Problems - eAmon module - web based Java Trojans

Discussion in 'ESET Smart Security v3 Beta Forum' started by rapierau, Jun 30, 2007.

Thread Status:
Not open for further replies.
  1. rapierau

    rapierau Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    15
    A problem exists in Vista that causes ESS to restart its kernal when a Java script Trojan is downloaded whilst looking at a web page.

    1/07/2007 4:55:26 AM eAmon
    file C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\SHJOURBI\EBMAIN_62_36[1].JS JS/Tivso.14a.gen trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
    Event occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.

    Faulting application ekrn.exe, version 3.0.137.0, time stamp 0x46803d01, faulting module ekrnEpfw.dll, version 3.0.137.0, time stamp 0x46803eaa, exception code 0xc0000005, fault offset 0x0003067e, process id 0x7bc, application start time 0x01c7b9bf4b92270e.

    The Eset Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Although ESS restarts as it is configured to do whilst deleting the file Im not sure what it would do in XP.

    Also logging in Vista/XP seems to be off by default and needs to be turned on, in that the logs will remain empty even after weeks of use. Note: This would make it hard for some users to determine what is going on and why if the lack of logging is not just restricted to my machine.

    Anybody.
     
    Last edited: Jun 30, 2007
Thread Status:
Not open for further replies.