ESET NOD32 Antivirus 4 ver. 4.0.424.0 detects A00000035.exe -what should be done-

http://i147.photobucket.com/albums/r292/peacedrunx/Random%20pix/nod32falsepositive.jpg




ESET nod32 keeps on detecting SVChost.exe as a virus which i know it is not because its an important windows file from system32 .. and that the virus name is svShost.exe or sCVhost.exe right?

i tries a couple of ways for it not to be detected. all in failure. tried the 'exclusions' on adv. mode and tried turning off heuristics/adv heuristics. still being detected.

and as you can see on the pic(link above), i somehow can't check/uncheck the "exclude from detection" w/c if i could check the box, would probably solve my problem.

thing is, im afraid someone from house might delete the file while im not around, even though i said not to.




seems like A00000035.exe is attacking svchost.exe? don't really know. what should i do?

won't svchost.exe be affected if i delete/clean it?

Edited- i have mistaken thanks to Mr. chrcol and Mr jim

 

Re: ESET NOD32 Antivirus 4 ver. 4.0.424.0 svchost.exe false positive -help-

its detecting that A00000035.exe as the virus not svchost.exe

 

Re: ESET NOD32 Antivirus 4 ver. 4.0.424.0 svchost.exe false positive -help-

Yes exactly. It looks like you have a virus that has attached itself to one or more Windows services. Some of the mroe nasty viruses atach themselves to every svchost process, including the login process, which makes it hard to remove.



Jim

 

Re: ESET NOD32 Antivirus 4 ver. 4.0.424.0 svchost.exe false positive -help-

oh, i thought it was the svchost.exe, since i saw the svchost name, i was afraid to do something about it, because i might cause something bad.

and i just recently used eset av.

should i delete/clean it then? or submit it first? if i delete it, won't cause any problems to svchost.exe ?

what's the best course of action?



10/5/2009 6:25:51 PM Real-time file system protection file D:\System Volume Information\_restore{6C394580-A3CD-4CEC-AF66-EE5E4F9B3024}\RP1\A0000035.exe probably a variant of Win32/Agent trojan JULIAN\pamilya baranda Event occurred during an attempt to access the file by the application: C:\Program Files\Mozilla Firefox\firefox.exe.


10/5/2009 4:39:13 PM Real-time file system protection file D:\System Volume Information\_restore{6C394580-A3CD-4CEC-AF66-EE5E4F9B3024}\RP1\A0000035.exe probably a variant of Win32/Agent trojan NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.



---Should i quarantine and delete these kinds of detections? delete or clean?



thanks for the fast reply.

 

You can safely delete them. Apparently your system is infected, so I and WildersSecurity team encourage you to seek help in one of the following forums:: SpywareInfo, BleepingComputer, GeeksToGo, Malware Removal or WhatTheTech.

 

He's fine, just delete that restore point or let NOD32 delete that file from the restore point.This virus in system restore DOES NOT mean svchost is infected, system restore mearly made a backup of your system and renamed whatever that virus was to that file name you see there.if you restored from that restore point, then that file would be renamed on your system to whatever the original was.... not a big deal, no need to panic.

 

thnx a lot guyz for the quick responses ^___^ i had really thought svchost was infected or something.

glad i came cross this forum. already bookmarked it and on my toolbar =)

i let nod32 quarantine it and i had deleted it on the quarantine section. never came across it up to now =)

and i would take note on those threads you linked Mr.Fixer, in case something else happens =)

thanx very much guys ^__^