Just got an alert

Discussion in 'NOD32 version 2 Forum' started by spy1, Jan 19, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    during a TH scan - latest 3.8 (didn't have NOD shut down and AMON picked up on it while it was following the TH scan around).

    This was the alert:

    Time   Module   Object   Name   Virus   Action   User   Info
    1/18/2004 23:30:20 PM   AMON   file   G:\DOCUME~1\PETEYE~1\LOCALS~1\Temp\IFv.exe   probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus      N-8YSRYQ7EARQ6G\Pete Yevchak   

    Real deal? False positive? What? Can't find IFv.exe in that location at all. Pete
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Pete,

    Obviously an alert due to heuristics from NOD32 ("probably..."). Without a file to examine, it seems impossible to either submit it to Eset or make any kind of statement concerning this alert.

    regards.

    paul
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Pete,

    Excuse me if you already thought of that, but sometimes we forget the obvious. (I know)

    The Local Settings folder is hidden. You do have those showing, don't you?

    Regards,

    Pieter
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Pieter - None of my files or folders are hidden on here (yes, I went back and checked to make sure).

    If that IFv.exe file exists on my computer anywhere (and a thorough "Search" doesn't find it), I'll be darned if I know where it is.

    There is one file in that folder that's a little hinky - more on that tomorrow. (I spent all day long checking things out today before work). I'm pretty sure I'll be submitting that one for analysis to several places. Pete
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since it was detected in a temporary folder, it is likely that the file had meantime been deleted automatically.
     
Thread Status:
Not open for further replies.