False Positives?

Discussion in 'NOD32 version 2 Forum' started by squire, Nov 10, 2004.

Thread Status:
Not open for further replies.
  1. squire

    squire Registered Member

    Joined:
    Dec 10, 2002
    Posts:
    20
    I am presently running Nod 32, v 2.12.3 with latest updates on XP Pro machine. AMON continues to find the following:

    Time Module Object Name Virus Action User Info
    11/10/2004 5:42:04 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\21A3EC\ Win32/TrojanDropper.Bridge.A trojan

    Time Module Object Name Virus Action User Info
    11/10/2004 5:42:04 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\244AD9\Win32/PSW.Delf.CT trojan

    11/10/2004 5:42:03 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\32657\Win32/TrojanDownloader.IstBar.ER trojan

    11/10/2004 5:42:03 AM AMON file C:\DOCUME~1\jerk\LOCALS~1\Temp\AAWTMP\C238743265\F770D\ Win32/Bionet.405 trojan

    Nod 32 cannot, quarantee, delete or rename.

    The following programs do not find the above, TDS3, Tauscan, Spy Sweeper, SpyBot, Adaware se Pro, and Pest Patrol.

    My question is why aren't the trojans being detected by the anti trojan programs and removed? Are the trojans false reports? If not, why are not the other programs detcting them? How can I get rid of them? Any light and info will be most appreciated.

    squire
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Squire, just empty you Temp folder by doing the following:

    Open up Internet Explorer

    Click on Tools

    Internet Options

    General TAB

    Temporary Internet Files

    Delete Files

    Delete All Offline Content

    Then run a further scan with Nod32, it should come up clean.

    Let us know how you go...

    Cheers :D
     
  3. squire

    squire Registered Member

    Joined:
    Dec 10, 2002
    Posts:
    20
    Blackspear,

    Worked like a charm. THANK YOU! ;)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Squire,
    please make sure you're using the latest version (2.12.3) with the HTTP scanner available on our website and that you have your browsers set to higher efficiency mode. If you have it set so, those trojans would have certainly be intercepted by IMON before they had been written to the disk.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It was because they were in the adaware unpacking folder


    I presume NOD flagged them when adaware was doing a scan

    the reason NOD can't delete them is because the files are locked by adawre whilst it is scanning them

    this advice on the adawre support forums explains it completely
    http://www.lavasoftsupport.com/index.php?showtopic=14501

    to clear them completely do this

    but I think that they will be gone already because adaware empties that folder normally when it finished scanning
    Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.

    then go to C:\windows\temp and select EVERYTHING except temporary internet files, cookies and history folders and delete all that and then do the same for C:\temp

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive if you wish to
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    to do a little experiment to prove it do this
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"
    then navigate to

    C:\DOCUMENTS AND SETTINGS\jerk\LOCAL SETTINGS\Temp and see that there is no \AAWTMP temp folder listed

    start adaware and do a scan and that folder with a numbered sub folder will appear as if by magic and as soon as adaware stops scanning and is closed then that folder is deleted automatically
     
  7. squire

    squire Registered Member

    Joined:
    Dec 10, 2002
    Posts:
    20
    Marcos,
    Please excuse my ignorance, but I don't understand, I am using Firefox 1.0PR as my browser and have NOD32 v 2.12.3. How do I set to higher efficiency mode and the scanner available on the website. I'm sorry, but I'm not following you.
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
    Under Imon, http, setup, click where the pointer is located and it will change modes.
     

    Attached Files:

  9. squire

    squire Registered Member

    Joined:
    Dec 10, 2002
    Posts:
    20
    Blackspear, Marcos, dvk01, and ronjor;

    Gentlemen, thank you each for your prompt reply and assistance. Not only have you solved my problem, but you have helped me set up NOD to perform at its full capability. Without your help, this would not have happened. A sincere THANK YOU to all of you.

    squire :D
     
  10. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Didn't know if you have seen this great thread by Blackspear about how to setup NOD to it's fullest capicity. Very nice read.

    Thanks,

    Chris
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
    You're welcome squire. :)

    https://www.wilderssecurity.com/showthread.php?t=37509
     
  12. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Thanks ronjor I don't know what happened to my link but thanks for putting it up :)

    Thanks,

    Chris
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
    Chris12923

    You're welcome.
     
  14. squire

    squire Registered Member

    Joined:
    Dec 10, 2002
    Posts:
    20
    Yes I have read and printed it for future reference. Thanks. This forum sure has a bunch of great guys willing to help!

    squire :D
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Yeah a good bunch here Squire.

    Great to see you had a good result.

    All the best...

    Cheers :D
     
Thread Status:
Not open for further replies.