NOD detects virus with install of TROJAN HUNTER?

Discussion in 'NOD32 version 2 Forum' started by ejr, May 10, 2006.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    I am considering a designated anti-trojan application to complete my security suite. Yesterday, I downloaded the trial version of Trojan Hunter. I looked in my threat log today and saw the following.

    Can someone explain this in "computer dummy" terms? Thanks in advance to anyone that replies :)


    Time Module Object Name Threat Action User Information
    5/9/2006 18:57:01 PM AMON file C:\DOCUME~1\Owner\LOCALS~1\Temp\YzMKQ.exe probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus quarantined - deleted - error while cleaning - operation unavailable for this type of object OFFICEPRESARIO\Owner Event occurred on a new file created by the application: C:\Program Files\TrojanHunter 4.5\TrojanHunter.exe. The file was moved to quarantine. You may close this window.
     
  2. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Trojan Hunter created a temporary file called YzMKQ.exe which NOD's AMON detected as "STEALTH.POLY.CRYPT.TSR.DRIVER"

    It then made a copy of the file, placed it into quarentine and then deleted the original file.
     
  3. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Response from Trojan Hunter Forum

    Below is the response I got from Trojan Hunter Support.


    I suspect you have Microsoft Office. Send the following file to NOD32 support and tell them,

    TrojanHunter extracts the "additional data" from the end of files in order to find new droppers and embedded malware etc. When scanning MCANSI.DLL from Microsoft Office, it extracts a digital signature which is then scanned.

    The NOD32 heuristic goes off on some encrypted data being created, something like that. A little too sensitive and should be fixed easily enough !

    MCANSI.DLL in Program Files\OFFICE\Office10 ?
     
    Last edited: May 11, 2006
Thread Status:
Not open for further replies.