It DOES actually catch things, you know

Discussion in 'NOD32 Early v2 Beta' started by spy1, Feb 17, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Dec 29, 2002
    Clover, SC
    FI, my son was on the computer this past weekend while I was at work and the NOD32 Beta 2 popped him up a warning:
    "NAME = " C:\\Documents and Settings\\ XXXXX XXXXXXX\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1AZ4PIR\\pup[1].htm"%ITYPE=FILE @ INFECT=susp@TYPE=Trojan@NAME=JS/NoClose.C@CLN=BAA %UINFO="Event occured on a newly created file."%INFECTED=%ACTION=AQ"
    (Thought that was pretty cool - didn't even know it would catch JS/NoClose).

    Then, the next day, I was playing with something I saw on DSLReports Security forum. Had it d/l'ed to my DeskTop in zipped form but hadn't done anything with it yet (besides send it to someone else) and NOD popped up a warning (apparently from AMON as it was chugging along checking things. NOTE: Did not receive any warning when I initially d/l'ed the file itself - that's by design, I guess?)

    "NAME="C:\\Program Files\\TDS-3\\xDynamic\\TDS.Unpk\
    hota.exe"%ITYPE=FILE @INFECT=inf@TYPE=Trojan@NAME=Win32/Spy.Small.B@CLN=BAA %UINFO="Event occured during attempt to access the file."%INFECTED= "

    So I Erased the file off of the DeskTop without un-zipping it.

    Anyway, just thought I'd let you know it's working here for me. Pete

    P.S. - That all shows up in the main interface windows' "Virus Log" like this:

    Time   Module   Object   Name   Virus   Action   Info
    2/16/2003 13:08:55 PM   AMON   file   C:\Program Files\TDS-3\xDynamic\TDS.Unpk
    hota.exe   Win32/Spy.Small.B trojan      
    2/15/2003 20:06:53 PM   AMON   file   C:\Documents and Settings\Steven Yevchak II\Local Settings\Temporary Internet Files\Content.IE5\G1AZ4PIR\pup[1].htm   probably modified trojan JS/NoClose.C   quarantined   
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.