Info on Win32/Spy.Agent.NES trojan

Discussion in 'NOD32 version 2 Forum' started by Mister Natural, Jul 25, 2008.

Thread Status:
Not open for further replies.
  1. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    I would like more information on a recent activity log I received from a user's computer.

    First I am unable to learn anything about this particular threat, what it is, what is does, etc.

    Second, as you can see I am unable to determine the location of the attempted infection. It says "invalid_name". If I knew more info on this particular malware I might know where to look for it.

    My biggest concern are the dates listed. It looks like it was detected during computer shutdown and again when the computer was booted the following morning. My concern is that something has infected the computer and is now being detected, but unable to remove. I am unable to reboot the computer at this time and will have to wait to see if this situation repeats itself.

    Any feedback appreciated.

    Column Name Value
    Alert Id Alert 548
    Client Name ******
    Primary Server xxx.xxx.xxx.xxx
    Date 2008-07-24 16:07:47
    Received 2008-07-25 06:52:46
    Module IMON
    Object archive
    Virus Win32/Spy.Agent.NES trojan
    Name invalid_name
    Action connection terminated
    Info
    Log Details Ready
    Comment

    Log Details
    invalid_name
    invalid_name »ZIP »INVOICE_8712.exe - Win32/Spy.Agent.NES trojan
     
  2. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    When IMON terminates the connection as it did in your case, it was stopped before it got on the machine.

    BFG
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.