there´s no problem right?
     
    Rubix, Apr 24, 2009
    #2
  3. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Hopefully you've done a Google Search for the key parts of the suspected strings; the last one (ie) (system32\WgaTray.exe) has to do with Windows declaring that your Windows OS is not Genuine and it offers a Link to learn the particulars (it's in my system). I would think that's a False Positive and I don't recall how to Send it in so ESET can Correct it. Someone will tell you (if I'm right that it's a FP).

    Do a Google Search for the other Strings and see what you learn until others clarify for either you or me.
     
    COSMO26, Apr 24, 2009
    #3
  4. Rubix

    Rubix Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    16
    Just to know better why am i infected if i didn´t executed the files/virus?

    someone please answer
     
    Rubix, Apr 25, 2009
    #4
  5. eisefr

    eisefr Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    153
    Location:
    Germany
    It doesnt need always a double click to execute a file... ;)
     
    eisefr, Apr 25, 2009
    #5
  6. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    looks like you run it. quick google shows user input. oops.
     
    The PIT, Apr 25, 2009
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...