help - nod32 found win32/trojandownloader.1stbar.er

Discussion in 'NOD32 version 2 Forum' started by shaussie, Jul 9, 2005.

Thread Status:
Not open for further replies.
  1. shaussie

    shaussie Guest

    Hello all,

    Hoping you can help.

    I performed an indepth analysis scan and it turned up a threat named win32/trojandownloader.1stbar.er. It stated that it could be deleted, however, the delete button was inactive. The leave button was the only active option available.

    I have performed scans with updated Spybot 1.3, adaware SE 1.5, tds, cwshredder and ewido all finding no threats.

    Each time I have run nod32's indepth analysis, it finds the same threat in altering hard drive locations, but each time, is unable to delete the file.

    I restored XP back to an earlier date and this found no threats initially on repeat indepth scans but has since shown up again.

    Any ideas much appreciated.

    Cheers
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please provide the full path of what was found from your log files in the Nod32 Control Centre.

    Cheers :D
     
  3. shaussie

    shaussie Guest

    E:\System Volume Information\_restore{F9048497-1820-4765-91C9-C926222A4705}\RP6\A0000310.exe »NSIS »gunist.exe »NSIS »proxya.exe - Win32/TrojanDownloader.IstBar.ER trojan

    C:\System Volume Information\_restore{F9048497-1820-4765-91C9-C926222A4705}\RP6\A0000317.exe »NSIS »proxya.exe - Win32/TrojanDownloader.IstBar.ER trojan

    Is this the log details you requested?

    Thanks
     
  4. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Hello shaussie,

    Try this:
    - disable the system restore
    - restart your computer in safe mode
    - perform a scan with Nod32, all options turned on like below (click on the 'Scan & Clean' button)
    - restart your computer in normal mode
    - enable the system restore
     
  5. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    "Delete" button is inactive because file which contains that trojandownloader is in archive. NOD32 cannot manipulate with archives. Try to delete file manually..
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You can't from System Restore, simply turning it off and rebooting should resolve this issue.

    Cheers :D
     
  7. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Ups, I did not notice where are files located. :eek:
     
  8. shaussie

    shaussie Guest

    Cheers everybody for your help - that seems to have solved my problem.

    Thanks again all,
     
  9. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Thanks for the feedback :D
     
Thread Status:
Not open for further replies.