Mal/behav-160 + Mal/Bredo-A

Discussion in 'NOD32 version 2 Forum' started by Chamlin, Sep 15, 2009.

Thread Status:
Not open for further replies.
  1. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Spysweeper picked this up to block installation of these two things. Should NOD32 2.7 have noticed this?

    Am running a Local Disc scan right now. Is that my best option to go looking for this?
     
  2. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    The local disk sweep found two instances of Win32/Injector.QJ trojan but not the item in my subject header.

    Should I be using a different scan in NOD32? Is the local disk sufficient? Or is In-depth analysis or on demand a better option?

    Would really appreciate some guidance,
    Chamlin
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I'd run a scan with MalwareBytes. Excellent program and removing/cleaning todays trojans/malware/rogues.
     
  4. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Thanks for the response. Free version sufficient?
     
  5. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Is it unusual to not find any reference to the Mal/behav items above if Spysweeper blocked them from initiating? Wouldn't that mean that they are resident somewhere on my system? Here's what my 2 scans found:

    NOD32 2.7 identified and quarantined:
    C:\System Volume Information\_restore{D230EADD-7F55-418C-8030-A0ACEEF21B5D}\RP798\A0274480.exe »NSIS »iexplorer.exe - probably a variant of Win32/Injector.QJ trojan - was a part of the deleted object
    C:\System Volume Information\_restore{D230EADD-7F55-418C-8030-A0ACEEF21B5D}\RP799\A0275534.exe »NSIS »iexplorer.exe - probably a variant of Win32/Injector.QJ trojan - was a part of the deleted object

    Malwarebytes Anti Malware 1.41 quarantined and removed:
    Files Infected:
    C:\$ISR\1\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\$ISR\3\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\$ISR\4\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\$ISR\8\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.

    What should I do nexto_O
     
  6. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest that you scan your disk with ESET Online Scanner. It's based on v4 and as such detects more threats than v2.
     
  8. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Never got any input on the above stuff from any scan. Will let go of concern for it at this time.

    Submitted request for help with ESET. ESET advised to upgrade to v4 and custom scan with all options checked. Did so. Uncovered one more nasty:
    ...mail994.eml » MIME » Dfbd26414.zip » ZIP » Dfbd26414.exe - a variant of Win32/Kryptik.AMB trojan - was a part of the deleted object

    QUESTION:
    In v4, in the Threat Sense Engine "options" in Thunderbird's setup, everything is checked except "potentially unsafe applications". That seems more of a threat than "potentially unwanted applications" (which is checked.)

    Why is the default set up that way? And oops, if I don't get a response I'll move over to the appropriate forum...
     
Thread Status:
Not open for further replies.