Infected files found but not cleaned

Discussion in 'Other ESET Home Products' started by gmiest, Feb 3, 2010.

Thread Status:
Not open for further replies.
  1. gmiest

    gmiest Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    43
    Here are the 14 files it didn't remove from one:
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2O291XVL\upgrade[1].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2O291XVL\upgrade[1].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2O291XVL\upgrade[2].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2O291XVL\upgrade[2].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DVD74QWQ\upgrade[1].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DVD74QWQ\upgrade[1].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DVD74QWQ\upgrade[2].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DVD74QWQ\upgrade[2].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FU7VCWVA\upgrade[1].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FU7VCWVA\upgrade[1].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O50BINA3\upgrade[1].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O50BINA3\upgrade[1].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O50BINA3\upgrade[2].cab » CAB » upgrade.exe » NSIS » onestep.dll - a variant of Win32/Adware.OneStep application
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O50BINA3\upgrade[2].cab » CAB » upgrade.exe » NSIS » osopt.exe - a variant of Win32/Adware.OneStep.B application

    Here are the culprits from the Infected 9, Cleaned 7 computer:

    C:\Documents and Settings\xxxxx\Application Data\Sun\Java\Deployment\cache\6.0\48\26e14b0-16bc6836 » ZIP » myf/y/LoaderX.class - a variant of Java/TrojanDownloader.Agent.NAC trojan
    C:\Documents and Settings\xxxxx\Application Data\Sun\Java\Deployment\cache\6.0\48\26e14b0-16bc6836 » ZIP » myf/y/NbablaF.class - a variant of Java/TrojanDownloader.Agent.NAD trojan

    No mention in the logs why it didn't clean these files. Is there something I'm missing?
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Make sure that the cleaning mode is set to strict. In this mode, whole archives containing also some clean files will be cleaned (ie. quarantined). On the contrary, the standard cleaning mode prompts the user for an action if an archive contains both clean and infected files which means no action would be performed when the cleaning is run via ERA.
     
  3. gmiest

    gmiest Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    43
    Thanks, that makes sense.
     
Thread Status:
Not open for further replies.