Infiltrations

Today, during a scan, I noticed the red text was reading Number of Infiltration: 7. This is the first time I have had anything get through whilst I've been using NOD32.

Anyone please advise what I need to do or what "Infiltrations" are?

 

Please copy and paste your scan log with details about detected threats here.

 

Please forgive the ignorance but could you tell me how to copy the scan log?

 

Hopefully this is what you're looking for:

24/09/2012 22:08:13 Startup scanner file Operating memory » C:\Users\Owner\AppData\Roaming\svebu.dll a variant of Win32/Medfos.DT trojan error while deleting

 

Please start Windows in safe mode, rename the file C:\Users\Owner\AppData\Roaming\svebu.dll to C:\Users\Owner\AppData\Roaming\svebu.dl for instance and email it to the ESET malware lab as per the instructions here. I'd suggest using the subject "Medfos.DT - http://www.wilderssecurity.com/showthread.php?t=332919".

 

I've tried to reproduce it but the malware did not load after a computer restart even with all scanners disabled. When I ran a Medfos dropper, it dropped a dll and loaded it into memory. After launching a startup scan manually, it detected the dll in memory and prompted for a computer restart for the cleaning to take effect (Startup scanner file Operating memory » C:\Documents and Settings\Administrator\Application Data\tiags.dll a variant of Win32/Medfos.DT trojan cleaned by deleting (after the next restart) - quarantined). After the restart, the dll wasn't on the disk any more.

 

Thanks for the help Marcos. When I click on the Here link, nothing happens.

 

Because the kb site is down.
See https://www.wilderssecurity.com/showthread.php?t=332946

 

The knowledgebase system is currently down. Is the file detected even after a computer restart? Have you tried running an on-demand scan with the latest signature database 7518?

 

Thanks for the help Marcos.

Running an on demand scan comes up clear, nothing found. The red entry I posted in this thread is only showing up in the Detected Threats log.

Is there any way I can remove the red entry from the log?

 

Hey BarryH

Just right click on the (red) entry from your log , and from the context menu click delete, that should do the trick.

Regards, Janus

 

I, for one, wouldn't touch logs whatsoever just because they contain red records about detected malware. In certain cases it may be helpful for troubleshooting issues at a later time, e.g. if malware changes something in the system and the user doesn't realize it immediately. When knowing the name of the malware, it may be easier for ESET's staff to reproduce it and provide accurate instructions to the user.

 

Thanks to everyone for all the help, much appreciated.