Is this legit? Win32 Spy.Swisyn.DS Trojan?

Discussion in 'ESET NOD32 Antivirus' started by Chris Rich, Nov 12, 2010.

Thread Status:
Not open for further replies.
  1. Chris Rich

    Chris Rich Registered Member

    Joined:
    Nov 12, 2010
    Posts:
    2
    I found Wilders as one of the very few sites with a hit on this trojan:
    Win32/Spy.Swisyn.DS Trojan
    https://www.wilderssecurity.com/showthread.php?p=1783281

    It's apparently infected the .DLL of a very important SNMP monitor (PRTG) we use for watching when our local test server is stuck in a loop feeding our internet fax service (an experiment with metrofax that's very hard to undo end of the week mid-day with a skeleton crew of IT staff here) which has to be running if we're going to get through the day without issues.

    I'm sorta hoping someone can verify if this is a fresh definition/likely valid, because none of my other scanners are picking up the infection.

    Heck even some base info on mitigation would be great.. I considered a firewall but the SNMP service is looking at a zillion things on the network and they all trigger alerts (I'll be roasting our IT guy that set it up when he's back on Monday).. :p

    Thanks!
     
  2. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Curious. I got a message today saying "infection in memory" and that PRTG was quarantined. I find this quite hard to believe since PRTG is installed on a server which is NEVER used for any interactive use (it's my server so I'm certain of that! - it runs HyperV VMs and nothing else).

    Sounds very much like a FP to me?


    Jim
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The issue is under investigation by ESET's virus lab. Thank you for your reports.

    Regards,

    Aryeh Goretsky
     
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    This is a false positive alarm and fixed in virus signature database 5616.

    Chris and Jim, thank you very much for your reports!

    Regards,

    Aryeh Goretsky
     
  5. Chris Rich

    Chris Rich Registered Member

    Joined:
    Nov 12, 2010
    Posts:
    2
    Whew! Made the right call then. Thanks for the follow-up!

    Always spooky when you have to trust a machine that's online and reporting an infection. :)
     
Thread Status:
Not open for further replies.