False Positive or Real Trojan

Discussion in 'NOD32 version 2 Forum' started by TheKid7, Oct 8, 2007.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I clicked on a link this morning and NOD32 said that there was a Trojan injection attempt and that it was successfully stopped. I downloaded and installed McAfee Site Advisor (Free Edition) and Site Advisor says that the site is safe. I am thinking that Site Advisor may not have up-to-date information on that website.

    Yahoo Search Results (Item No. 1 was the link that I clicked on.):

    ~Link removed~


    I am too concerned to try clicking on the link on my PC that has McAfee Virus Scan Enterprise 8.0 on it to test it out again. Does anyone have any comment/opinion on whether or not this was a real Trojan injection attempt.

    Thank you.

    NOD32 Threat LOG:

    Time Module Object Name Threat Action User Information
    10/8/2007 6:33:46 AM IMON archive a variant of Java/ClassLoader trojan Connection
    10/8/2007 6:33:43 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:42 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:41 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:40 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:39 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:38 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:38 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:37 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:36 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:35 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:34 AM IMON file probably a variant of Win32/Statik trojan
    10/8/2007 6:33:33 AM IMON file [ probably a variant of Win32/Statik trojan

    Links removed. No links to possible malware in the forums. - Ron
     
    Last edited by a moderator: Oct 9, 2007
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Followed the link and NoScript blocked the site. I guess if NOD32 and NoScript blocked access to the site it may be a real threat.
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    That IP belongs to an ISP known to host malware. I'd check that your system is clean.
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    disable the links please - links to suspected malware are NOT allowed in the forum.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    TheKid7,

    No links to possibly shady sites please. Submit the files to Eset for examination.
     
Thread Status:
Not open for further replies.