Info on Win32/Spy.Agent.NES trojan

Discussion in 'NOD32 version 2 Forum' started by Mister Natural, Jul 25, 2008.

Thread Status:
Not open for further replies.
  1. Mister Natural

    Mister Natural Registered Member

    May 10, 2007
    3rd density St. Louis
    I would like more information on a recent activity log I received from a user's computer.

    First I am unable to learn anything about this particular threat, what it is, what is does, etc.

    Second, as you can see I am unable to determine the location of the attempted infection. It says "invalid_name". If I knew more info on this particular malware I might know where to look for it.

    My biggest concern are the dates listed. It looks like it was detected during computer shutdown and again when the computer was booted the following morning. My concern is that something has infected the computer and is now being detected, but unable to remove. I am unable to reboot the computer at this time and will have to wait to see if this situation repeats itself.

    Any feedback appreciated.

    Column Name Value
    Alert Id Alert 548
    Client Name ******
    Primary Server
    Date 2008-07-24 16:07:47
    Received 2008-07-25 06:52:46
    Module IMON
    Object archive
    Virus Win32/Spy.Agent.NES trojan
    Name invalid_name
    Action connection terminated
    Log Details Ready

    Log Details
    invalid_name »ZIP »INVOICE_8712.exe - Win32/Spy.Agent.NES trojan
  2. BFG

    BFG Registered Member

    Oct 27, 2004
    San Diego

    When IMON terminates the connection as it did in your case, it was stopped before it got on the machine.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.