For re-search

Discussion in 'Other ESET Home Products Beta' started by dorgane, Feb 23, 2010.

Thread Status:
Not open for further replies.
  1. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    hi,
    sorry for my bad english, i have an question.
    I search active malware in France, i have send an file : IM88532.JPG-www.facebook.com.exe ( MD5 : 38f06b4bb8e9af0b9b409bcabab3a237 )


    after few hours this worm has detected :
    but after again few hours i have an email :

    and i have an other detection for THIS file (is not an other) :


    Now i have send an other, ( 2192e7f5593bd75f502f3cf07bf0e682 with named too : IM88532.JPG-www.facebook.com.exe )
    is pending.

    but my question, why i have 2 differente detection for on file ? it is infocard.exe make different detection ?

    thank you for help, it is for my blog, follow and help friend ;)

    Eset'Fan
    Aranud.fr
     
  2. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    621
    Location:
    Sydney Australia
    %SystemRoot%\infocard.exe - this is not where infocard.exe should be. I suggest submitting that file also.
     
  3. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    hum ok,
    i go to work now but this today i remake test and i scan with nod32 for see if detect it with this 2 samples ;)


    thank you for reply ;)
     
  4. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    i remake test and result is good.

    ok files is deleted :

    but I have an question, eset remove keys registry infected ?
    because i make sysinspector computer clean, computer infected and computer cleaned, i don't see in the cleaned keys registry ? o_O
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The reference to IM88532.JPG-www.facebook.com.exe should be removed from the registry if the threat has been cleaned.
     
  6. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    ok ok is very good but it is harm that nod32 not say key of registry cleaned/deleted :p
     
  7. timid

    timid Registered Member

    Joined:
    Mar 3, 2010
    Posts:
    22
    the scanner automatically deletes/cures all the files and registry entries neccessary according to how the ESET guys set it in the virus database update :)

    also if you wish to delete registry, files or other stuff that has not been removed, you can use ESET SysInspector for that, to see its capabilities and how to use it to modify your system see this article: http://mertinger.spaces.live.com/blog/cns!7D5A978937E2E1DD!165.entry
     
Thread Status:
Not open for further replies.