IMON keeps detecting this...

Discussion in 'NOD32 version 2 Forum' started by Metalmilitia, Apr 5, 2007.

Thread Status:
Not open for further replies.
  1. Metalmilitia

    Metalmilitia Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    3
    Alert Details
    File:hxxp://upload.4pu.com/data.exe
    Threat:probably a variant of Win32/PSW.WOW.JE trojan
    Comment:this object contains a threat to your computer

    I have not visited this website listed but it repeatedly pops up in IMON.
    I select copy to quarantine and hit Terminate button and then i get this error message.

    "Runtime Error!
    Program: C:\Program Files\Internet Explorer\IEXPLORE.EXE

    This application has requested the Runtim to terminate it in an unusual way. Please contact the application's support team for more information."

    I don't even use internet explorer, I use firefox.

    Can someone please tell me what's going on and how to get rid of this? I believe I have a trojan that steals passwords for the game world of warcraft.
     
    Last edited by a moderator: Apr 5, 2007
  2. Metalmilitia

    Metalmilitia Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    3
    Sorry for the link, but any ideas on this?
     
  3. IceSamZero

    IceSamZero Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    1
    Same sort of issue, IMON detects an incoming IP trying to run adware and trojans. This happens at every startup. The site attempts to download .dlls as well. I just want to know how to block this all the time, every time instead of going through the routine every startup. I have no idea what these trojans/.dlls do, and I use Opera and Firefox, but sometimes even IE will just open on its own (really really annoying). Gonna be poking around, see if I can't solve this myself, but no luck so far...any ideas? Any help would be appreciated much.

    Z

    [EDIT: May have found something, a sort of "duh" solution, Metalmilitia. I opened the Control Center, went to IMON and entered setup. Under the HTTP tab, there's an Actions section with two options, one to notify the user when access is attempted, and another to automatically deny the download of the file. Seems to be a silent blocker option. Gonna give it a shot, see if I get the same stuff on restart. Hope this helps us both, MM.]
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This is the key, ESET will need a sample of this.

    Cheers :D
     
  5. ASpace

    ASpace Guest

    Send a copy of this file (using NOD32's Control Center->Quarantine) to ESET.

    After that make sure your definition is up-to-date by pressing Control Center -> Update -> Update now.

    Make sure your settings are the same as this tutorial.

    Open Control Center -> NOD32 -> Run NOD32 and perforum full Scan&Clean over your hard drives . NOD32 will take care of these threats :) If you have problems deleting them in Normal mode , boot in Safe Mode and then perform full scan there

    Download and use Ewido Micro for second opinion . Run full scan with it (if possible from Safe Mode with Networking)

    :thumb:
     
  6. deimos

    deimos Registered Member

    Joined:
    Feb 23, 2007
    Posts:
    29
    You probably have some virus (downloader) in the system not detected by NOD32... You have to remove it somehow.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest that you drop an email to support[at]eset.com along with a link to this thread.
     
Thread Status:
Not open for further replies.