Imon detected virus, now what

Discussion in 'NOD32 version 2 Forum' started by scootnod, Oct 9, 2004.

Thread Status:
Not open for further replies.
  1. scootnod

    scootnod Registered Member

    Joined:
    Oct 9, 2004
    Posts:
    30
    I clicked a link at a site, which opened up another site and then Imon popped up. I wasn't trying to download anything, I was just surfing. How do I know if it infected my computer or not, or if it did anything nefarious? I was prompted for action, and I selected terminate connection. I'm running spyware guard, spybot sd resident, spyware blaster, and nod32.



    I have this in my virus log.
    Time Module Object Name Virus Action User Info
    10/9/2004 20:13:21 PM IMON archive http://www.[I]snip[/I]/TrojanClicker.Krepper.A trojan connection terminated
     
    Last edited by a moderator: Oct 9, 2004
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
  3. scootnod

    scootnod Registered Member

    Joined:
    Oct 9, 2004
    Posts:
    30
    Thanks for the reply. I also just realized when I pasted the log it made it an actual link to the infected file. I made it so it isn't a link anymore, so people don't accidentally click on it and get infected. Sorry.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No problem, all sorted :D

    Aside from the stress of your first HTTP warning, I bet it was rather nice to see Nod32 jumping to your defence ;)

    Cheers :D
     
  5. scootnod

    scootnod Registered Member

    Joined:
    Oct 9, 2004
    Posts:
    30
    Thanks for the edit BlackSpear. I kind of thought after my edit I should have **** the exact path too. Whats funny is I remove viruses at work (College Computer Lab, Facutly computers) all the time without any stress -- But when its my own :D, thats another matter. Although I always deal with after computers are already infected. I was pretty sure NOD caught it, I checked the registry, did an in depth scan, ran Adaware and Spybot. I am very impressed with every aspect of NOD32, I like it a lot better than Norton and McAfee. Even though it caught it, I did just go download the TDS suite, for worm/trojan defense.
     
  6. scootnod

    scootnod Registered Member

    Joined:
    Oct 9, 2004
    Posts:
    30
    Oh oh. I received a fake email today, with the subject "ebay identity theft alert". The picture wouldn't display probably from one of my security programs. Does that mean the trojan got information off my computer even though the process was terminated?! The email address (my internet provider) is one I have only used a couple times, to buy my security programs, and it is my ebay email). I only have like 10 messages total ever received in the inbox. The spoof mail is the only non order confirmation in my inbox.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    We advise our clients of the following when we have set up their systems with security:

    Did you send a Virus?

    If you get an email returned (bounced back) saying that “your email was undeliverable”, and you didn't send it, and more than likely you have never heard of the person, don't worry about it, you did NOT send it.

    Usually what happens is a virus on an infected computer sends emails, from email addresses found on that computer. The addresses come from such things as “Forwards”, where people don’t remove the previous email address(s), this can be seen when an email arrives and you can see who the email has come from and/or who it is going to, usually a very big list of people. The virus on the infected computer then picks one email address to be the fake sender, and sends copies of itself (the virus) to other email addresses found on the same infected computer, as though it was coming from you.

    Understand this VERY CLEARLY; You have NOT sent the infected email, a virus on an infected computer has harvested and used your email address as the sending address, to forward infected emails.

    The virus or Trojan didn't use the real email address of the computer's owner because any undeliverable email that bounced directly back to that computer would tip the owner that they had a problem.

    Again, to be clear, it is extremely unlikely your computer has sent the email, so long as you have your computer set up correctly and you maintain good sensible and safe security practices.

    You may want to take a look here for further discussion on security and how to make your system that much stronger, and here for more discussions.

    Hope this helps…

    Cheers :D
     
Thread Status:
Not open for further replies.