Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not sure if this goes here, but I've been wondering for quite a long time about one detection by NOD32.


  • Please log in to reply
No replies to this topic

#1 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:48 AM

Posted 29 June 2010 - 02:46 PM

Hi folks,
I can still remember the date to this day. In early January, I was helping a guy who was once my friend rebuild his brutally and viciously attacked and practically torn-down, server. In the process, I had used the web drive FTp client to help him retrieve some content he needed. There were other things on the accessed fileserver, and I wonder if they could have been the cause of this strange, but never fully understood, phenomenon? A few months later, February 23, 2010, in fact, I bought a subscription to NOD32, and it wasn't until a scan on March 3, 2010, that this happened. I awoke to a list of threats that had been discovered supposedly on my computer. NOD said that it could only delete and quarentine them, which was the option I chose, but the real question is where in the world did this one particular one come from? NOD32 called it TrojanDownloader:Win32/Delf.NZL. I can see that being something since Eset has a few descriptions of the Trojan.Delf family in their encyclopedia. But where the file was located According to NOD makes me wonder if both threats in the list were false positives since one of them had a .txt extension. The trojan downloader was located in my web drive cache folder. Strange, isn't it? Why would a trojan bury itself in my cache since a cache is only meant to be a snapshot, and none of the files inside are ever active? And not to mention, since NOD had scanned prior to then, why hadn't it seen those files before? I know for sure that everything's fine now since I've been getting clean scans like every time now, but I still wonder about this.

Chromebuster

Edited by chromebuster, 29 June 2010 - 02:48 PM.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users