P2P Malware Interception pretty good!

Discussion in 'ESET NOD32 Antivirus' started by spy1, Jun 15, 2008.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    C:\Documents and Settings\Steven Yevchak\Shared\frostwire-4.13.5.windows.exe » NSIS » apbarSp.FrostWire.exe - a variant of Win32/AdInstaller application

    Not too sure what that one's telling me (other than that there's a "Search" toolbar that you can install w/Frostwire if you so desire - but you don't have too, it's optional during the set-up).

    The whole purpose of this was to see if NOD32 could/would intercept bad stuff coming in from a P2P app - and since I've never had any malware warnings in all these years of using P2P, I read up on some of the P2P forums to see what kinds of things would get you some.

    Among these were "small" files that pretended to be one thing but would actually have "surprises" tucked in amongst whatever it was supposed to be to start with.

    NOD32 performed admirably (so did my firewall - S.P.F.) and even Frostwire itself warned me every time that what I had just d/l'ed was "corrupted".

    Here's the two examples I got (which was more than enough for me,BTW) simply by clicking on "What's New" in F/W and then attempting to d/l a couple of them:

    6/15/2008 11:35:40 AM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Incomplete\T-3545425-xxx.mpg WMA/TrojanDownloader.Wimad.N trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\FrostWire\FrostWire.exe.

    6/14/2008 11:42:17 PM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Incomplete\T-3545425-xxx.mpg WMA/TrojanDownloader.Wimad.N trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\FrostWire\FrostWire.exe.

    So it's nice to know that NOD32 does work quite well in those types of scenarios (scanning P2P d/l's as they take place). It also points out quite sharply how one could be infected using P2P if ones' A/V solution isn't up-to-snuff (tip-of-the-hat to John there).

    And, of course, the rest of that time was filled up with running fullscans (afterwards) with the latest versions of NOD,TH, SpyCop, Blacklight, GMER, RKR to assure cleanliness (yeah, the computer was clean).

    So if you P2P - be careful out there! Pete

    BTW - NOD32 also did very well in picking up on a (purposeful) keylogger installation here:

    6/12/2008 12:28:02 AM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Desktop\setup_akl.exe a variant of Win32/KeyLogger.Ardamax application NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\Eraser\Eraser.exe.
     
    Last edited: Jun 15, 2008
Thread Status:
Not open for further replies.