Need help to shake this pest

Hi Everyone,

I'm a NOD32 reseller and a client running NOD32 on a network is getting the following error:




This pop-up keeps reappearing every 10 seconds. I have suggested the following: clearing IE cache, emptying windows temp folder, restarting the pc, scanning in safe mode, clicking the terminate button in NOD. At present the only solution is to disconnect from the network.

Would some knowledgeable person please help! Thanks in advance.

Chiana

 

Seems to me that something (another executable) is continously trying to download this. (This file is a nasty) Can you post a Hijack This log ?

 

Hi Happy Bytes,

Thanks for the quick reply. I'll have to get in touch with the client - he's not at work tomorrow, so it'll be the next day.

Regards

Chiana

 

No problem. But my guess is that there runs a trojan downloader continously in the background. As long as we do not kill it it will try to download every time this trojan. I did take a look at the file "file.exe" and it is malicious. That said it's not a false positive and we have to figure out what is trying to download this.

 

Just my 0.02$ - the best would be to send a Hijackthis log from the machine in question to support@eset.com with a link to this thread. Hijackthis can be downloaded from http://216.180.233.162/~merijn/files/HijackThis.exe

 

I really hate to butt in and harp on this, but perhaps you should blur or cross out the path to the infected file, as its location is not important to this discussion...just a thought

Carry on fellas