TrojanClicker.Xone.A trojan in my System restore

Discussion in 'NOD32 version 2 Forum' started by Kryspy, Oct 12, 2006.

Thread Status:
Not open for further replies.
  1. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Hi,

    Okay, so nod32 has finally failed me. During a scan nod32 found this but didn't get rid of it.

    I turned off system restore in Vista and deleted the restore points except the most current' just like in XP.

    Using the scan and clean option all I get is a box when it finds the file and gives me the option to leave alone? I eventually used Kaspersky 6 in a semi- crippled state to get rid of it which it did.

    Has nod32 failed me or am I missing an option in nod32? Either way, if so then Kaspersky may get the money in November whne my license is up. No antivirus should require a PHD to get rid of a trojan.

    Am I missing an option? I have nod32 set up using Blackspears settings.

    Kryspy
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    It's not compatible with Vista yet. So of course you'll get infected by nasties.
    It's the same as if I used a W98 designed firewall on XP... No way it's gonna work prorperly....
     
  3. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Brian N

    I'd say off hand you are giving them an excuse as Kaspersky manged to remove the infection.

    ~snip....removed un-necessary remark....Bubba~

    We can all say that it is the fault of Vista but XP and Vista do not differ all that much. Vista let me install the XP version with the comaptability engine turned off.

    Whether it be a virus or a trojan if it is coming in nod32 should identify it before it integrates with the OS or kernel.

    Let's give this another try.

    Kryspy

    P.S. Your firewall analogy is flawed as there would be a different version for 98 then XP/2000/Vista.
     
    Last edited by a moderator: Oct 12, 2006
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You just answered your own question. Just think AV instead of firewall.
     
  5. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Hahahaha,

    No, Vista is still NT kernel based; like Windows 2000 and XP.

    Care to try again?

    Kryspy
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You don't really need help, so why are you posting in a support forum?
    What's your point?
     
  7. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Umm,

    I do. You have failed to answer the question; only gave your two cents and made excuses for ESET.

    Unless you work for ESET and have first hand knowledge of the coding and therefore know that this file being missed is somehow tied to Vista then don't answer at all.

    Is there an option in nod32 that I am missing and therefore the reason why it is only giving me the option to leave the file. This has occured once before as well..... in XP.

    Kryspy
     
  8. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Both Eset and Microsoft categorize NOD32 2.5 to be incompatible with Vista, so any protection you get with 2.5 should be considered a "bonus", not a requirement. Eset is working on a version 2.7 that will be officially compatible with Vista.

    In the meantime... my understanding is that the definition for this trojan was added in Update 1.1746, 2006-09-08. Try checking through your Threat Logs. Is there any mention of this file at all?
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If you have NOD32 setup as per the Tutorial, then there are no options that will ask you to do anything; NOD32 will simply deal with the file.

    Blackspear.
     
  10. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Blackspear,

    I set it up exactly as per your instructions and used the commandline:

    /local /adware /ah /all /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /ntfs+
    /pack+ /quarantine /scanboot+ /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /wrap+

    Thanks for your input

    Kryspy
     
    Last edited by a moderator: Oct 12, 2006
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Please post the log and I'll have a look. I'm wondering why the file wasn't dealt with in the first place, before it got to the point where a commandline scan was run.
     
  12. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Blackspear,

    Wish I had it to give; but since I had to uninstall nod32 to install Kaspersky ot irradicate the trojan it is now gone.

    I am back to using nod32 again but I am at a loss as to how it got through.

    Thanks again,

    Kryspy
     
  13. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Do you have any idea if the trojan was its own file, or was it found within some sort of archive file (.zip, .rar., .cab, ...)?
     
  14. Kryspy

    Kryspy Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    43
    Location:
    Ontario, Canada
    Believe it was found within a file... I think it was ieWin.exe

    Kryspy
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    As you no longer have the logs, nor the file, and this is Vista (a BETA piece of software) that we are talking about, there really isn’t anything that can be reproduced in terms of seeing what exactly happened.

    Nothing more can be said on the subject as anything further is pure speculation and as such we'll draw this thread to a close.

    Blackspear.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    To my best knowledge, trojan clickers basicly open certain websites continually to increase the number of hits.
     
Thread Status:
Not open for further replies.