File haijacking !!!

Discussion in 'NOD32 version 2 Forum' started by RCNUWC, Oct 13, 2008.

Thread Status:
Not open for further replies.
  1. RCNUWC

    RCNUWC Registered Member

    Joined:
    Oct 13, 2008
    Posts:
    1
    Hello,

    we have a case at the school where students missing their files and replaced with a text files that have the same names and extensions!!


    the text files has the following message:

    after looking around I found that all the files are there and they are hidden and renamed Hide_filename


    what disturbed us that NOD32 in our school's computer did not find the program or the script that does this!!!

    any idea how to stop that?


    cheers
     
  2. ASpace

    ASpace Guest

    Hi !

    I have never seen such thing but it sounds funny ... Anyway , it is a problem for you and your users.


    Download and run ESET SysInspector
    http://www.eset.com/download/sysinspector.php

    When the utility has collected the information , click File > Save Log
    Confirm your wish. A log file , placed in a zip archive , will be created.

    Contact ESET Technical Support , samples@eset.com or to your local Support Dept. (depending on where you are located).

    In the email describe the case , include a link to your thread here and attach the log file . Note , you may wish to send 2 or 3 log files from some different machines , for better analysis.
     
    Last edited by a moderator: Oct 13, 2008
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Besides sending the SysInpspector log to samples[at]eset.com with this thread's url in the subject, also attach the default template used by MS Word and Excel. Also try installing ESET NOD32 Antivirus which has better detection capabilities than v2.
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    A couple of links that may be helpful for research:

    http://in.answers.yahoo.com/question/index?qid=20080717043409AAod3bz

    http://tibebeantonios.wordpress.com/2008/03/10/53wedew-aysiku/
    Before you delete anything if it's that simple, I'm sure Marcos would love a copy to analyse.

    Cheers :)
     
Thread Status:
Not open for further replies.