Trojan-Spy.Lindra not detected by Nod32 but detected by Spyware Doctor

Discussion in 'ESET NOD32 Antivirus' started by clarence77, May 21, 2008.

Thread Status:
Not open for further replies.
  1. clarence77

    clarence77 Registered Member

    Joined:
    May 21, 2008
    Posts:
    2
    Out of curiosity I downloaded Spyware Doctor starter pack from Google due to its great review from PC Mag. I scanned my computer using it and it turns out that there is a trojan in my computer that nod32 v3 didn't detect. Here's the report from Spyware Doctor quarantine:

    Trojan-Spy.Lindra-Low
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS#ServiceDLL
    A malicious application that attempts to steal passwords, login details and other confidential information.

    I didnt know how this happened. My Nod32 always updates almost hourly, I have Comodo Personal Firewall with HIPS on and Threatfire. I scan regularly with Indepth scan with Nod32 and Theatfire. The three of them didn't show any keylogging activity at all.

    Due you advise that I should change all my passwords now? Thanks.

    Clarence
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You've mentioned a reference to a registry key, but not file. Please send a log from ESET SysInspector (downloadable from ESET's website) along with any suspicious files you might have found to samples[at]eset.com with this thread's url enclosed.
     
  3. clarence77

    clarence77 Registered Member

    Joined:
    May 21, 2008
    Posts:
    2
    I noticed that too actually in the result of the scan. There really was no file detected, only a registry key. There is also no file in the quarantine. Can a registry key by itself log and send data on the internet like the description from Spyware Doctor says?

    I think this is more like a false positive on SD's side. Thanks.
     
  4. Wyrd

    Wyrd Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    14
    Probably, this is a false positive. I had a similar case, when Spyware Doctor removed a reg key for my DVD software, simply due to its name matching the name a Trojan program assumes occasionally. I'd go by deleting that key and rescanning everything.
     
Thread Status:
Not open for further replies.