IMON warning on dangerous access

Discussion in 'NOD32 version 2 Forum' started by Cyberslider, Jan 30, 2009.

Thread Status:
Not open for further replies.
  1. Cyberslider

    Cyberslider Registered Member

    Joined:
    Jan 30, 2009
    Posts:
    6
    :cautious: I'm getting from time to time a strange warning: [noparse]hxxp://incrates.com/iCashe.exe[/noparse] is trying to attack with a variant of win32/kryptik.FI trojan.

    No options to use other than terminate it. But it keeps coming back - Can something be done?! I checked throughlly with the AV, and various Trojan removals, cashe cleaners, and temp files removers - still nothing...

    Any ideas?!o_O
     
  2. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Download and run ESET SysInspector
    http://www.eset.com/download/sysinspector.php

    When the utility has collected the information, click File > Save Log
    Confirm your wish. A log file, placed in a zip archive, will be created.

    Send that archived file to ESET Technical Support ( support@eset.com ).
    Then, they'll guide you to a way to eliminate the threat.
     
  3. Cyberslider

    Cyberslider Registered Member

    Joined:
    Jan 30, 2009
    Posts:
    6
    Thanks Fixer.

    Should I indicate something aside from the file?! What sort of info should I provide to ESET besides this file, in order for them to understand what is the problem?!
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you're not using Windows 95/98/ME, I'd suggest installing EAV v3 that has better detection than v2 or install v4 beta which has cleaning of threats improved compared to older versions.
     
  5. Cyberslider

    Cyberslider Registered Member

    Joined:
    Jan 30, 2009
    Posts:
    6
    Nop. Actually I'm using XP SP2. Do you really think that V3 will do better for me?!
     
  6. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    To your e-mail, add log file from ESET SysInspector, explain your problem and finally give a link to this topic.

    Think Smart - Use protection from a new generation version 3 :)
     
  7. Cyberslider

    Cyberslider Registered Member

    Joined:
    Jan 30, 2009
    Posts:
    6
    Thanks Fixer I did that. Also I noticed something very "interesting". This attack happens exactlly every 2 hours. I checked the threat log and this happens periodically.

    I sent the email to support as you suggested. Maybe some antimalware or some specific trojan remover can do the job?! As NOD32 and trojan remover fin nothing... And this attack seems to be from the web - so it seems like a trojan?!
     
  8. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    I think this is a Trojan Downloader. He is trying to download threats of a special address, but fortunately ESET NOD32 Antivirus detects the threat posed by Trojan Downloader is trying to download and not allow your system to be further infected. :)
     
  9. Cyberslider

    Cyberslider Registered Member

    Joined:
    Jan 30, 2009
    Posts:
    6
    Yes, so it seems. Only the trojan remover sees nothing... Maybe I need something stronger?!
     
  10. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Stronger? You have - ESET NOD32 Antivirus. As you see, he was able to protect you. I'd recommend you instead Trjoan Remover - MalwareBytes' Anti-Malware. For more information visit official website:
    http://www.malwarebytes.org/mbam.php
     
  11. Cyberslider

    Cyberslider Registered Member

    Joined:
    Jan 30, 2009
    Posts:
    6
    :thumb: Thanks again Fixer...
     
  12. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    No problem. I hope as soon as possible to clean your computer from threats. ;)
     
Thread Status:
Not open for further replies.