Threat found

Discussion in 'ESET NOD32 Antivirus' started by Pato, Apr 18, 2008.

Thread Status:
Not open for further replies.
  1. Pato

    Pato Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    28
    The following came up and as it is the first I have received after using Node32 for some years I am not sure how to tackle it:
    Threat found
    Alert
    Object:
    E:\System Volume Information\_restore(6DED10A1-A7...\A0116173.exe
    Threat:
    a variant of Win32/AdInstaller application
    Comment:
    Event occurred on a file modified by the application:
    C:\WINDOWS\System32\svchost.exe. Please submit this object to ESET for analysis.
    Can someone explain what I should do about it please. How to I submit it to ESET?. I hit the 'Leave' button: should I hit the 'Delete' button?.
     
  2. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    That's a heuristic detection by ESET. Do this, locate the file and upload it here (to check if it's a false alarm or not). If it's not please purge your system restore.

    If you want to submit it to ESET, locate the file, put it in a password protected zip and e-mail it to samples(at)eset.com. Include the zip's password and this thread's URL in the e-mail body.

    thanatos
     
  3. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Anything "found" in the System Volume Information folder is being deleted from System Restore. In other words you (or NOD32) deleted the file ages ago, Windows backed it up in System Restore (SR) and now it's being deleted to make room for more files.

    The file is not active and is detected by NOD32. It's not infecting your PC, it's just being deleted from the SR folder. There is nothing more to do really as it's gone from your PC...
     
  4. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi!

    Submission of files detected as "a variant of" and "probably variant of" isn't necessary, because it's generic detection, not AH. Submit these files only if you know that it was false positive.

    Regards, Lukas
     
  5. Pato

    Pato Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    28
    Thanks for the info you have put my mind at rest as I certainly didn't know how to tackle it. Cheers.
     
  6. Pato

    Pato Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    28
    I appreciate your help. I wasn't sure how to submit the file to ESET although on this occasion I won't submit this file after reading some of the other replies. Cheers.
     
Thread Status:
Not open for further replies.