Newbie question (long)

Discussion in 'ESET NOD32 Antivirus' started by williej, Aug 21, 2008.

Thread Status:
Not open for further replies.
  1. williej

    williej Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    3
    I am using NOD32 v3.0.650.0, OS is WinXP professional SP3.
    I am not too knowledgable so this may seem like a dumb question to
    some.
    Yesterday while reading an article on the wikipedia website (the article
    was on gang violence) I clicked on a link for reference material and then
    immediately got a pop up window saying my computer was at risk for
    malware and prompting me to download some antispyware software.
    Of course I did not click on this pop up window, but a second later
    another pop up window came up telling me that my computer was now
    infected with several trojan horse programs. I was not able to close
    any of these windows by clicking on the "close" button on the upper
    right corner so I used the Windows task manager to close out the
    browser. I then did a full scan with NOD32 that came up clean.
    I also ran HiJackThis and saw nothing out of the ordinary.
    I looked through the registry for any strange keys under any instances
    of software/microsoft/windows/current version/run,runonce,etc. and
    saw none. I also looked under taskmaster/processes for any strange
    processes running and saw none.
    I'm not sure if my system actually got infected or some website was
    using some phony window to mimic a virus warning. NOD32 scans
    report nothing and there a no logs indicating an infection. Is there
    anything else I should look at?
    Thank You
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    It sounds like you just hit some nasty popups that were running some javascript to keep them from closing. You can run netstat.exe at a command line to see where your computer is establishing network connections to and that may give you a hint to if something is running and being remotely controlled on your system. Bear in mind that rootkits being installed on the system can trick any of the tools you run to mask their presence, and the only sure-fire way to get around that is to turn off the system, pull the hard drive out, and mount it on a different trusted machine and scan from there or stick a packet sniffer between the suspect machine and the router to watch for malicious traffic.

    I doubt you need to go through such elaborate steps in this case, though.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Williej,
    Please send a log from ESET SysInspector to samples[at]eset.com with this thread's url enclosed.
     
  4. williej

    williej Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    3

    Thanks for the reply.
    The log was sent this morning.
     
  5. williej

    williej Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    3

    Thanks for the reply. I ran a scan with "rootkit revealer" and found
    nothing so hopefully there are no rootkits. Unfortunately I have no
    other system to try the hard drive on and am unfamiliar with packet
    sniffer programs. I do have a program called "TPC view" which I am
    running today to see if there is anything out of the ordinary.
     
Thread Status:
Not open for further replies.