Where does Win32/injector.AWI trojan install its files?

Discussion in 'ESET NOD32 Antivirus' started by metalalbert, Mar 12, 2010.

Thread Status:
Not open for further replies.
  1. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I just accidentally clicked on a link in MSN and NOD32 presented me with an alert window the Win32/injector.AWI trojan virus was trying to access my computer. I also got a window asking me if I wanted to install a file, which I of course didn't.

    Now I'm very cautious about viruses because I got hacked twice so I'm running a smart scan right now, but to be sure I also always check what files a certain virus installs if I suspect there's a virus on my computer. I'm not able to find this info on the ESET site though, so what I really would like to know is where I can find this info?

    Could somebody point me in the right direction?
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    This trojan is currently detected by ESET's virus signature database.

    Try running a scan in safe mode, please post back your findings.
     
  3. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I did a full system scan in Safe Mode and came up clean.

    Guess the virus didn't install itself after all :)

    But yeah, I'd still like to know where I can find info about viruses on the ESET website. I used Norton for a long time and I could visit their website, type in a virus name and the website would show me a page which not only told me how the virus was known by other virus scanners, but also what files the virus installed and where it installed them, and how to get rid of the virus manually. They offered a lot more info as well.

    I hope ESET has something similar?
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks for advising that you are clean. :thumb:

    You may use the ESET Threat Encyclopaedia here
     
  5. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    I would check for rootkits. I had some injector variants leave behind a rootkit that hides from the API inside the system32\drivers, along with make reference to a registry setting in hklm\software\microsoft\currenversion\fci
     
  6. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    That registry key does not even exist in my registry. I think it has to be hklm\software\microsoft\windows\currentversion\fci? Fci does not exist there though. I'm using XP by the way, if that makes any difference.

    I assume with hklm you mean HKEY_Local_Machine?

    Also, NOD32 showed in the logs the connection to the file trying to install the trojan was shut down. I also got a window asking if I wanted to install something and I clicked Cancel on that one. So, I don't think anything was installed. My system also isn't behaving different than before. So yeah, don't think something's wrong on my computer.
     
    Last edited: Mar 15, 2010
Thread Status:
Not open for further replies.