Strange NOD32 Behavior

Discussion in 'ESET Smart Security' started by DrFix, Feb 3, 2012.

Thread Status:
Not open for further replies.
  1. DrFix

    DrFix Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    20
    Hi,
    everyday NOD32 pops-up telling me it bocked a connection:

    03/02/2012 18:25:57 HTTP filter file ~Link removed~ HTML/ScrInject.B.Gen virus connection terminated - quarantined NT AUTHORITY\NETWORK SERVICE Threat was detected upon access to web by the application: C:\Windows\SysWOW64\uniime32.exe.

    Yes, thanks NOD, but I scanned the whole system and it doesn't find any HTML/ScrInject.B.Gen virus.... so I really don't know what to do.

    It seems me to be the only one experiencing this sisutation... there's something opening a connection to a virus site but NOD doesn't help me finding WHHAT is opening the connection...
     
    Last edited by a moderator: Feb 3, 2012
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,416
    I'd suggest uploading C:\Windows\SysWOW64\uniime32.exe to VirusTotal as it could be malware. If it is, copy & paste here the MD5/SHA1 hash of the file.
     
  3. DrFix

    DrFix Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    20
    Yes it's malware!!! 7 / 43

    Here is the sha
    4f8f2f9a848d658e07fbb1fa965f2a3d446fcb430952417821cb5acd5c196bcd

    What could I do now?
     
  4. future

    future Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    25
    Location:
    France
    It may be necessary to remove the link? :rolleyes:
     
  5. DrFix

    DrFix Registered Member

    Joined:
    Nov 11, 2009
    Posts:
    20
    Ok, sorry...
    I'll rename the file but I don't think thath would be enough to remove the trojan...
     
  6. future

    future Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    25
    Location:
    France
    Thank you :) The reason is that some people can click on the link
     
  7. 2570windsor

    2570windsor Registered Member

    Joined:
    Feb 5, 2012
    Posts:
    2
    Location:
    United States
    So is ScrInject.b.gen a virus or not? According to microsoft.com Threat Encyclopedia it is an alias for the Trojan JS/BlacoleRef.A. Ever since I got hit with the ScrInject.B.gen (eset currently shows no infections) my machine has started acting crazy.
     
  8. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    do a scan with malwarebytes and/or hitman pro and see what they find.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.