A Welcome From Myself To The Wilders Community

Greetings Wilder Community,

I thought it would be apprpriate of me and only right to introduce myself as I've simply "appeared" somewhat - I'd like to say Hello to Nick also, we've both resident on the Windows XP Magazine Forum. If you hadn't already gussed, my name's Scott and I'm a Security Evangelist for Microsoft Windows - Although I don't work for Microsoft. I'm currently self-teaching myself Visual C++ .NET Programming using Microsoft Visual Studio .NET 2003 using the .NET Framework 1.1 and soon to be 2.0 although I have a good way to go before 2.0 sees the light of the compiler.
I appear however to have been the victim of an exploit attempt. I currently use Eset NOD32 Anti-Virus System 2.51 with Webroot Spy Sweeper 5.0.5. and both are up to date definitions-wise. I was searching for MySQL Hosting of all terms just now, and clicked a Hyperlink through searching for Hosting via MSN Search. Spy Sweeper immediatly blocked communication with a known Spyware Server and Eset NOD32 has quaratined two WMF files and both have just protected me from becoming a victim of a variant of the Win32Windows MetaFile Exploit which was patched by Microsoft in January. Interesting. Either way, no harm has come of it - I hope.

NOD32 is configured using the configuration settings via this Forum and I've rescanned my Temporary Internet Files folder with both Spy Sweeper and NOD32 and both report no malware infections. Interestingly, I browsed the Quarantine Folder in NOD32 and found the following:

A Variant Of Win32/Exploit.WMF Trojan File Size: 8192 Bytes

AMON also reports the following:

Quarantined - Deleted - Error While Cleaning - Operation Unavailable For This Type Of Object
Operation Unavailable For This Type Of Object

As far as I know the file has been quarantined but the crux of the matter is that I password-protected my settings and unfortunately cannot remember the password so I cannot either submit it to Eset nor remove said offending file. It's the first time I've met malware in one year and I'm worried to say the least but I'm quite certain no harm has come of it.
Finally, if this thread breaks anything within the FAQ, please feel free to remove the thread at will but all in all I thought it only right to introduce myself and make myself known in the Community, I'll help whenever and wherever I can. And as I final point, I'm looking to Microsoft as a future employer - Aren't we all.

Regards,

Scott Sutton

 

Hi Scott,
and welcome

Depending upon how you configured your ThreatSense settings you will either be prompted to submit the sample (default) or it will be sent automatically unless ESET have already received a copy of that same sample. Either way no pre-emptive action is required on your part.

For your settings password question, you can find the answer here...

Cheers

 

Greetings NOD32 User,

Thank you for your reply, I'm certain I'll be frequenting the Wilders Security Forum often, I've seen the Community talked about in Windows circles and all in all it seems that it's a friendly atmosphere. Eset Support have sent an Unlock Code and I can now access the Control Center, I recieve a reply within 5 minutes of submitting the Support Ticket. The Support that Eset provides is excellent, I previously had two instances of contacting on Monday and both instances were replied to and dealt with within 5 minutes also. I can't fault it.

Regarding the malware, I'll submit it to Eset for verification and suchlike, as far as I'm concerned I don't want to take chances with malware. I despise the poeples that create malware, they cause others harm when the Internet is to be enjoyed, unfortunatly some abuse this resource and take it for granted. I have no sympathy for those who create misery for others. Either way, regarding my incident earlier tonight, I gather there is nothing to be alarmed of in terms of the malware affecting my machine? I should think not but I'm going to disconnect my machine from the LAN and scan my system just now.

Regards,

Scott Sutton

 

I would suggest no further bother - you've got two different scanners but better safe than sorry.

It may be worth including a link to this thread with your sample submission for reference.

Enjoy your evening.

Cheers

 

Just so you know (and you probably already do), NOD32 considers "cleaning" to be the action of extracting the virus code from a file, while leaving the rest of the file intact. Since NOD32 could not do that with this particular file, it went ahead and deleted the whole thing. In the process, it saved a copy of this file in the quarantine section.

It is actually quite common that the virus cannot be "cleaned" from the rest of the file, since most virus files these days are close to 100% virus, anyway. I just wanted to point this out, since the "Error While Cleaning" message can cause unnecessary alarm. Most users consider "cleaning" and "deleting" to be the same thing, but NOD32 gives them two separate meanings.

 

Greetings ALGLOVE,

In regards to your comments, I was confident that NOD32 had quarantined the file and attempted to remove the malicious code but I wasn't entirely sure that the exploit had cause damage to my data. Saying that, the issue was patched by Microsoft in January 2006 therefore there was little to worry about.
I began using Windows legitimately a year ago due to issues with Student Funding and suchlike and since using the OS legitimately I haven't encountered any infections of any type, in fact tonight wouldn't have been classed as an infection either because it was quarantined automatically and therefore didn't infect my system. Before, my media was ironically infected but I had promised myself that I would purchase Windows, and I did, I enjoy using legitimate software. In fact I've never seen a NOD32 Boxed Product because I downloaded my license via Eset's Online Store - I have a 3 year license thanks to my girlfriend who also uses Eset NOD32 Anti-Virus System and Webroot Spy Sweeper. I can't wait for the Security Suite to be released either in BETA or in final release but it'll be an upgrade worth waiting for.

Thank you all for your advice and assitance, my system was reported clean by both Webroot Spy Sweeper and Eset NOD32 Anti-Virus System and I'm confident I've come to no harm. Possibly the critical reason for this is because my Account is in the User Group for safety and everyday browsing. I rarely use the Administator Account.

Regards,

Scott Sutton

 

If only everybody did that life would be so much easier... (*sigh*)