ESS don't see Ardamax Trojan . Why?

Discussion in 'ESET Smart Security' started by greenfly, Jun 27, 2008.

Thread Status:
Not open for further replies.
  1. greenfly

    greenfly Registered Member

    Joined:
    Dec 18, 2006
    Posts:
    43
    I have downloaded one aplication on my desktop computer were i have installed KIS 0.7. In fase of download KIS stopped the download because the file was infected with Ardamax Trojan.

    On my laptop , were i have installed ESS , i tryed to download the same file , and ESS had non see anything.. I have send the infected file to virustotal and Jotty to analyse ,, there is the photo in att.

    I runned the infected file, and ESS >nothing.o_O

    In HJT log i found and clean a lot of infected temp files......

    I feel disappointed.....:'(

    Edit: Screenshot removed per the forum policy
     
    Last edited by a moderator: Jun 27, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Again, it's mostly an installer with encrypted files attached. It's very likely that the keylogger itself would be detected upon extraction when the files are decrypted.
     
  3. greenfly

    greenfly Registered Member

    Joined:
    Dec 18, 2006
    Posts:
    43
    Noup... i have installed the program,, nothing detected.

    edit : sorry, now the infected files are detected......,, but is to late > i'm allready infected.....maad
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Was that "aplication" the Ardamax Keylogger program ?
     
  5. greenfly

    greenfly Registered Member

    Joined:
    Dec 18, 2006
    Posts:
    43
    Yap....
     
  6. ASpace

    ASpace Guest


    Pictures say it all
     

    Attached Files:

    • 1.png
      1.png
      File size:
      128.1 KB
      Views:
      6
    • 2.png
      2.png
      File size:
      24.2 KB
      Views:
      342
    • 3.png
      3.png
      File size:
      51.6 KB
      Views:
      5
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Is it now "detected" because you re-adjusted your settings to monitor Potentially unsafe applications, which is enabled by default ?
     
    Last edited: Jun 27, 2008
  9. greenfly

    greenfly Registered Member

    Joined:
    Dec 18, 2006
    Posts:
    43
    Is not that program , I have downloaded "Fraps" from Rapidshare. I'm not sure that i can post the linko_O Rules.....maybe in private??
     

    Attached Files:

    • 22.jpg
      22.jpg
      File size:
      293.3 KB
      Views:
      5
  10. ASpace

    ASpace Guest

    We can see the "thing" is detect . Boot in Safe Mode and run a scan (Start -> Program -> ESET -> ESET Smart Security) . Confirm with YES and the ESET Command line scanner will start scanning and cleaning

    However , if you suspect something is undetected or there is a problem in its cleaning , send information to ESET ThreatLab -> samples@eset.com .
     
  11. greenfly

    greenfly Registered Member

    Joined:
    Dec 18, 2006
    Posts:
    43
    Can't boot in safe modeXP, because i have Dualboot with Vista ,and there is no options to enter in XP safe mod,, only Vista safe mod on which i have AVG free installed...
     
  12. ASpace

    ASpace Guest

    You can boot in XP Safe Mode:

    1st way:
    Just after you choose your OS (a.k.a. Microsoft Windows XP) , start pressing multiple times F8 , which will lead you to the Advanced menu where you can choose to enter Safe Mode . The fact you have mode than one OS installed doesn't really matter

    2nd way:
    Open Start -> Run -> type msconfig , press ENTER . In the "boot" tab , check "Safe boot" (you can change other options , too) , confirm the changes and restart . This way you'll enter Safe Mode . In order to start in Normal mode again , you must uncheck the "Safe boot" in msconfig.


    Another way to clean the XP partition is to enter Windows Vista and run ESET Online scanner from www.eset.com/onlinescan
    Make sure to first run IE7 as administrator
     
Thread Status:
Not open for further replies.