NOD32 detect question

Discussion in 'NOD32 version 2 Forum' started by Jado54, Jan 15, 2005.

Thread Status:
Not open for further replies.
  1. Jado54

    Jado54 Registered Member

    Joined:
    Jan 7, 2005
    Posts:
    15
    Location:
    On the Beach in South Carolina
    First a thank you to anyone who can offer guidance with respect to the following:

    I downloaded and installed NOD32 and am on the trial period now. It immediately detected a Win32/TrojanDownloader.Rameh.C trojan. The action it took was to terminate the connection though shortly after it scanned and said it was in an archive.

    At that time I was running TDS-3 for Anti-T protection.

    My question then is:

    It terminated the connection and subsequent scans have not turned up traces anywhere, nor have multiple searches with TDS 3 - yet is the trojan gone or what? I realize it is a trojan but as NOD32 caught it I thought it wise to post it in this forum.

    My Hijackthis log shows nothing out of wack - how do I remove this or is it gone already?

    Thank you for sitting through my post which is bound to be baffling.

    Warm Regards to each of you!

    J
     
  2. Atangel

    Atangel Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    53
    IMON blocks it before it can infect your system. You didn't find it cause it never got there!
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    If the trojan was terminated, it's not on your hard drive.
    It should show up in the virus log as an entry that was terminated.
     
    Last edited: Jan 15, 2005
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The one point that Jado54 may be missing here is that IMON is the internet monitor. It intercepted and terminated the download, so it never actually got all the way onto your computer. It never had a chance to run and infect your computer, so there would be no traces to clean up. :)
     
  5. Big D1

    Big D1 Registered Member

    Joined:
    Aug 20, 2004
    Posts:
    68
    That's the beauty of IMON...the connection is terminated, and the data is never written to disk, so there is nothing to clean.

    Edit: We were posting at about the same time Notok.
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    :D :D
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Should the IMON alert window keep reapperaing, I suggest you send a log from Hijackthis (e.g. http:\\eset.zftp.com/hijackthis.exe) to support@nod32.com for analysis.
     
  8. Jado54

    Jado54 Registered Member

    Joined:
    Jan 7, 2005
    Posts:
    15
    Location:
    On the Beach in South Carolina
    Thanks to each of you. NOD32 did its job and now I think I will purchase it.

    Cheers!

    J
     
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    You won't regret *THIS* purchase!
     
Thread Status:
Not open for further replies.