NOD32 not allowing actions on detected threats

Discussion in 'NOD32 version 2 Forum' started by Tetranitrocubane, Feb 28, 2009.

Thread Status:
Not open for further replies.
  1. Tetranitrocubane

    Tetranitrocubane Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    11
    Hi everyone. Please bear with me on this, as I've no idea what's going on.

    I was browsing the web with Opera, and hit upon a site that's usually trusted. For some reason, though, it popped up an AMON Threat detection. The site also tired to redirect me to another website, but I think that either my HOSTS file blocked it, or I closed the page before it loaded. I'm not sure.

    The Alert details are as follows:

    ----

    File: C:\Documents and Settings\{My username}\Local Settings\Application Data\Opera\Opera...\op0XS46

    Threat: SWF/TrojanDownloader.Agent.NAJ trojan

    Comment:
    Event occurred on a file modified by the application: C:\Program Files\Opera\opera.exe. This file was moved to quarantine. You may close this window.

    ----

    (The actual file path was: C:\Documents and Settings\{My username}\Local Settings\Application Data\Opera\Opera\profile\cache4\op0XS46 )

    The options to Copy to Quarantine, Submit for analysis, clean, delete, and rename are all greyed out. I can only check the 'Display warning window' button, and close the threat detection window.

    I'm a little disturbed by this. I suppose it's possible that this site I was checking had been hijacked and infused with something malicious. The more pressing issue, though, is that I don't know why NOD won't let me clear or delete this file! There's no record of it in the control center Threat log, either. The file looks like it's in quarantine, but I'm wondering what the best course of action is now.

    Did NOD catch this before it became a problem? Or should I take some more serious measures? A scan didn't come up with anything subsequent, but I don't know if the infection compromised NOD, seeing as I couldn't clean or delete the file after it was detected - I could only dismiss the Threat Detection window.

    Any help would be appreciated. Thanks!
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can install EAV v3 and switch the cleaning mode to No cleaning so that you're always prompted for an action when a threat is found.
     
  3. Tetranitrocubane

    Tetranitrocubane Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    11
    After a bit of investigation, it seems that this particular virus is actually just a malicious SWF file that's intended to be scareware. It doesn't install anything on it's own, so the only files that were infected seemed to be in the cache. I guess that's why there wouldn't be a 'fix' option, and NOD automatically must have quarantined the file. From what I saw, I thought it just found the file and wouldn't allow me to take an action, but I guess it was automatic!

    I've also been meaning to look into v3 for a while now. Thanks for the advice.
     
Thread Status:
Not open for further replies.