Troj/VB-ABA?

Discussion in 'NOD32 version 2 Forum' started by Tobe404, Aug 1, 2006.

Thread Status:
Not open for further replies.
  1. Tobe404

    Tobe404 Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    10
    Location:
    South Australia, Australia
    Maybe this isn't the right spot, but anyway... It concerns Nod32 and Sophos.

    Here is a screen shot to explain what Sophos AV picked up...

    http://img98.imageshack.us/img98/5900/trojjvbabako7.th.jpg
    Confuising thing is, no other AV product that I have tested has picked up this virus (Nod32, with all extra settings), Kaspersky, Avira, Bit Defender, etc).

    And I did a google search and couldn't find anything about this virus.

    So do you think it's a false posative?

    Since Nod32 is the main AV app I've been using for ages, it's worrying me that it (or any other AV product I tested for that matter) didn't pick up this troijan.

    Also, while I'm here... How long does it take you guys to normally scan your hard drives with Nod32. It seems to take a long time on mine, usually between 1 - 1 and a half hours. Mind you, that is with EVERY setting enabled.

    Thanks in advance for any information anyone can provide about these issues.

    - Toby.
     
    Last edited by a moderator: Aug 1, 2006
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Hmmm... It looks to me like those trojan files are located in the System Restore folder, which NOD32 normally does not scan, if I am not mistaken? Besides I doubt the trojan files are "active", since it is only located there and not elsewhere in your system? (Never seen a trojan running from a System Restore folder before.)

    Try to disable System Restore, then re-enable it again to clean out those trojan files (but remember that you will lose all previous restore points).

    EDIT: It would be interesting if you could navigate to this folder (type the full path into your explorer or copy it from the Sophos logs), move (cut/paste) the file into another folder that you would normally have access to, and try to upload it to Jotti's malware scan or VirusTotal
     
  3. Tobe404

    Tobe404 Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    10
    Location:
    South Australia, Australia
    Hi kjempen,

    Thanks for your reply.

    I have tried turning off system restore, restarting, turning it back on... didn't work.

    The only thing I can think of now is leaving system restore off while doing a scan with Nod32 and Sophos. And also trying scans in safe mode. Hopefully that works.

    Thanks for you help anyway.

    PS: As I undestand it, I thought Nod32 did scan the system restore folder? But I could be wrong. And how long does it normally take you to scan your computer with Nod32, if you don't mind me asking? I'm interested to know, cause' I don't think it should take my Nod32 1 1/2 to scan my 80GB HD.
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Tobe404, NOD32 does scan your system restore folder. Turning it off may solve the problem and I also suggest you to let it off. ;)
    Perhaps it's just a FP. NOD32 scan very fast but this may depend from one PC to another. ;)
     
  5. KingKull

    KingKull Registered Member

    Joined:
    Jun 28, 2006
    Posts:
    20
    Location:
    New Jersey,USA
    @Tobe404,
    NOD32 takes about 40-50 minutes on my machine, with a 120 gig drive.
     
  6. ASpace

    ASpace Guest

    For any file you doubt , you can use VirusTotal . This is free service which allows you to scan a suspected file for any kind of malware using a lot of reputable antivirus programs with the latest definitions . If you use settings by default , VirusTotal will fast distribute the sample to every vendor with detects NO VIRUS in it . The sample will be analyzed and if there is something , it will be soon added .

    The same applies to send a suspected file directly to ESET labs
    samples@eset.com


    Make sure your NOD32 settings are applied to maximum
    https://www.wilderssecurity.com/showthread.php?t=37509

    Also , you may have a loot at these:
    http://www.microsoft.com/protect
    http://www.eset.sk/en/support/viruses
    http://www.eset.sk/en/support/infiltration-detected-what-should-i-do



    Regards!
    HiTech_boy
     
Thread Status:
Not open for further replies.