"TrojanDownloader.Agent.NAB"

Discussion in 'NOD32 version 2 Forum' started by hasit, Oct 12, 2006.

Thread Status:
Not open for further replies.
  1. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    hello all,

    i had just opened the website h[I]tt[/I]p://nsl-school.org and my system got infected with "TrojanDownloader.Agent.NAB".

    I did not get nod32 warning message.

    i could not open my task manager

    i could not edit my registry

    can you tell me what is wrong? and how can anyone prevent this? and how to remove "TrojanDownloader.Agent.NAB" o_O

    NOD32 was already installed when i had opened this website, still i had faced this problem, can anyone tell me why?
     
    Last edited by a moderator: Oct 12, 2006
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    NOD32 doesn't flag anything within that site, and I clicked on everything :blink: ;) nor does Online Armor growl, or Regdefend, so I'm not sure what is going on.

    Cheers :D
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Dr.Web extension for Firefox pops up with this
     

    Attached Files:

  5. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    Wow, thats nice of you to findout that its a javascript. do you think nod32 can fight this torjan easily? pls. advice.
     
  6. Nunes

    Nunes Registered Member

    Joined:
    Apr 4, 2006
    Posts:
    103
    Location:
    AMADORA,Portugal
    These one is from the page of exploit prevention labs about this page.
     

    Attached Files:

  7. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    hi,
    i've took a look at the source of this web page. the page contain two vbs scripts that try to download two differents files from that web site. i manually download both files. nod32 detected the files as autoit.ab and killav. so, if you've nod32 up-to-date, there's no danger.
    the vbs scripts downloaders aren't detected, however the downloaded things are detected.
    anyway i'll submit the downloaders in order to have an extra protection.
    i recommend delete the page as this contain malware :)
     
  8. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    update: malicious downloaders codes are also detected by nod32. great work :thumb:
     
  9. ASpace

    ASpace Guest

    Great job !

    Sir_Carew , can you say how does NOD detect them , the names ? Thanks a lot ! :thumb:
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for that sir_carew.

    Cheers :D
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    thx sir_carew for letting us know it. ;) NOD32 doing its job as always. :D
     
  12. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    The malware names that NOD32 detected are the following:

    1. HTML/TrojanDownloader.Agent.NAB trojan
    2. Win32/KillAV.NBE trojan
    3. Win32/Autoit.AB trojan

     
  13. ASpace

    ASpace Guest


    Thank you , sir_carew ! :D
     
Thread Status:
Not open for further replies.