Need help to shake this pest

Discussion in 'NOD32 version 2 Forum' started by Chiana, Apr 18, 2005.

Thread Status:
Not open for further replies.
  1. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi Everyone,

    I'm a NOD32 reseller and a client running NOD32 on a network is getting the following error:




    This pop-up keeps reappearing every 10 seconds. I have suggested the following: clearing IE cache, emptying windows temp folder, restarting the pc, scanning in safe mode, clicking the terminate button in NOD. At present the only solution is to disconnect from the network.

    Would some knowledgeable person please help! Thanks in advance.

    Chiana
     

    Attached Files:

    Last edited by a moderator: Apr 18, 2005
  2. Happy Bytes

    Happy Bytes Guest

    Seems to me that something (another executable) is continously trying to download this. (This file is a nasty) Can you post a Hijack This log ?
     
  3. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi Happy Bytes,

    Thanks for the quick reply. I'll have to get in touch with the client - he's not at work tomorrow, so it'll be the next day.

    Regards

    Chiana
     
  4. Happy Bytes

    Happy Bytes Guest

    No problem. But my guess is that there runs a trojan downloader continously in the background. As long as we do not kill it it will try to download every time this trojan. I did take a look at the file "file.exe" and it is malicious. That said it's not a false positive and we have to figure out what is trying to download this.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
  6. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    I really hate to butt in and harp on this, but perhaps you should blur or cross out the path to the infected file, as its location is not important to this discussion...just a thought :doubt:

    Carry on fellas *puppy*
     
Thread Status:
Not open for further replies.