Please tell me what this is...

Hello, I just came back from the TV, and saw this warning:
The alert window screenshot

The program "infected", is Trillian, and is used as an IM like (or instead of) MSN Messenger. I am 99.9% sure that Trillian is not infected by any virus, trojan or what-so-ever...

When my friend had sent a message to me, this warning popped up. Telling me the e-mail adress of my friend was infected by "POLY.CRYPT.COM", which it also said was "a probably unknown virus".

I have searched around for it on the net, but found nothing, except ONE post on this forum, telling me nothing. Does anyone even have any small clue of what it is, or can be?

I may also say that the directory (D:\Program\Trillian\users\default\cache) does NOT exist, not even in the registry.
And the file "joachim_behrmann@msn.com" is the e-mail adress of my friend... And not a file with the type ".com"... Just a plain file with no extension. (If it had been a file, ofc )

The interesting thing with this, is that I can see a connection between "POLY.CRYPT.COM" and MSN (and hotmail), do you? Read the other post, and you will understand why... https://www.wilderssecurity.com/showthread.php?t=115005
There they have the same problem, but with IMON instead of AMON, when they log off from hotmail!

Anyways, I gotta go now... I hope you can help me,
Thanks in advance /Patrik

PS. Can this be some odd "protection" by Microsoft? I heard that they are afraid of hacks of IMs that would take over Windows, or something like that... Just a false rumor?

 

It should just be .PNG files in that directory..graphics for your skin.

 

I read carefully and deeply your post and I can tell you :
I can't be 100% sure .

The only thing that is known for sure is that NOD32 has really big detection rate , NOD32 is extremely good at detection unknown malware and that NOD32 rarely,really rarely displays false-positives(wrong alarms) .

If you doubt something is malware or not , you can upload it to the free service VirusTotal and let it be scanned with almost all AVs. www.virustotal.com

Another -> Open NOD32's Control Center
NOD32 System Tools
Quarantine

and add the suspected files there .
Then , please , submit it for analyze to ESET using the options in the programs . If they are really wrong alarm , ESET will fix it in short time

Make sure NOD32 is updated.
NOD32's Control Center -> Update -> Update NOW

For now , open Start-Programs-ESET-NOD32 ,
make sure you configure it correctly as shown here www.wilderssecurity.com/showpost.php?p=766371&postcount=6
and
perform full Scan & Clean

It would be really good if you do it in Safe Mode
How to boot your computer in SAFE MODE
Do this by repeatedly typing F8 while Windows is starting before
Windows logo appears.
Then you'll open the Windows Advanced menu where you can choose to boot
the hard drive in SAFE MODE

 

Just got this e-mail from Snort about an update they had for IPCop (I've been fiddling with this as my router/firewall at home with Copfilter).

"Microsoft Security Bulletin MS06-024
Windows Media Player is vulnerable to a stack based buffer overflow condition that can be exploited by an attacker via a PNG image with a large chunk size.

Rules to detect attacks against this vulnerability are included in this rule pack and are identified as sids 6688 through 6701."

Anyways..the recent MS update for the PNG overflow.

 

Off topic, but if you've been fiddling with Copfilter for IPCop, take a look at

Endian Firewall. It has much of IPCops addons integrated.

http://www.efw.it/