Strange NOD32 Behavior

Discussion in 'ESET Smart Security' started by DrFix, Feb 3, 2012.

Thread Status:
Not open for further replies.
  1. DrFix

    DrFix Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    20
    Hi,
    everyday NOD32 pops-up telling me it bocked a connection:

    03/02/2012 18:25:57 HTTP filter file ~Link removed~ HTML/ScrInject.B.Gen virus connection terminated - quarantined NT AUTHORITY\NETWORK SERVICE Threat was detected upon access to web by the application: C:\Windows\SysWOW64\uniime32.exe.

    Yes, thanks NOD, but I scanned the whole system and it doesn't find any HTML/ScrInject.B.Gen virus.... so I really don't know what to do.

    It seems me to be the only one experiencing this sisutation... there's something opening a connection to a virus site but NOD doesn't help me finding WHHAT is opening the connection...
     
    Last edited by a moderator: Feb 3, 2012
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest uploading C:\Windows\SysWOW64\uniime32.exe to VirusTotal as it could be malware. If it is, copy & paste here the MD5/SHA1 hash of the file.
     
  3. DrFix

    DrFix Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    20
    Yes it's malware!!! 7 / 43

    Here is the sha
    4f8f2f9a848d658e07fbb1fa965f2a3d446fcb430952417821cb5acd5c196bcd

    What could I do now?
     
  4. future

    future Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    25
    Location:
    France
    It may be necessary to remove the link? :rolleyes:
     
  5. DrFix

    DrFix Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    20
    Ok, sorry...
    I'll rename the file but I don't think thath would be enough to remove the trojan...
     
  6. future

    future Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    25
    Location:
    France
    Thank you :) The reason is that some people can click on the link
     
  7. 2570windsor

    2570windsor Registered Member

    Joined:
    Feb 5, 2012
    Posts:
    2
    Location:
    United States
    So is ScrInject.b.gen a virus or not? According to microsoft.com Threat Encyclopedia it is an alias for the Trojan JS/BlacoleRef.A. Ever since I got hit with the ScrInject.B.gen (eset currently shows no infections) my machine has started acting crazy.
     
  8. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    do a scan with malwarebytes and/or hitman pro and see what they find.
     
Thread Status:
Not open for further replies.