Infiltrations

Discussion in 'ESET NOD32 Antivirus' started by BarryH, Sep 25, 2012.

Thread Status:
Not open for further replies.
  1. BarryH

    BarryH Registered Member

    Joined:
    Sep 25, 2012
    Posts:
    21
    Location:
    UK
    Today, during a scan, I noticed the red text was reading Number of Infiltration: 7. This is the first time I have had anything get through whilst I've been using NOD32.

    Anyone please advise what I need to do or what "Infiltrations" are?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please copy and paste your scan log with details about detected threats here.
     
  3. BarryH

    BarryH Registered Member

    Joined:
    Sep 25, 2012
    Posts:
    21
    Location:
    UK
    Please forgive the ignorance but could you tell me how to copy the scan log?
     
  4. BarryH

    BarryH Registered Member

    Joined:
    Sep 25, 2012
    Posts:
    21
    Location:
    UK
    Hopefully this is what you're looking for:

    24/09/2012 22:08:13 Startup scanner file Operating memory » C:\Users\Owner\AppData\Roaming\svebu.dll a variant of Win32/Medfos.DT trojan error while deleting
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please start Windows in safe mode, rename the file C:\Users\Owner\AppData\Roaming\svebu.dll to C:\Users\Owner\AppData\Roaming\svebu.dl for instance and email it to the ESET malware lab as per the instructions here. I'd suggest using the subject "Medfos.DT - http://www.wilderssecurity.com/showthread.php?t=332919".
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I've tried to reproduce it but the malware did not load after a computer restart even with all scanners disabled. When I ran a Medfos dropper, it dropped a dll and loaded it into memory. After launching a startup scan manually, it detected the dll in memory and prompted for a computer restart for the cleaning to take effect (Startup scanner file Operating memory » C:\Documents and Settings\Administrator\Application Data\tiags.dll a variant of Win32/Medfos.DT trojan cleaned by deleting (after the next restart) - quarantined). After the restart, the dll wasn't on the disk any more.
     
  7. BarryH

    BarryH Registered Member

    Joined:
    Sep 25, 2012
    Posts:
    21
    Location:
    UK
    Thanks for the help Marcos. When I click on the Here link, nothing happens.
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The knowledgebase system is currently down. Is the file detected even after a computer restart? Have you tried running an on-demand scan with the latest signature database 7518?
     
  10. BarryH

    BarryH Registered Member

    Joined:
    Sep 25, 2012
    Posts:
    21
    Location:
    UK
    Thanks for the help Marcos.

    Running an on demand scan comes up clear, nothing found. The red entry I posted in this thread is only showing up in the Detected Threats log.

    Is there any way I can remove the red entry from the log?
     
  11. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hey BarryH

    Just right click on the (red) entry from your log , and from the context menu click delete, that should do the trick.

    Regards, Janus
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I, for one, wouldn't touch logs whatsoever just because they contain red records about detected malware. In certain cases it may be helpful for troubleshooting issues at a later time, e.g. if malware changes something in the system and the user doesn't realize it immediately. When knowing the name of the malware, it may be easier for ESET's staff to reproduce it and provide accurate instructions to the user.
     
  13. BarryH

    BarryH Registered Member

    Joined:
    Sep 25, 2012
    Posts:
    21
    Location:
    UK
    Thanks to everyone for all the help, much appreciated.
     
Thread Status:
Not open for further replies.