Big Problem

Computer XP Home /SP2
2 hard drives
NO one partitioned c- main / d – data / e – store
NO 2 partitioned f – image / g - backup


• One year ago I bought ‘eve ‘2.5’ academic plagiarism detection program and it had worked fine until three weeks ago when Nod reported a problem but did not delete
• I contacted Eve having paid for it but got no reply
• Yesterday on my routine full system scan Nod cleaned the whole computer even the install prog from e drive – and reported
• Time Module Object Name Threat Action User Information
> 06/07/2006 11:06:50 AMON file C:\Program Files\EVE2.5\eve2.exe
> IRC/SdBot trojan deleted JOANMAIN\JOAN Event occurred at an attempt to
> access the file by the application: C:\WINDOWS\Explorer.EXE.
• I have no means of knowing whether this is a false alert but Nod
deleted the file therefore I cannot use the program
• Contacted Nod who were brilliant and replied
• Could you please send us an example of those files, so that we can test
it and the problem can be fixed?
(This file C:\Program Files\EVE2.5\eve2.exe)
We are very interested in receiving samples of these files for analysis.
• I attempted to copy from CD disc could not get exe over and neither would it install even with Nod disabled
• Today took image back x 4 and despite disabling nod could not zip exe to send it just disappeared
• Went to site http://www.canexus.com/eve/download.shtmland attempted to download and got this message
• Firefox cannot find file at eve_setupexe and I.E. reported connection with server was terminated abnormally
• I have scrubbed the computer clean BUT I do not understand why I could not zip program change permissions or download from their site have they done something to my computer though I am back on basic image where eve was never installed

Sorry this is so long much thanks

 

I split this post off from your test thread and moved it to the NOD forum where it will receive proper attention.

Regards;

Steve

 

Thanks so much I am desperate for some advice

 

I guess this file is already in the quarantine so open NOD32's Control Center and -> Quarantine and follow the instructions to Submit it for analysis .

You can also submit these files to Virus Total for analysis from all AV softwares . Here

 

No as soon as I pointed file to Quarentine it just disappeared off the computer and Nod said could not Quarantine - I have just tried downloading again now and Nod will not let me and having tried once Firefox then cannot access site for second time

 

Do the following on your own risk
If you are sure this is wrong , this is false positive , disable AMON and IMON . Open NOD32's Control Center and disable AMON and IMON . Then try to download these things and send them to:
samples@eset.com

Subject : False Positive
Point them to this thread here at Wilders
It would be a good idea if you can password protect what you send and don't forget to mention the password



EDIT :
Why don't you just reply to the Tech Support and send the link with these files so that they download them if you cannot

 

I took the risk and disabled Nod totally but even firefox could not download off the site and I still could not down load file and ‘eve exe’ would not let me zip them when I tried never mind password themI could not change the permissions I tried and even looked in registry I did send http://www.canexus.com/eve/ in reply to email obviously I’m not sure if it’s a false positive or not – it will need someone better than me to try

 

Well , you said you sent it to the Support .

Can you send the link to also samples@eset.com and to support@eset.sk
Describe the problem in details and if it is something to be fixed , it will be soon

 

Thank you so much- I have done what you asked

 

You are welcome ! Good luck

 

I downloaded the program, extracted "eve2.exe" from the installer and uploaded it to a couple of online web scanner services (jotti's and VirusTotal). I noticed that NOD32 isn't alone in labelling this as an "SdBot" trojan; F-Prot (together with Authenium) labels it as "W32/Sdbot.TAH". Seems to be runtime packed with "Armadillo". The MD5 of the file is: de7d3a95b14e31046ccc5c3e45feb595

EDIT: Ewido detects it also, as "Backdoor.SdBot.are". UNA also, as "Backdoor.SdBot".

 

If so , it is definitely not a fp

 

Kjempen / HiTech_boy

• So relieved that someone else has downloaded the program and got the same result
• I have taken both computer back to basic image that did not have eve on it
• Scanned with Nod and free ewido /A2 though ewido nor A2 picked this upon my computer
• Tried downloading again now after quitting nod - no
• Message – could not be saved because the source file could not be read try again later or contact server administrator
• When I disabled everything I down loaded it OK – why is that happening as you were able to download OK
• Could someone tell me whether they have blacklisted me on their site – if so I don’t care OR more worrying have they done something to my computer to stop me downloading

 

Nobody here can confirm if they have blacklisted you/your IP/your PC but there is no reasonable reason for this so I think you are not banned but note I cannot confirm.

Second , you need to know NOD32 rarely gives false positives . Moreover , kjempen confirms that NOD32 is not the onliest scanner flagging this as a real threat . As I said , if you send the Support and the VirusLab a link with this , they will analyze it and will fix if something is wrong . If this is a real threat , it will remain and you should not use it anymore !

I cannot understand that question
When I disabled everything I down loaded it OK – why is that(what that) happening as you were able to download OK

Read the whole thread and perform the recommendations . Good luck !

 

Please forgive - elderly lady - big secret out not computer literate
• I know you cannot confirm if I am blacklisted –but I was asking could they do it is it possible but as you mention IP address I suppose they can
• I wrote them a stinker of an email and said I had contacted Nod – no reply
• What does this thing do??
• When I opened Nod and clicked quit – I could not download eve exe and got that strange message – ‘could not be saved because the source file could not be read try again later or contact server administrator’
• I uninstalled Nod and downloaded eve on to disc [don’t worry scanning now]
• Just wondered why the difference

 

? ? ? ? ?

The tech support should reply you . The VirusLab will check and will fix only if necessary . If the detection is not removed then this means this is real threat/malicous software and you should not use it .

I also don't worry !

 

Lady's age is a secret!!
I know Nod will reply wish I could report this lot somewhere
Computer now clear many thanks