Post title modified

Discussion in 'ESET NOD32 Antivirus' started by skrag, Jul 6, 2010.

Thread Status:
Not open for further replies.
  1. skrag

    skrag Registered Member

    Joined:
    Jul 6, 2010
    Posts:
    2
    I have NOD32 Antivirus, 4.2.40.0, fully updated.

    The assault started today - every time I connect to the internet, NOD32 blocks an attack every few seconds, coming up with this message:


    -------------------------------------------------------------------

    Object: ~Link removed~

    Threat: a variant of Win32/Peerfrag.FU worm

    Information: connection terminated - quarantined

    -------------------------------------------------------------------


    I did a full system scan using NOD32, it came up with nothing.

    Has anyone here seen this before? Is there a way of stopping these attacks completely? I know I can stop the error messages from appearing, but these attacks seem to be slowing my internet speed to a crawl.

    Any help would be appreciated.
     
    Last edited by a moderator: Jul 6, 2010
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,772
    Location:
    Texas
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    depends when it happens

    on outbound your machine would be compromised and NOD should not only detect the malicious connection but also the culprit

    on inbound the address your machine trying to connect to would perhaps be compromised with malicious code, that would be the same address again and again - any indication of that?

    you may also try prevx, does not give real time protection in trial mode, but you can run a full scan see if it comes up with something. if you machine got infested already recommend to use the download link 'Download NowMalware infecting you now?
    Download a randomized filename' from here http://info.prevx.com/downloadcsi.asp
     
    Last edited: Jul 6, 2010
  4. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    it does not sound like that the culprit is known to the user, a bit difficult to submit something in that case
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,772
    Location:
    Texas
    Eset has access to the information.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,772
    Location:
    Texas
    Good info Randy. :)
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks, Ron :) Always willing to help, where I can.
     
  9. skrag

    skrag Registered Member

    Joined:
    Jul 6, 2010
    Posts:
    2
    Ah, filesharing huh...

    Anyway, thanks for the info. I fixed the problem by running Malwarebytes' Anti-Malware program. :thumb:
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    To the best that I can determine, file sharing aka file sharing was, is the delivery method for this particular worm.

    You should also consider the additional options for infected machines although MBAM has given you a green light.

     
Thread Status:
Not open for further replies.