Trojan.Generic.341900

Discussion in 'ESET NOD32 Antivirus' started by jedi_m, Oct 24, 2008.

Thread Status:
Not open for further replies.
  1. jedi_m

    jedi_m Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    93
    Location:
    Toronto, Canada
    Hi guys,

    With NOD32 v3 latest build and Spy Sweeper on my XP Pro and everything apparently working fine, I decided to run an Online Scan with Bitdefender, just to make sure everything it's OK and I found Trojan.Generic.341900 residing in C: System Volume Information. Was deleted by BitDefender Scaner, I guess I'm clean now, but now I'm questioning ESET, it is normal for NOD32 to miss this Trojan? It's not considered malware? I'm a little confused. Can somebody give me a clue?

    Thanks,
     
  2. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    it is normal that AV missed sometimes... pls send the sample to samples[at]ese.com ... zipped and password : infected
     
  3. jedi_m

    jedi_m Registered Member

    Joined:
    Jan 28, 2008
    Posts:
    93
    Location:
    Toronto, Canada
    Thanks a lot cupez80, but the file was deleted during Scan by BitDefender.
    After that I did scan with my NOD32 and also a cleaning and scan registry with CCleaner, so the file is gone. I google it, but not much info about this.
     
  4. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    System Volume Information is the folder used by System Restore. SR tends to backup up viruses when they are removed by antivirus software. The files there are safe and can't infect you PC unless you use SR and restore the files (at which point ESET would detect it again and remove it). The chances are ESET detected and removed the trojan originally some time back but it's ignoring the System Volume Information folder (as some anti virus do) to avoid false alerts and confussion.
     
  5. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello, when file was detected as "generic", then it could be a false positive. The best would be, if you have got a sample.
     
Thread Status:
Not open for further replies.