NOD32 and Trojans

Discussion in 'NOD32 version 2 Forum' started by Charles, Jul 21, 2004.

Thread Status:
Not open for further replies.
  1. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    I've received two warnings by NOD32 that a trojan (Trojan Dropper-ZerolineA) has been detected on incoming e-mail. No relief is offered as the 'delete' button is not active, so I clicked on 'quarantine' and nothing visible took place. Question is: what could have happened to the trojan? The warning popup has
    disappeared and there doesn't seem to be any action - nothing blinking!

    Is it probable that the trojan is resident in my computer? If so , is there an
    effective (and easy) way to dispose of it?

    To complicate my concern, I am running BOClean which is supposed to be a good trojan detector/cleaner. It seems odd that the trojan program didn't
    detect the malware and passed it off, so to speak, to the AV program.

    All comments and suggestions will be welcomed.
    I am considered an intermediate computer operator -not very conversant in
    such things as 'command line' work, etc.
    Am running a PIII 600mhz-256mhz RAM-Outlook Express 6.0 and both
    IE 6 and Firefox (latest offering - two weeks old) If further info is needed,
    just let me know.
    TIA charles in Dixie
     
  2. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    I assume you are all patched up correct? If that is so, there is no way the trojan could have executed unless you ran it yourself. Since BOClean is an execution type scanner, it would only detect the trojan if it was resident, which in this case doesn't look like the trojan ran.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas

    How is Imon setup in the system tray? To clean or notify?
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You can see what actions were taken by going to

    Nod32 Control Centre
    Logs
    Virus Log

    Then click on the event and see "Details".

    See attached screen shot

    Generally the virus/trojan is deleted as it arrives, and the body of the email remains, you then can delete that email, and also remove it from your deleted items in Outlook Express.

    Cheers :D
     

    Attached Files:

    • LOG.JPG
      LOG.JPG
      File size:
      86.4 KB
      Views:
      443
  5. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    WOW ! Three quick replys...1st. Viking Storm . Yes all patches updated. BOClean updated 19July04
    2nd: ronjor: IMON set up to nofify/offer action.
    3rd: Blackspear:
    The virus log on the first offense the "Action" line is BLANK
    Second offense the Action line says error while d........... (suppose the "d" could mean
    delete, ?...
    BTW: My OS is Win XPpro.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    I don't know how BOClean and NOD interact in a situation like this.

    If the trojan can't be found, I suppose it is not there!

    In the event it is there, it will probably turn up on a scan down the line.

    All I know of BOClean is that it runs all the time. How it handles trojans, I have no idea.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Try running a scan on your system as see what it comes up with...

    Keep us informed...

    Cheers :D
     
  8. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    Thanks guys...I'll attempt to locate the bugger...I Think it's resident in my
    Temporary files. What is the best way to eliminate it , if located, from the
    temp file?
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas

    If XP, scan in the safe mode. Or you could try turning off system restore, restarting and do a scan.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  11. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    To Marcos:
    Thanks for the suggestion of posting a log from "hack this" log ...I've installed
    'Hack This' and get a seemingly complete log scan.

    I am not knowledgeable enough to get the picture into this message. Will
    talk with my "guru" and see if he can guide me through getting it into a message. I may be a day or two, so stand by for further mail from this end.

    In any event, I will get back to you with either a positive or negative report.

    charles in Dixie
     
  12. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    Well, I suppose we can close this thread.
    I've tried stunts and double stunts, and I 'think' that the nasty old trojan has
    departed, or died in situ.
    Can find NO evidence that my system has a resident 'Horse'....
    Thanks to one and all who participated in offering advice.
    AND OH BTW.....the tutorial posted by BLACKSPEAR on 22 June is one of the
    BEST and easiest lessons that I've ever seen on this or any other forum.
    Wilders is THE BEST and BLACKSPEAR just made it even better.

    May you'all have a blessed day; unless you have other plans.....
    charles in Dixie
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see Charles.

    Cheers :D
     
Thread Status:
Not open for further replies.