Threat Alert triggered on computer but nothing is there

Discussion in 'ESET NOD32 Antivirus' started by dsb3, Dec 30, 2010.

Thread Status:
Not open for further replies.
  1. dsb3

    dsb3 Registered Member

    Joined:
    Oct 15, 2010
    Posts:
    5
    Has anyone seen a threat alert but nothing is listed in the details of the log regarding the threat. The only thing i see is the threat column which says "is ok" and the information column which says "event occurred during an attempt to access the file". That is the only information that was reported. There was another machine that reported a threat but in the log it only shows what is listed below:

    Information
    Event occurred on a file modified by the application: C:\Program Files\Internet Explorer\iexplore.exe.

    Any help is greatly appreciated.
     
  2. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Are you using ESS or EAV? Maybe is a Firewall alert
     
  3. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    It is happening to a couple of my computers. Right after they updated to 5746.

    - Real-time file system protection
    - Event occurred during an attempt to access the file.

    Just using EAV so no firewall.

    It also is occurring on one of my servers and when it does it locks the server and I have to power it off/on to get it back up. Server was running just fine on 5745 and if I remove EAV server runs just fine as well.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please copy & paste here the entire line from the Threat log, not just the Information column.
     
  5. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    For me that is the entire line in the thread log. The only thing that is populated is the Information column.

    Entire line of the threat log for the XP SP3 computer having the issue:
    Name Threat Action Information
    Event occurred during an attempt to access the file.


    Entire line of the thread log for the 2003 server that locks up:
    Name Threat Action Information
    Event occurred on a new file created by the application: C:\Program Files\Omtool\OmtoolServer\Bin\OmWfcGFArchiveU.exe.
     
  6. dsb3

    dsb3 Registered Member

    Joined:
    Oct 15, 2010
    Posts:
    5
    This is happening on two computers so far.

    Computer #1
    XP sp2

    EAV 4.2.67.10 Virus Sig 5747

    Listed below is the entire line that is in the log.

    Name Threat Action Information
    Event occurred during an attempt to access the file.


    Computer #2
    XP sp2

    EAV 4.0.474 Virus Sig 5747

    Listed below is the entire line that is in the log.

    Name Threat Action Information
    Event occurred on a file modified by the application: C:\Program Files\Internet Explorer\iexplore.exe.
     
  7. knockknock

    knockknock Registered Member

    Joined:
    Oct 27, 2008
    Posts:
    5
    Good morning,

    I just experienced the same thing in our corporate environment, with a computer running Windows XP SP3.

    Same circumstances, it is currently on signature 5750 after doing an update from 5747.
     
  8. knockknock

    knockknock Registered Member

    Joined:
    Oct 27, 2008
    Posts:
    5
    Oh and were running ESET 3.0.695
     
  9. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    I'm continuing to get a lot of these throughout our enterprise. What's going on?

    Here are just a few examples all on different computers running XP SP3

    Module On-demand scanner - Threat Alert triggered on computer xxxxxxx: C:\WINDOWS\$hf_mig$\KB2079403\update\eula.txt contains.

    Module On-demand scanner - Threat Alert triggered on computer xxxxxxxx: Operating memory contains is OK.

    Module On-demand scanner - Threat Alert triggered on computer xxxxxxx: C:\WINDOWS\$hf_mig$\KB2443105\update\update.exe contains.

    Threat Alert triggered on computer xxxxxxxx: C:\WINDOWS\$hf_mig$\KB887472\update\update.ver contains.

    Threat Alert triggered on computer xxxxxxx C:\orant\ora9i\network\tools\images\Connect.gif contains.
     
  10. dsb3

    dsb3 Registered Member

    Joined:
    Oct 15, 2010
    Posts:
    5
    I am still having issues with this on more computers now.
    Listed below are some more examples:

    Computer #3
    XP SP3
    EAV 4.0.437 vir sig 5754
    Name Threat Action Information
    Event occurred during an attempt to access the file.


    Computer #4
    XP SP2
    EAV 3.0.672 vir sig 5757
    Name Threat Action Information
    Event occurred on a new file created by the application: C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe.

    Computer #5
    XP SP3
    EAV 3.0.672 vir sig 5757
    Name Threat Action Information
    Event occurred on a file modified by the application: C:\WINDOWS\System32\DLA\DLACTRLW.EXE.
     
  11. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I've had a few systems do this sporadically since last week:

    All clients are updating definitions correctly and since this has spanned over 5 days it has occurred with multiple definition sets, but always on XP SP3 32-bit and 3.0.695 though that could easily just be because it is the bulk of our userbase.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Should the problem persist with the update 5759 or newer, let us know.
     
  13. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Code:
    Name	Threat	Action	Information
    	is OK		Event occurred during an attempt to access the file.
    
    I also have been getting these on our corporate network since the start of the year.

    Will be nice to get an explanation why these where classified as threat or where the false positives from a batch up virus signatures release?

    An explantion will help in answering our clients why these warning where triggered.

    Thanks.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's most likely related to this problem. Should you still be getting these alerts, let us know.
     
  15. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Here's one that just happened:

    Code:
    19/01/2011 12:20:16 - During execution of Update on the computer somelaptop, the following warning occurred: An error occurred while downloading update files.
    and machine...
    Code:
    Column Name	Value
    Client Name	somelaptop
    Computer Name	somelaptop
    MAC Address	f04da2bba698
    Primary Server	someserver
    Domain	dsi_group.com
    IP	10.x.x.x
    Product Name	ESET NOD32 Antivirus BUSINESS EDITION
    Product Version	4.2.64
    Policy Name	Default Primary Clients Policy
    Last Connected	2011-01-19 12:19:19
    Protection Status Text	
    Virus Signature DB	5795 (20110117)
    Last Threat Alert	
    Last Firewall Alert	
    Last Event Warning	An error occurred while downloading update files.
    Last Files Scanned	2
    Last Files Infected	0
    Last Files Cleaned	0
    Last Scan Date	2011-01-17 14:17:42
    Restart Request	
    Restart Request Date	
    Product Last Started	2011-01-19 08:18:51
    Product Install Date	2011-01-17 11:32:51
    Roaming User	
    New Client	Yes
    OS Name	Windows 7 Professional 6.1.7600
    OS Platform	Microsoft Windows
    HW Platform	32-bit
    Configuration	Ready (3 hours ago)
    Protection Status	Ready (4 hours ago)
    Protection Features	Ready (2 days ago)
    System Information	Ready (3 hours ago)
    SysInspector	No Data
    Custom Info	
    Comment	
    
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's a completely different problem than the one discussed in this thread. Your error means that the update download failed for some reason (probably due to a problem with connectivity or an update server).
     
Thread Status:
Not open for further replies.