I was just surfing with FF, a window popped up and said this site contains no data, I was just about to click ok (usually I just X it out) When this popped up.http://img274.imageshack.us/img274/9844/screenhunter0022un.jpg Thank You Nod32
My guess is that the IMON portion of NOD32 saw that an adware file was downloading, so it interrupted the download. This accounts for the "site has no data" message. However, sometimes IMON can get overwhelmed, especially if the IMON --> Setup --> HTTP --> Client compatability setting for Firefox is set to "Higher Compatability". This is the default. Fortunately, AMON is still around to catch any files that slip through onto the hard drive. The location of this file is in the the Firefox browser cache. Once the file was created, AMON got to it and put up a big stop sign before it could do anything. Just NOD32 doing its job. If you want to try "Higher efficiency" mode instead of "Higher compatability", go to the location I mentioned above and double-click the red "Higher compatability" text to change it. I myself run in "Higher compatability" mode, so I do occasionally see the files that "slip through". However, I am comfortable with AMON that I trust it to catch what little does slip through. This is just my personal preference, though.
You should be in no danger even if Firefox caches a malicious file. Firefox renames cached files so they cannot execute. The only way you would be in danger is if you purposely type about:cache into the location bar and press enter, then click 'list cache entries', then navigate to the file, save it and execute it. There is no support built into Firefox for vbs, activeX or other 'IE only' scripts so even if NOD had allowed the download of the file, all you would have needed to do to be rid of it would be to clear the Firefox cache.
Hi jram, Nod did you rightous! I'm a new Nod user and I opened Nod and was looking at Amon and discovered cookies.text file showing, and that's when it dawned on me it was scanning cookies also. It never occured to me. I have been wondering why my other progies never find anything. I was questioning their reliability. Due to Nod being installed that's the only assumption I can come too. Regards,
The Win32 Sober Y worm which came in an email I got this afternoon was first captured today according to virus Radar, yet I didn't see it in todays updates. How was it detected, heuristically or generic signature? PS The email was supposedly from the F.B.I.
Sober.Y is old in internet time. I have also seen a burst of them today at many sites. NOD32 - 1.1291 (2005111 Virus signature database updates: HTML/Exploit.Mht.BL, IRC/SdBot (2), Win32/Adware.SpySheriff, Win32/Agobot, Win32/Banito.AE, Win32/Bobax.AL, Win32/Brontok.S (2), Win32/Hupigon, Win32/IRCBot.PK (2), Win32/Modobot (2), Win32/Modobot.H (2), Win32/Mytob.MM, Win32/Mytob.MN, Win32/Mytob.MO, Win32/Optix.Pro.13, Win32/Rbot (7), Win32/Sealer.B (4), Win32/Small.FB (2), Win32/Sober.Y (2), Win32/Spy.007 Spy (2), Win32/Spy.Agent.CH, Win32/Spy.Banbra.DF, Win32/Spy.Banbra.DT (2), Win32/Spy.Bancos.JL (2), Win32/Spy.Bancos.U (5), Win32/Spy.Banker, Win32/Spy.Banker.NGV (2), Win32/Spy.Banker.NGW (2), Win32/Spy.Banker.VJ (2), Win32/Spy.Delf.LI (2), Win32/StartPage.ADH (, Win32/StartPage.AFH (2), Win32/StartPage.AFJ (2), Win32/TrojanDownloader.Agent.BQ (5), Win32/TrojanDownloader.Banload.HU (2), Win32/TrojanDownloader.Banload.HV (2), Win32/TrojanDownloader.Banload.IA (2), Win32/TrojanDownloader.Banload.NAA (2), Win32/TrojanDownloader.Dadobra.FX, Win32/TrojanDownloader.IstBar, Win32/TrojanDownloader.Small.AOD (2), Win32/TrojanD
Most likely because that is the first time this particular server received it as Sober.Y. It could have been a variant of (i.e. 178. probably a variant of Win32/Sober ...) and then switched to the actual signature.