need help removing virus

Discussion in 'NOD32 version 2 Forum' started by jftuga, May 5, 2008.

Thread Status:
Not open for further replies.
  1. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    Last week, one of computers received this message:

    > 5/1/2008 19:27:18 PM - IMON - Internet monitor Threat Alert
    > triggered on xxxxxx:
    --hXXp://pornyoutube-18.com/soft/ztbcprpodfd/50282f2b307/MediaTu--
    > beCodec_ver1.725.7.exe is infected with probably a variant of
    > Win32/Statik application.

    I searched the hard drive for this exe and did not find it. I also deleted the user's Temporary Internet Folder. This person on has User level access, and not Admin. I thought the virus was gone, but now still get another message every few hours throughout the day. A full scan does not report anything.

    alert.jpg

    I am not interested in submission, since the file does not appear to be on the hard drive. How can I get rid of this message and ensure this virus is not on the system?

    Please advise.

    Thanks,
    -John

    EC Edit: removed link to possibly bad website
     
    Last edited by a moderator: May 5, 2008
    jftuga, May 5, 2008
    #1
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,564
    Location:
    New York City
    If this is Windows XP, go to folder C:\Documents and Settings\<username>\Local Settings\Temp and see if the file is there. If so, delete it.

    It is possible the file is in system restore. Follow the instructions give here:
    https://www.wilderssecurity.com/showthread.php?p=1101570#post1101570

    Lastly, I have seen some circumstances where the file appears to be removed from
    the system via the recycle bin. However, the system still recognizes the file.
    I have found Karen's Recycler to be effective in those cases.
    http://www.karenware.com/powertools/ptrecycler.asp
     
    Last edited: May 5, 2008
    Thankful, May 5, 2008
    #2
  3. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi, you must disable submission of suspicious files in ThreatSense.NET settings - NOD32 Control Center - Tools

    Regards
     
    Kosak, May 5, 2008
    #3
  4. ASpace

    ASpace Guest

    No , if the user doesn't access this web site via their browser , the alert is because of a downloader trying to download a trojan from malicious site/server . NOD32 doesn't detect the downloader but detects the payload with its marvellous heuristics. The downloader uses HTTP and that is why it is IMON taking place.



    @ jftuga

    It is URL , it is not located on your machine's disk .

    Disable the ThreatSense.NET from NOD32 Control Center -> NOD32 System Tools -> "Setup" button -> ThreatSense.NET tab

    And if you still get warnings from IMON or AMON , contact ESET Technical support
     
    ASpace, May 5, 2008
    #4
  5. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    What does Threat Sense want to report when this happens? I have IMON set to deny download of the file if it detecst a virus. Assuming this file is not on the drive, I am not sure what there is to report. Does NOD32 keep a copy of this file so that is can be sent to their server or will it just send the URL?

    Thanks,
    -John
     
    jftuga, May 5, 2008
    #5
  6. ASpace

    ASpace Guest

    It should be a copy of the file , a copy which is in the NOD32's Quarantine
     
    ASpace, May 6, 2008
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...