Strange Happenstance

Hi
Something very strange happened recently with my NOD32. Oh I digress, let me establish my caveat here
I have NOD32 on my main PC and my laptop.. working fine... but something has occured which I thought I would share.
Got an email (hotmail) telling me that my order for a Sony Laptop was shipped. As I didn't order anything, that made me suspicious so I d/l the attachment to a floppy, it was xxxxx.zip.pdf. That alone told me something is wrong with the file, but I was brave.
I clicked the write protect tab on the floppy and double clicked. WOW..NOD went ballistic. Telling me that it had quarrantined the file from /documents/xxx (Win32/PSW.LdPinch.P trijan) and if I wanted to submit. Of course I said submit and it then told me I can close the window. I am thinking, great, it found a "baddie" and all is well.
Lo and beholf my OUTPOST pops up to say "9129837.exe" wants to establish a outboard connection. WT hell is going on...I don't remember that application, so I told OUTPOST to "block" all requests from this application.
(you can google the above file to get more information). OR go here http://www.avira.com/en/threats/section/fulldetails/id_vir/2867/tr_psw.small.bs.3.html and here http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_AGENT.FBB&VSect=Sn
I checked my startup lists and there it has a "ttool" being loaded by this "9xxxxxx.exe" file, located in %systemroot%/windows.
I used NOD to check, it came back clean.
I used Outpost to check, it came back clean.
I used The Cleaner to check, it came back clean.
I used SAS to check, it came back with identifying 9xxxxxx.exe as malware.
The question I have is this:
Why did my trusted friend NOD (after identifying the baddie) let it continue to be loaded?
Why didn't NOD, manual checking identify 9xxxxxx.exe as the baddie and offer to clean, delete or quarrantine the specific file?
NOD has stopped many "baddies" on both machines in the past, but this behaviour I find a bit strange.
Can any of the NOD gurus in here offer any constructive explanation?
Thanks
Cheers

 

Can you please navigate to the folder where this file is and submit it to ESET labs . Send an email with link to this thread , short description and the file attached . The address is samples@eset.com

In the mean time , open Start->Run->type msconfig->Press ENTER->navigate to "Start-up" tab and uncheck that suspected file from loading . Apply and OK

 

Hi HiTech_boy
Quote
Can you please navigate to the folder where this file is and submit it to ESET labs . Send an email with link to this thread , short description and the file attached . The address is samples@eset.com
End Quote
A trusted mod had advised me to do this, and it was done.

Quote
In the mean time , open Start->Run->type msconfig->Press ENTER->navigate to "Start-up" tab and uncheck that suspected file from loading . Apply and OK
End Quote
Done in addition to manually cleaning the registry of "hide-evr2.sys" and another location in HKCU. Also restoring the service for Security Center.
Thanks for your input, it is appreciated.
Cheers

 

You are welcome !

 

This could be a clue :-

Cheers

 

Hi NOD32 user
That was funny