Virus in NOD cache

Discussion in 'NOD32 version 2 Forum' started by Oddbod, Aug 9, 2005.

Thread Status:
Not open for further replies.
  1. Oddbod

    Oddbod Guest

    Hi.

    Im a NOD user & tried out the new KAV online scanner, durring the scanning it finds viruses in the Eset chache folder

    Screenshot
    http://img198.imageshack.us/img198/8491/kavonline8lt.jpg

    Any ideas as to why this is reported by KAV & not by NOD? Is it a FP?

    This is on XP SP2 with all updates, NOD 2.50.25

    TIA
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    NOD will place any file that is ready for submission in the cache folder and send it when it can or during updates.
    Files that you quarantine will be placed in the eset/infected folder.

    However I'm quite surprised KAV detected anything, because those files are encrypted...
     
  3. Oddbod

    Oddbod Guest

    Hi Brian.

    Thanks for replying, when i did the online KAV scan there was nothing in NOD's quarantine section, thats why i was a bit suprised when KAV flagged it.

    Is it safe to delete the cache file?

    TIA
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    No, do not delete them. Rather than that, go to the NOD32 Control Center - NOD32 System Tools - NOD32 System setup - ThreatSense.Net - Advanced settings - Submission and click Submit now. After the files have been submitted for analysis, they will be removed automatically.

    BTW, some other AVs flag IRC clients as suspicious because they can be easily expoited by malware. However, the clients themselves are not malicious.
     
  5. Clifton

    Clifton Guest

    Isn't KAV just amazing. Now it can even detect viruses which are encrypted.
     
  6. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Becareful from the false positives :D
     
  7. Oddbod

    Oddbod Guest

    Thanks folks.

    I knew the mirc was just KAV flagging it because i told it to use the extended databases. I have the threatsense option disabled but have enabled it once to send those files to Eset.

    This was the file it was flagging Time

    Module Object Name Threat Action User Information
    25/07/2005 20:10:08 IMON file h**p://7*.9.2*4.1*6/vc3_05b.exe a variant of Win32/TrojanDownloader.Zlob.G trojan OLDGIT\****

    Thanks.
     
  8. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Take a look here ...
     
  9. Oddbod

    Oddbod Guest

    Thanks for the link, some good reading there.

    I didnt execute the file, IMON picked it up & stopped any access to it, i did a check for the reg keys it creates but there not on my system.
     
  10. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    I've seen this since 4 months ago.
     
Thread Status:
Not open for further replies.