False Positive or Real Trojan

Discussion in 'NOD32 version 2 Forum' started by TheKid7, Oct 8, 2007.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,502
    I clicked on a link this morning and NOD32 said that there was a Trojan injection attempt and that it was successfully stopped. I downloaded and installed McAfee Site Advisor (Free Edition) and Site Advisor says that the site is safe. I am thinking that Site Advisor may not have up-to-date information on that website.

    Yahoo Search Results (Item No. 1 was the link that I clicked on.):

    ~Link removed~


    I am too concerned to try clicking on the link on my PC that has McAfee Virus Scan Enterprise 8.0 on it to test it out again. Does anyone have any comment/opinion on whether or not this was a real Trojan injection attempt.

    Thank you.

    NOD32 Threat LOG:

    Time Module Object Name Threat Action User Information
    10/8/2007 6:33:46 AM IMON archive a variant of Java/ClassLoader trojan Connection
    10/8/2007 6:33:43 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:42 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:41 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:40 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:39 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:38 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:38 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:37 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:36 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:35 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:34 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:33 AM IMON file [ probably a variant of Win32/Statik trojan

    Links removed. No links to possible malware in the forums. - Ron
     
    Last edited by a moderator: Oct 9, 2007
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Followed the link and NoScript blocked the site. I guess if NOD32 and NoScript blocked access to the site it may be a real threat.
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    That IP belongs to an ISP known to host malware. I'd check that your system is clean.
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    disable the links please - links to suspected malware are NOT allowed in the forum.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,298
    Location:
    Texas
    TheKid7,

    No links to possibly shady sites please. Submit the files to Eset for examination.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.