Trojan Downloader

Discussion in 'NOD32 version 2 Forum' started by Benvan45, May 10, 2006.

Thread Status:
Not open for further replies.
  1. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    8-5-2006 22:37:15 AMON E:\Recycled\De8.dll Win32/TrojanDownloader.Zlob.MP trojan

    This file is detected by Amon and according to the warning: "Placed in quarantine as 'deleting' is not available as action for this type of object. The file is moved to quarantine!"

    But when I go to the map Quarantine, there's no such file.
    I am not very happy with this message, as I think, that Nod should deal with this. What to think of this detection when it's not being put in Quarantine?
    Anybody any idea?

    This is the Dutch message:

    Tijd Module Object Naam Bedreiging Actie Gebruiker Informatie
    8-5-2006 22:37:15 AMON bestand E:\Recycled\De8.dll Win32/TrojanDownloader.Zlob.MP trojan In quarantaine geplaatst - verwijderd - fout tijdens Schonen - actie is niet beschikbaar voor dit type object BEN\bf Gebeurtenis opgetreden op een bestand dat nieuw is aangemaakt door de applicatie E:\Program\Totalcmd6.54\TOTALCMD.EXE. Het bestand is verplaatst naar quarantaine. U mag dit venster sluiten.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Emptying recycle bin should do the trick.
     
  3. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thank you Marcos, but why doesn't Nod deal with this?
     
  4. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Anybody any idea why Nod does not either delete or put this in quarantine?
     
  5. ASpace

    ASpace Guest

    I am sorry ,I don't understand Dutch , only English , please ;)

    Update NOD32 .Make sure your NOD32 is correcly configured as shown in the attached image.
    Boot in Safe Mode.
    How to boot your computer in SAFE MODE
    Do this by repeatedly typing F8 while Windows is starting before
    Windows logo appears.Then you'll open the Windows Advanced menu where you can choose to boot the hard drive in SAFE MODE


    Perform full Scan & Clean of all hard drives

    Clean

    You can also use SpyBot Search and Destroy and Ad-Aware SE Personal to check for any other non-viral malware because Zlob trojan is cooperating with other stuff.This is recommended because these two are specifc anti-spyware utilities and they also check Windows Registry which is something essential. :)

    http://www.safer-networking.org/microsoft.en.html
    http://www.lavasoftusa.com/software/adaware

    All scan actions should be done in Safe Mode with System Restore turned off
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

    :D
     

    Attached Files:

  6. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thanks for your reply and I understand the action, but I don't understand why Nod32 does not do with this file what it says it has done.......putting it in Quarantine. I don't think this is right. I can go along with the fact it is not being treated as a virus, but it sure as hell is detected and according to the log, it was moved to Quarantine, but it has not!!!!
    That's my big puzzle.

    The other thing that bothers me........why should I have to go through a whole program of booting in safe mode etc. when Amon detects and logs this. Again, I appreciate the detection, but I also count on action, as stated in the virus log!!!!
     
    Last edited: May 11, 2006
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What happens if you set AMON to prompt you for an action if a threat has been found?
     
  8. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Adjusted the Amon settings to do so and I'll wait till the next detection, as the infections are removed by now!

    But don't you agree, that it is not right, that the detection is logged as being moved to quarantine.........but it isn't? Therefore I can't submit these files to Eset either.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Once it's been detected by a signature, we don't need it. The message is general and when an infected file is moved to recycle bin or temp. folder, it's not moved to quarantine.
     
  10. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Ok, that's clear, but I am still not happy with the overall result.

    Thanks for all the help and info!
     
Thread Status:
Not open for further replies.