Losfondup? - what is this?

Discussion in 'ESET NOD32 Antivirus' started by much_wilder, Jan 12, 2012.

Thread Status:
Not open for further replies.
  1. much_wilder

    much_wilder Registered Member

    Joined:
    Jan 1, 2012
    Posts:
    7
    NOD 5.0.95 has just begun finding randomly-named .dat files in my XP Pro 'C....\All Users\Application Data' folder. It tells me that the threat is 'W32/Losfondup.D Trojan'. Each time it says the infected file has been quarantined.

    Sure enough, a visit to the Quarantine folder reveals numerous .dat files, with exotic names like 'rimrim124zxcb3.dat' and 'd413jmj65.dat'.

    Incidentally, I emptied the folder of 40-odd listings about five minutes ago - there are now 10 new ones there. Ooops - now there's eleven.

    Naturally, I've run several full NOD scans of C-drive but it's finding nothing.

    Googling for 'Losfondup' doesn't seem to find any genuinely relevant info. Only NOD seems to know enough about it to tell me it's bad!

    Well, that's a start. But I'd rather NOD eradicated the durn thing. Anyone able to help with this?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest contacting Customer care and providing them with an ESET SysInspector (ESI) log for perusal. Alternatively you can email the ESI log along with a reference to this thread to samples[at]eset.com.
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Virus signature file 6781 cites: Win32/Losfondup.D, therefore, you should have protection. You may also try a scan in safe mode to submit to ESET for analysis.
     
  4. much_wilder

    much_wilder Registered Member

    Joined:
    Jan 1, 2012
    Posts:
    7
    Marcos and Siljaline - thanks for your comments. I'll do the Safe Mode scan now. I've never submitted the results of a scan of this type (or any other, come to that :)). Can someone explain just how that's done, please?

    Incidentally - I have a hunch that the trouble might have started when I downloaded a link to an interactive London Underground Tube map. It's here: traintimes.org.uk/map/tube
    I may be maligning the guy, but I'm sure the problem wasn't there before I started using the map.

    Cheers
    :)

    Oh, BTW: NOD was finding the data files alright. But isn't that shutting the door after the nag has bolted? I thought that if NOD was armed well enough to find Losfondup's output, it would also find its source files..?
     
Thread Status:
Not open for further replies.