Virus in NOD cache

Discussion in 'NOD32 version 2 Forum' started by Oddbod, Aug 9, 2005.

Thread Status:
Not open for further replies.
  1. Oddbod

    Oddbod Guest

    Hi.

    Im a NOD user & tried out the new KAV online scanner, durring the scanning it finds viruses in the Eset chache folder

    Screenshot
    http://img198.imageshack.us/img198/8491/kavonline8lt.jpg

    Any ideas as to why this is reported by KAV & not by NOD? Is it a FP?

    This is on XP SP2 with all updates, NOD 2.50.25

    TIA
     
    Oddbod, Aug 9, 2005
    #1
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    NOD will place any file that is ready for submission in the cache folder and send it when it can or during updates.
    Files that you quarantine will be placed in the eset/infected folder.

    However I'm quite surprised KAV detected anything, because those files are encrypted...
     
    Brian N, Aug 9, 2005
    #2
  3. Oddbod

    Oddbod Guest

    Hi Brian.

    Thanks for replying, when i did the online KAV scan there was nothing in NOD's quarantine section, thats why i was a bit suprised when KAV flagged it.

    Is it safe to delete the cache file?

    TIA
     
    Oddbod, Aug 9, 2005
    #3
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    No, do not delete them. Rather than that, go to the NOD32 Control Center - NOD32 System Tools - NOD32 System setup - ThreatSense.Net - Advanced settings - Submission and click Submit now. After the files have been submitted for analysis, they will be removed automatically.

    BTW, some other AVs flag IRC clients as suspicious because they can be easily expoited by malware. However, the clients themselves are not malicious.
     
    Marcos, Aug 10, 2005
    #4
  5. Clifton

    Clifton Guest

    Isn't KAV just amazing. Now it can even detect viruses which are encrypted.
     
    Clifton, Aug 10, 2005
    #5
  6. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Becareful from the false positives :D
     
    Stephanos G., Aug 10, 2005
    #6
  7. Oddbod

    Oddbod Guest

    Thanks folks.

    I knew the mirc was just KAV flagging it because i told it to use the extended databases. I have the threatsense option disabled but have enabled it once to send those files to Eset.

    This was the file it was flagging Time

    Module Object Name Threat Action User Information
    25/07/2005 20:10:08 IMON file h**p://7*.9.2*4.1*6/vc3_05b.exe a variant of Win32/TrojanDownloader.Zlob.G trojan OLDGIT\****

    Thanks.
     
    Oddbod, Aug 10, 2005
    #7
  8. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Take a look here ...
     
    Smokey, Aug 10, 2005
    #8
  9. Oddbod

    Oddbod Guest

    Thanks for the link, some good reading there.

    I didnt execute the file, IMON picked it up & stopped any access to it, i did a check for the reg keys it creates but there not on my system.
     
    Oddbod, Aug 10, 2005
    #9
  10. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    I've seen this since 4 months ago.
     
    DonKid, Aug 10, 2005
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...