am I suppose to check AMON log regularly!!

Discussion in 'NOD32 version 2 Forum' started by visitor, Jan 19, 2004.

Thread Status:
Not open for further replies.
  1. visitor

    visitor Guest

    today I opened "virus log" was not expected to see this
    whyNOD didn't alert for it.
    Time   Module   Object   Name   Virus   Action   User   Info
    19.1.2004 1:20:23   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 22:36:08   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 20:00:04   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 13:07:26   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 10:21:43   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    17.1.2004 18:41:23   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    17.1.2004 16:51:01   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    17.1.2004 9:31:58   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    16.1.2004 21:33:57   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    16.1.2004 21:30:08   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    it is likely that you had the option to show the AMON alert window disabled. If so, no pop up window would have appeared, but AMON would have blocked access to the infected files though.
     
  3. visitor

    visitor Guest

    Thanks
    No Sir
    All resident modules and filters are active
    And sice I installed NOD I left factory defaults untoched
    in AMON setup
    Detection: all are ticked

    action: is set to
    prohibit access and display alert window with action selection

    However, red alert pops-up when I tried to open the folder
    C:\Program Files\Windows Media Player\wmp.exe
     
  4. visitor

    visitor Guest

    Can you please tell me why I don't get alerted
    The trojan is detected by on demand scanner
    and is detected by AMON on restart
    BUT NO ALERT
    THE ALERT APPEARS ONLY WHEN THE FOLDER IS OPENED
    haven't deleted it yet hoping that NOD will wake up
    here is fresh "virus log"

    Time   Module   Object   Name   Virus   Action   User   Info
    19.1.2004 14:37:10   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    19.1.2004 13:10:05   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    19.1.2004 12:16:54   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    19.1.2004 11:29:20   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:29:17   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:29:16   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:29:15   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:29:03   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:29:02   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:29:01   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:28:53   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:28:47   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:28:29   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:28:23   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 11:23:00   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      KONE-1\Perhe   
    19.1.2004 9:23:18   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    19.1.2004 1:20:23   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 22:36:08   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 20:00:04   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 13:07:26   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    18.1.2004 10:21:43   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    17.1.2004 18:41:23   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    17.1.2004 16:51:01   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    17.1.2004 9:31:58   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    16.1.2004 21:33:57   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
    16.1.2004 21:30:08   AMON   file   C:\Program Files\Windows Media Player\wmp.exe   Win32/TrojanProxy.Agent.J trojan      NT-HALLINTA\SYSTEM   
     
  5. Tomas

    Tomas Eset Staff Account

    Joined:
    May 2, 2003
    Posts:
    216
    Hi visitor

    I can only guess what happend, but If you look to original log, the file is accessed by NT-HALLINTA\SYSTEM. That means, the file is accessed by some system process and this may happen before user is logged on, so that there is no GUI running, that can show the alert window. Anyway, AMON is preventing ANY program (including system) from accessing the file so it cannot make any harm to your computer.

    Regards

    Tomas, Eset
     
  6. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Also, you should run the on-demand scan (NOD32 from the desktop, start-menu, or from the NOD32 Control Center). Click the "Clean" button to scan your system. When any infected files are found, it will ask you what to do with it. If "Clean" is available (shouldn't be for that infected file), choose "Clean". If it isn't available, choose "Rename" or "Delete".

    You should also visit http://www.windowsupdate.com/ to make sure that you have all the available security updates.

    Best regards,
    Anders
     
Thread Status:
Not open for further replies.