Nimda.A worm detected ?

Discussion in 'NOD32 version 2 Forum' started by acr1965, Feb 22, 2007.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I visited basketball-reference.com today and later saw this listed in my threat log-

    Time Module Object Name Threat Action User Information
    2/22/2007 17:06:21 PM IMON file hXXp://www.basketballreference.com/favicon.ico Win32/Nimda.A worm Connection terminated NT AUTHORITY\SYSTEM

    Is there any way to see if this was a false positive? I visit that site every once in a while and wanted to let the site admins know of the possible infection.
     
    Last edited by a moderator: Feb 23, 2007
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    ISince the connection was terminated you most likely don't have the file in your browser cache so there is no way to find it off your computer.
     
  3. ASpace

    ASpace Guest

    Although NOD32 really rarely produces false positive alarms , if you do suspect a FP , send an email to ESET Tech Support with a subject "Possible false positive" and a link to this thread in the message body ;)
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    One thing, I have had NOD32 warn me of a malicious web site before by popping up a red warning message. With this there was no warning at all. And even though it says "terminated" I can't remember that happening. Had I not checked the threat log I never would have known this all took place. Is it normal for NOD not to issue a warning when trying to open a malicious web page?
     
Thread Status:
Not open for further replies.