A trojan variant?

Discussion in 'NOD32 version 2 Forum' started by dee, Jul 23, 2004.

Thread Status:
Not open for further replies.
  1. dee

    dee Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    72
    It was suggested in the Wilders TDS3 forum that maybe NOD would want to know about this. It may or may not be a Trojan variant. NOD32 said that both the original file [zipped though] & also that the executable within the zipfile were OK after being scanned. BTW, NOD had been updated on the previous day, & I run Win98SE.

    Well anyway, they weren't OK, I became suspicious when the executable "disappeared" from its folder, and WinPatrol alerted me to this, and allowed me to remove a very suss-sounding running program & a restart command. So then I performed a full system scan with NOD - & NOD reported 5 Trojans & deleted them for me.

    It would be easier if you had a look here -

    https://www.wilderssecurity.com/showthread.php?t=42414

    cos that's where all the relevant info is - & then let me know if Eset would want the original zipfile submitted before I nuke it forever. The Trojan was added to TDS database today.
     
  2. dee

    dee Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    72
    I'm in trouble now & need some help. When performing a C:\ drive scan with TDS3, AMON popped up with a virus warning. TDS3 had again found the same file & said it couldn't read it cos it was locked. So I was pretty happy that AMON was riding to the rescue, or so I thought.

    Sorry, I didn't do a screen capture, but that's easily arranged if nec.
    This is what AMON said -

    NOD32 A/V System warning:AMON – A/V monitor.
    Virus detected.

    Virus Information
    File: C:\program files\defence\xDynamic\TDS.Unpk\Osama Dead.exe
    Virus: Win32/Hackarmy .Z trojan
    Comment: AMON cannot clean this infiltration. Error while deleting. Error while renaming. Event occurred on a newly created file

    Told AMON to quarantine the file & it didn’t say anything. But when I closed the Virus warning, I got another popup with “Error occurred when quarantining file"

    So can AMON assist me with this at all, cos right now it sure doesn't look like it.
     
  3. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    If you browse to C:\program files\defence\xDynamic\TDS.Unpk\ you might find that Osama Dead.exe has already been deleted. Not sure why NOD32 gets its knickers in a twist like this sometimes. It happened to me a lot last time a load of trojans were found.

    http://uberish.fastmail.fm/1.jpg
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Dee,
    do you use the latest beta with the HTTP scanner to deny the possibility that the trojan comes from the Internet?
     
  5. dee

    dee Registered Member

    Joined:
    Jul 1, 2003
    Posts:
    72
    It seems I should turn off NOD32 before I scan with TDS3, and then re-enable it. I didn't know this, but I've never had a virus or other malware before & this is going to be my last.

    Have submitted the file to Nod32 as suggested in the TDS forum, hope they don't mind.

    And no, I don't use the beta version, I have no inflated ideas of my skills as a tester! I like version 2.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The Beta is very stable, only the rare glitch. It is a spruked up version 2, like having mag wheels and a fancy paint job, together with all wheel drive and all wheel disc breaks, she looks good, handles a lot better and breaks on a dime :D

    Cheers :D
     

  7. I wouldn't exactly say that it's stable with only the rare glitch. There are countless posts in this forum from Mele and others who have encountered significant problems! I wouldn't install it on any of my machines!
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    Works great on my XP sp1 machine. Not one problem so far.
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    And you are comparing this to what? I have been running the pre-release Beta for quite some time now, until the version installed last night it has been going rather well. You may want to take a look at the previous Beta Forum going from Version 1 to Version 2, there were a lot more problems there...

    My only problem is a rare glitch bringing with it a lsass.exe error, which has been posted in new thread...

    Cheers :D
     

  10. As stated in my original thread, I'm comparing it to THIS forum. There are many posters talking about the many problems that are occurring with this Beta, one person that comes to mind is Mele. Simply look through all the threads for yourself and see for yourself.
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    No problem running it on a WinXP Pro machine. I consider it very stable, especially for a beta.

    Also great improvements by adding the HTTP scanner, AH option to AMON
    and the NOD32 scanner, etc.!
     
    Last edited: Jul 23, 2004
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    See Marcos's reply to Mele:

    https://www.wilderssecurity.com/newreply.php?do=newreply&p=224920

    Cheers :D
     
Thread Status:
Not open for further replies.