Trojan Downloader

8-5-2006 22:37:15 AMON E:\Recycled\De8.dll Win32/TrojanDownloader.Zlob.MP trojan

This file is detected by Amon and according to the warning: "Placed in quarantine as 'deleting' is not available as action for this type of object. The file is moved to quarantine!"

But when I go to the map Quarantine, there's no such file.
I am not very happy with this message, as I think, that Nod should deal with this. What to think of this detection when it's not being put in Quarantine?
Anybody any idea?

This is the Dutch message:

Tijd Module Object Naam Bedreiging Actie Gebruiker Informatie
8-5-2006 22:37:15 AMON bestand E:\Recycled\De8.dll Win32/TrojanDownloader.Zlob.MP trojan In quarantaine geplaatst - verwijderd - fout tijdens Schonen - actie is niet beschikbaar voor dit type object BEN\bf Gebeurtenis opgetreden op een bestand dat nieuw is aangemaakt door de applicatie E:\Program\Totalcmd6.54\TOTALCMD.EXE. Het bestand is verplaatst naar quarantaine. U mag dit venster sluiten.

 

Emptying recycle bin should do the trick.

 

Thank you Marcos, but why doesn't Nod deal with this?

 

Anybody any idea why Nod does not either delete or put this in quarantine?

 

I am sorry ,I don't understand Dutch , only English , please

Update NOD32 .Make sure your NOD32 is correcly configured as shown in the attached image.
Boot in Safe Mode.
How to boot your computer in SAFE MODE
Do this by repeatedly typing F8 while Windows is starting before
Windows logo appears.Then you'll open the Windows Advanced menu where you can choose to boot the hard drive in SAFE MODE

Perform full Scan & Clean of all hard drives

Clean

You can also use SpyBot Search and Destroy and Ad-Aware SE Personal to check for any other non-viral malware because Zlob trojan is cooperating with other stuff.This is recommended because these two are specifc anti-spyware utilities and they also check Windows Registry which is something essential.

http://www.safer-networking.org/microsoft.en.html
http://www.lavasoftusa.com/software/adaware

All scan actions should be done in Safe Mode with System Restore turned off
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

 

Thanks for your reply and I understand the action, but I don't understand why Nod32 does not do with this file what it says it has done.......putting it in Quarantine. I don't think this is right. I can go along with the fact it is not being treated as a virus, but it sure as hell is detected and according to the log, it was moved to Quarantine, but it has not!!!!
That's my big puzzle.

The other thing that bothers me........why should I have to go through a whole program of booting in safe mode etc. when Amon detects and logs this. Again, I appreciate the detection, but I also count on action, as stated in the virus log!!!!

 

What happens if you set AMON to prompt you for an action if a threat has been found?

 

Adjusted the Amon settings to do so and I'll wait till the next detection, as the infections are removed by now!

But don't you agree, that it is not right, that the detection is logged as being moved to quarantine.........but it isn't? Therefore I can't submit these files to Eset either.

 

Once it's been detected by a signature, we don't need it. The message is general and when an infected file is moved to recycle bin or temp. folder, it's not moved to quarantine.

 

Ok, that's clear, but I am still not happy with the overall result.

Thanks for all the help and info!