Received high suspicious files, didn´t execute them but Eset has warnings

Discussion in 'ESET Smart Security' started by Rubix, Apr 24, 2009.

Thread Status:
Not open for further replies.
  1. Rubix

    Rubix Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    16
    Hi,

    that´s right received 4 high suspicious file (scanned with virus total see ~Snip. VT images removed per Policy~) , pretty sure didn´t execute them but Eset now has warnings like this when today start windows xp sp3:

    4/20/2009 5:14:05 PM Real-time file system protection file F:\Documents and Settings\Dontcare\Desktop\server.exe probably a variant of Win32/PSW.Agent trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: F:\WINDOWS\Explorer.EXE.
    4/20/2009 5:13:09 PM Real-time file system protection file F:\WINDOWS\Temp\server.exe probably a variant of Win32/PSW.Agent trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: F:\WINDOWS\Explorer.EXE.
    4/20/2009 5:02:37 PM Real-time file system protection file F:\WINDOWS\TEMP\server.exe probably a variant of Win32/PSW.Agent trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: F:\WINDOWS\system32\WgaTray.exe.
    4/20/2009 5:02:27 PM Startup scanner file F:\WINDOWS\system32\WgaTray.exe probably a variant of Win32/PSW.Agent trojan unable to clean DONTCAREPC\Dontcare

    Could it be coincidence?
     
    Last edited by a moderator: Apr 24, 2009
  2. Rubix

    Rubix Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    16
    Anyone? if one don´t execute the files there´s no problem right?
     
  3. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Hopefully you've done a Google Search for the key parts of the suspected strings; the last one (ie) (system32\WgaTray.exe) has to do with Windows declaring that your Windows OS is not Genuine and it offers a Link to learn the particulars (it's in my system). I would think that's a False Positive and I don't recall how to Send it in so ESET can Correct it. Someone will tell you (if I'm right that it's a FP).

    Do a Google Search for the other Strings and see what you learn until others clarify for either you or me.
     
  4. Rubix

    Rubix Registered Member

    Joined:
    Feb 9, 2009
    Posts:
    16
    Just to know better why am i infected if i didn´t executed the files/virus?

    someone please answer
     
  5. eisefr

    eisefr Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    153
    Location:
    Germany
    It doesnt need always a double click to execute a file... ;)
     
  6. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    looks like you run it. quick google shows user input. oops.
     
Thread Status:
Not open for further replies.