items detected, and quarantined, but not in threat log

Discussion in 'NOD32 version 2 Forum' started by duijv023, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    On a server of one of my customers, i see the following odd thing:
    three files are quarantined, they seem to be infected:

    javavm.exe - a variant of Win32/ServU-Daemon application
    server.exe »RAR »clearlogs.exe - Win32/HackTool.Clearlog.A trojan
    win.exe »RAR »javavm.exe - a variant of Win32/ServU-Daemon application

    I uploaded the files to virustotal.com, and indeed these files seem infected.
    BUT (which I think is very, very strange): I see no Threat log items about this o_O

    They were quarantined 23-01-2008 at around 17.45 (Dutch time, UTC+1)

    scan results were the same then and now (using NOD32 version 2834 (20080130) NT)

    Greetings from a rainy Holland
     
  2. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    In the mean time, I did an EICAR test, threat was logged tot threatlog as is should.
    So the mechansim is working as it should :(

    the password A hacktool was "detected, quarantined and deleted" earlier.
    After that a full system scan (with all options on) was done and nothing found at that time.
    Now a new (full system) scan is running (with defs 2835)
     
  3. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    scan is still running, but ready with C: disk

    c:\windows\temp\INF7988.tmp placed in quarantaine
    reason: a variant of WIN32/ServU-Deamon application

    no further infections found.

    As I see that JavaVM was not the latest version, i upgraded JavaVM to the latest version.
     
  4. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    after reboot, .tmp file (s) were deleted.
    Additional scans did not show any infection anymore.

    greetings from Holland
     
  5. ASpace

    ASpace Guest

    What a great monologue ! :D

    Greetings!
     
  6. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    Today again at customers; site:
    nod23kernel service does not exist anymore :eek:

    apparently there was an old virus active on the server before we installed NOD32.
    I cannot see another explaination. I've installed hundreds of dekstops and numerous servers and never seen this before.

    Well that's all for now; going to work, reinstall and hopefully kill the basterd
     
  7. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    Are You Need Any Help Or Just Telling Us Your Stories
     
Thread Status:
Not open for further replies.