Maybe a trojan ?

Discussion in 'NOD32 version 2 Forum' started by Aurelien, Nov 22, 2004.

Thread Status:
Not open for further replies.
  1. Aurelien

    Aurelien Registered Member

    Joined:
    Apr 12, 2004
    Posts:
    4
    Hello,

    i really don't know how this has happened...
    i have nod32 v2.12.2, with the latest virus db.
    i too have zonealarm 5.1 free, and two anti-spy programs (ad-aware and spybot).
    when using my machine, zonealarm suddenly asked for permission to a program named "bla.exe"...
    such a name alerted me, and the file location revealed something strange : "c:\bla.exe".
    i answered no, to zonealarm question, of course...

    strangely, after deleting the file, and removing this filename from zonealarm program list, it asked for it again a few minutes later...

    today, everything is ok...

    the file is 3114 bytes long, and hex view showed two file names : winampa.exe and bla.exe inside, and some specific internet functions calls...

    nod32 did not detect this..
    so i tried some on-line antivirus scanners, like trend, bit defender, and even kaspersky.

    both trend and kaspersky alerted me about a trojan.

    i sent the file to eset specific adress this week end, but i received no answer, and do not expect to receive any...

    do some of you already encountered this trojan (a dropper ?)

    thanks in advance

    Aurélien
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. Aurelien

    Aurelien Registered Member

    Joined:
    Apr 12, 2004
    Posts:
    4
    thanks a lot for the link, snowbound.
    that's exactly what i have on my machine...
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Your Welcome. :)

    As your sample was sent to Eset over the weekend, u may recieve an answer today. ;)


    snowbound
     
Thread Status:
Not open for further replies.